hoodie🐴
@hoodiepony.com
I'm a pony. Sometimes a cyber sherpa, and helping keep myself safe by helping other be cyber safe. Also sometimes breaks stuff and void warranties. 🏳️🌈 (they/them/it)
Also, infosec.exchange/@hoodiepony
Other Endpoints @ hello.unicorncyber.space
Also, infosec.exchange/@hoodiepony
Other Endpoints @ hello.unicorncyber.space
Reposted by hoodie🐴
Wanting to fit into society by *checks notes* having a clean desk
Prints / Comic Archive adhd-alien.com
Patreon patreon.com/adhd_alien/
Prints / Comic Archive adhd-alien.com
Patreon patreon.com/adhd_alien/
January 2, 2026 at 9:18 PM
Wanting to fit into society by *checks notes* having a clean desk
Prints / Comic Archive adhd-alien.com
Patreon patreon.com/adhd_alien/
Prints / Comic Archive adhd-alien.com
Patreon patreon.com/adhd_alien/
Reposted by hoodie🐴
New breach: WIRED magazine had 2.3M records allegedly breached from parent company Condé Nast and published online this week. Data included email and display name, some records contained additional personal data. 81% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/WIRED
Have I Been Pwned: WIRED Data Breach
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed em...
haveibeenpwned.com
December 28, 2025 at 12:16 AM
New breach: WIRED magazine had 2.3M records allegedly breached from parent company Condé Nast and published online this week. Data included email and display name, some records contained additional personal data. 81% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/WIRED
Relfection: I find it very telling when groups makes a lot of fuss about others not doing the right thing, but refuse to be bound by those same rules.
Very interesting.
Very interesting.
December 26, 2025 at 11:47 PM
Relfection: I find it very telling when groups makes a lot of fuss about others not doing the right thing, but refuse to be bound by those same rules.
Very interesting.
Very interesting.
Reposted by hoodie🐴
#MongoDB and MongoDB Server multiple versions are vulnerable to Remote Code Execution (#RCE) #vulnerability CVE-2025-14847 and may be abused by unauthenticated threat actors in low-complexity attacks that don't require user interaction. Patch now!
👇
www.bleepingcomputer.com/news/securit...
👇
www.bleepingcomputer.com/news/securit...
MongoDB warns admins to patch severe RCE flaw immediately
MongoDB has warned IT admins to immediately patch a high-severity vulnerability that may be exploited in remote code execution (RCE) attacks targeting vulnerable servers.
www.bleepingcomputer.com
December 26, 2025 at 6:47 AM
#MongoDB and MongoDB Server multiple versions are vulnerable to Remote Code Execution (#RCE) #vulnerability CVE-2025-14847 and may be abused by unauthenticated threat actors in low-complexity attacks that don't require user interaction. Patch now!
👇
www.bleepingcomputer.com/news/securit...
👇
www.bleepingcomputer.com/news/securit...
Reposted by hoodie🐴
Casey Ellis: Pioneering The Bug Bounty Platform To Empower Ethical Hackers
Casey Ellis: Pioneering The Bug Bounty Platform To Empower Ethical Hackers - Phillip Wylie
Casey Ellis, the founder of Bugcrowd, is interviewed by Phillip Wylie, who admires Casey’s connection to the hacker community. Casey shares his background in technology and how his curiosity led him to become a hacker. He emphasizes that he always exercised caution and avoided causing harm. Casey shifted his focus to network engineering after leaving…
thehackermaker.com
December 24, 2025 at 7:18 PM
Casey Ellis: Pioneering The Bug Bounty Platform To Empower Ethical Hackers
Reposted by hoodie🐴
Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
#quantum #cryptanalysis #cryptography
www.youtube.com/watch?v=xa4O...
#quantum #cryptanalysis #cryptography
www.youtube.com/watch?v=xa4O...
Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
New Zealand's cute infosec con (& book publishers) ✨ https://kawaiicon.org
Live Stream VOD from Kawaiicon III (6th - 8th November 2025)
Over the last few years quantum cryptanalysis and the…
www.youtube.com
December 25, 2025 at 12:00 AM
Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
#quantum #cryptanalysis #cryptography
www.youtube.com/watch?v=xa4O...
#quantum #cryptanalysis #cryptography
www.youtube.com/watch?v=xa4O...
Reposted by hoodie🐴
CVE-2018-25154 - GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism
CVE ID : CVE-2018-25154
Published : Dec. 24, 2025, 8:15 p.m. | 41 minutes ago
Description : GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allo...
