hoodie🐴
LightNews LightNews
banner
hoodiepony.com
hoodie🐴
@hoodiepony.com
400 followers 990 following 190 posts
I'm a pony. Sometimes a cyber sherpa, and helping keep myself safe by helping other be cyber safe. Also sometimes breaks stuff and void warranties. 🏳️‍🌈 (they/them/it) Also, infosec.exchange/@hoodiepony Other Endpoints @ hello.unicorncyber.space
Posts Media Videos Starter Packs
hoodiepony.com
hoodie🐴 @hoodiepony.com · 1d
Just in time for KakaCon 🤣😉
Reposted by hoodie🐴
eva.computer
eva (^_^)/ @eva.computer · 7d
the Python Software Foundation is foregoing a large NSF grant that would have been contingent on their agreeing to terminate their diversity and inclusion initiatives and given the feds the ability to cripple them financially for refusing to comply

support them here:
www.python.org/psf/donations/
Monday, October 27, 2025 The PSF has withdrawn a $1.5 million proposal to US government grant program In January 2025, the PSF submitted a proposal to the US government National Science Foundation under the Safety, Security, and Privacy of Open Source Ecosystems program to address structural vulnerabilities in Python and PyPl. It was the PSF's first time applying for government funding, and navigating the intensive process was a steep learning curve for our small team to climb. Seth Larson, PSF Security Developer in Residence, serving as Principal Investigator (PI) with Loren Crary, PSF Deputy Executive Director, as co-Pl, led the multi-round proposal writing process as well as the months-long vetting process. We invested our time and effort because we felt the PS's work is a strong fit for the program and that the benefit to the community if our proposal were accepted was considerable. We were honored when, after many months of work, our proposal was recommended for funding, particularly as only 36% of new NSF grant applicants are successful on their first attempt. We became concerned, however, when we were presented with the terms and conditions we would be required to agree to if we accepted the grant. These terms included affirming the statement that we "do not, and will not during the term of this financial assistance award, operate any programs that advance or promote DEl, or discriminatory equity ideology in violation of Federal anti-discrimination laws." This restriction would apply not only to the security work directly funded by the grant, but to any and all activity of the PSF as a whole. Further, violation of this term gave the NSF the right to "claw back" previously approved and transferred funds. This would create a situation where money we'd already spent could be taken back, which would be an enormous, open-ended financial risk. In the end, however, the PSF simply can't agree to a statement that we won't operate any programs that "advance or promote" diversity, equity, and inclusion, as it would be a betrayal of our mission and our community. We're disappointed to have been put in the position where we had to make this decision, because we believe our proposed project would offer invaluable advances to the Python and greater open source community, protecting millions of PyPl users from attempted supply-chain attacks. The proposed project would create new tools for automated proactive review of all packages uploaded to PyPl, rather than the current process of reactive-only review. These novel tools would rely on capability analysis, designed based on a dataset of known malware. Beyond just protecting PyPl users, the outputs of this work could be transferable for all open source software package registries, such as NPM and Crates.io, improving security across multiple open source ecosystems.
2 56 140
hoodiepony.com
hoodie🐴 @hoodiepony.com · 7d
🧡💛💚💙🩵💜🤎🖤🩶🤍
python.org Python Software Foundation @python.org · 8d
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵
The official home of the Python Programming Language
www.python.org
4
Reposted by hoodie🐴
theregister.com
The Register @theregister.com · 7d
Signal president Meredith Whittaker says they had no choice but to use AWS, and that's a problem
Signal president Meredith Whittaker says they had no choice but to use AWS, and that's a problem
'The problem is the concentration of power in the infrastructure space that means there isn’t really another choice' Messaging service Signal may be unusual in its deployment of credible end-to-end encryption, but it shares a common availability vulnerability with many other internet services – dependence on Amazon Web Services (AWS).…
dlvr.it
13 21
Reposted by hoodie🐴
sailorrooscout.bsky.social
Chise @sailorrooscout.bsky.social · 9d
GOOD NEWS! A new cancer vaccine has shown progress in triggering POWERFUL and LASTING immune responses in patients with pancreatic AND colorectal cancer. The vaccine, known as ELI-002 2P, targets mutant KRAS proteins AND had a huge impact on PREVENTING or DELAYING cancer recurrence in patients.
38 1.2K 4.2K
Reposted by hoodie🐴
kenney.nl
Kenney @kenney.nl · 17d
I recently came across this pack of 1,200+ fonts, loved it, got in contact with the creators and I can now offer a 90% off (!) coupon for all Kenney friends!✨

itch.io/s/160768/fri...
12 100 380
hoodiepony.com
hoodie🐴 @hoodiepony.com · 8d
Yes! 1000%.
Especially something sooo costly.

Here's to hoping that there's a substantial penalty and enforcible undertaking to right things.
1
hoodiepony.com
hoodie🐴 @hoodiepony.com · 8d
Yess!!! Go ACCC!
We need to stop this bullshit "forced, more for more" practice.
1 1 4
hoodiepony.com
hoodie🐴 @hoodiepony.com · 9d
Nope! Just NOPE!!!
MS Teams will NOT have WiFi access on my Macbook.
2
Reposted by hoodie🐴
lookitup.baby
Ian Coldwater 📦💥 @lookitup.baby · 9d
a perfect CVSS 10 😍
cve.skyfleet.blue CVE Alerts @cve.skyfleet.blue · 9d
CVE-2025-12220 - Busybox 1.31.1 - Multiple Known Vulnerabilities
CVE ID : CVE-2025-12220

Published : Oct. 25, 2025, 4:15 p.m. | 45 minutes ago

Description : Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19....
CVE-2025-12220 - Busybox 1.31.1 - Multiple Known Vulnerabilities
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
cvefeed.io
12 23 110
Reposted by hoodie🐴
taggart-tech.com
Taggart @taggart-tech.com · 9d
So about the WSUS vuln.

Looking at the stack trace in this writeup: is the structure of `Microsoft.UpdateServices.Internal.SoapUtilities.DeserializeObject` unique to WSUS? Or could other DeserializeObject functions in MS web services have a similar issue?
WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287)
First reported by Eye Security, this WSUS CVE exposes a major weakness in Microsoft’s update mechanism. Read our full analysis to understand the discovery, proof-of-concept, and recommended defenses.
research.eye.security
1 2 1
Reposted by hoodie🐴
bossett.social
Bossett @bossett.social · 15d
this feels like a much bigger deal than a low-engagement 24h old reddit post would imply
xubuntu.org might be compromised
Posted in r/Ubuntu by u/oliwier975PL • 138 points and 17 comments
old.reddit.com
2 11 27
hoodiepony.com
hoodie🐴 @hoodiepony.com · 16d
Err... If you use Ring, you might want to check if you're breaking your local wiretapping, surveillance or privacy laws here.
1
Reposted by hoodie🐴
6mile.githax.com
6mile @6mile.githax.com · 18d
Don't let AI write your payloads for you if you don't know what you're doing. Otherwise, you might end up publishing your API keys, environment variables, and identity to @npmjs.bsky.social
1
Reposted by hoodie🐴
proton.me
Proton @proton.me · 19d
Frustrated by character rules and the need to change passwords? The National Institute of Standards & Technology updated its password guidelines. Weird characters are out; long, memorable passwords are in.👇

https://proton.me/blog/nist-password-guidelines
2025 NIST password guidelines: key updates for businesses | Proton
Everything you need to know about the 2025 NIST password recommendations. Learn about the latest updates, implementation tips, and more.
proton.me
4 24 140
Reposted by hoodie🐴
kingthorin.bsky.social
kingthorin @kingthorin.bsky.social · 20d
Great intro to various ZAP features!!
2 3
hoodiepony.com
hoodie🐴 @hoodiepony.com · 20d
Looking forward to seeing you there!
1
Reposted by hoodie🐴
gotocon.com
GOTO Conferences @gotocon.com · Sep 4
. @charity.wtf (Honeycomb) interviews @alexewerlof.com(Volvo Cars) on the gap between Google's SRE ideals & reality. Key insight: SLOs are your team's API for pushing back against micromanagement.
Reliability Engineering Mindset • Alex Ewerlöf & Charity Majors • GOTO 2025
This interview was recorded for the GOTO Book Club. #GOTOcon #GOTObookclub http://gotopia.tech/bookclub Read the full transcription of the interview here: https://gotopia.tech/episodes/395 Alex…
youtu.be
4 4
hoodiepony.com
hoodie🐴 @hoodiepony.com · 20d
It is indeed. Degraves St? It's a lovely place.
1 2
hoodiepony.com
hoodie🐴 @hoodiepony.com · 20d
WTAF!
malwarebytes.com Malwarebytes @malwarebytes.com · 20d
Microsoft is testing AI facial recognition for your photos in OneDrive.

The feature is enabled for those with early access.

You can easily turn this off...but only 3 times a year. (wut?)

Toggle this off in Privacy and Permissions.
1
Reposted by hoodie🐴
dethveggie.bsky.social
Deth Veggie @dethveggie.bsky.social · 23d
www.tomshardware.com/tech-industr...

Patch your shit, peepz.
New 7-Zip high-severity vulnerabilities expose systems to remote attackers — users should update to version 25 ASAP
Patches for two high-severity ZIP parsing flaws have quietly been available since July.
www.tomshardware.com
3 5 14
Reposted by hoodie🐴
hailey.at
hailey @hailey.at · 25d
reworked this labeler
- ingests posts from jetstream
- pays attention to replies to my posts
- calls out to gemma via LMStudio API
- determines if the reply is bad faith
- labels the reply as bad faith if it is
GitHub - haileyok/dontshowmethis
Contribute to haileyok/dontshowmethis development by creating an account on GitHub.
github.com
22 16 180
Reposted by hoodie🐴
bleepingcomputer.com
BleepingComputer @bleepingcomputer.com · 26d
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.
Hackers claim Discord breach exposed data of 5.5 million users
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people.
www.bleepingcomputer.com
6 11
Reposted by hoodie🐴
opentelemetry.io
OpenTelemetry @opentelemetry.io · 26d
Automatic instrumentation can seem like magic—but it’s not!

The latest #OpenTelemetry blog breaks down how it really works, from monkey patching and bytecode instrumentation to eBPF and runtime APIs.

buff.ly/aWbGOzf
Demystifying Automatic Instrumentation: How the Magic Actually Works
Despite the rise of OpenTelemetry and eBPF, most developers don’t know what automatic instrumentation actually does under the hood. This post breaks it down—not to suggest you build your own, but to…
opentelemetry.io
4 8
Reposted by hoodie🐴
metacurity.com
Cynthia Brumfield @metacurity.com · 27d
Forget about nation-states for a moment: The top four items in today's Metacurity all deal with serious cybersecurity threats emanating from teen hackers.

Don't miss today's issue for the complete run-down of infosec developments you should know, including 1/5
www.metacurity.com/shinyhunters...
ShinyHunters threatens to release data stolen from dozens of Fortune 500 firms
Salesforce refuses to pay ShinyHunters ransom, Qantas braces for the release of its data, Two teens busted for Kido nurseries cyberattack, Qilin claims attack on Asahi, Chinese hackers infiltrated Wil...
www.metacurity.com
1 4 6