CVE ID : CVE-2018-25154
Published : Dec. 24, 2025, 8:15 p.m. | 41 minutes ago
Description : GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allo...
CVE-2018-25154 - GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
cvefeed.io
December 24, 2025 at 9:29 PM
CVE-2018-25154 - GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism
CVE ID : CVE-2018-25154
Published : Dec. 24, 2025, 8:15 p.m. | 41 minutes ago
Description : GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allo...
CVE ID : CVE-2018-25154
Published : Dec. 24, 2025, 8:15 p.m. | 41 minutes ago
Description : GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allo...
Reposted by hoodie🐴
You don't need to think about what is "normal."
You are you.
One day, the world will come where there is no need to categorize people as LGBT🏳️⚧️🏳️🌈
Until that day arrives, I will continue to send out this message.
Your soul is beautiful.
You are you.
One day, the world will come where there is no need to categorize people as LGBT🏳️⚧️🏳️🌈
Until that day arrives, I will continue to send out this message.
Your soul is beautiful.
December 23, 2025 at 3:16 PM
You don't need to think about what is "normal."
You are you.
One day, the world will come where there is no need to categorize people as LGBT🏳️⚧️🏳️🌈
Until that day arrives, I will continue to send out this message.
Your soul is beautiful.
You are you.
One day, the world will come where there is no need to categorize people as LGBT🏳️⚧️🏳️🌈
Until that day arrives, I will continue to send out this message.
Your soul is beautiful.
Reposted by hoodie🐴
Wanna re-live the ✨kawaii ✨ magic? Well lucky ducks, guess what we have prepared!
All of the Kawaiicon 3 talks are up on YouTube! Check em out!
youtube.com/@kawaiiconnz
All of the Kawaiicon 3 talks are up on YouTube! Check em out!
youtube.com/@kawaiiconnz
Kawaiicon NZ
New Zealand's cute infosec con (& book publishers) ✨
youtube.com
December 23, 2025 at 7:47 AM
Wanna re-live the ✨kawaii ✨ magic? Well lucky ducks, guess what we have prepared!
All of the Kawaiicon 3 talks are up on YouTube! Check em out!
youtube.com/@kawaiiconnz
All of the Kawaiicon 3 talks are up on YouTube! Check em out!
youtube.com/@kawaiiconnz
Reposted by hoodie🐴
It may feel like the whole idea of protecting yourself online is too big of an issue to tackle. But we can take small steps to better protect our own privacy and build an online space that feels as free and safe as speaking with those close to us in the offline world. www.eff.org/deeplinks/2...
Privacy Loves Company
Most of the internet’s blessings—the opportunities for communities to connect despite physical borders and oppressive controls, the avenues to hold the powerful accountable without immediate
www.eff.org
December 20, 2025 at 8:59 PM
It may feel like the whole idea of protecting yourself online is too big of an issue to tackle. But we can take small steps to better protect our own privacy and build an online space that feels as free and safe as speaking with those close to us in the offline world. www.eff.org/deeplinks/2...
Reposted by hoodie🐴
Announcing Key Transparency for the Fediverse
soatok.blog/2025/12/15/a...
#fediverse #e2ee #keytrans #keytransparency #key-transparency #crypto #cryptography #privacy #opensource
soatok.blog/2025/12/15/a...
#fediverse #e2ee #keytrans #keytransparency #key-transparency #crypto #cryptography #privacy #opensource
Announcing Key Transparency for the Fediverse - Dhole Moments
I’m pleased to announce the immediate availability of a reference implementation for the Public Key Directory server. This software implements the Key Transparency specification I’ve be…
soatok.blog
December 15, 2025 at 2:47 PM
Announcing Key Transparency for the Fediverse
soatok.blog/2025/12/15/a...
#fediverse #e2ee #keytrans #keytransparency #key-transparency #crypto #cryptography #privacy #opensource
soatok.blog/2025/12/15/a...
#fediverse #e2ee #keytrans #keytransparency #key-transparency #crypto #cryptography #privacy #opensource
Reposted by hoodie🐴
Roomba maker iRobot gets cleaned out in Chapter 11
Roomba maker iRobot gets cleaned out in Chapter 11
Company vacuumed up by its own manufacturer
iRobit, the company behind autonomous vacuum cleaner brand Roomba, has filed for Chapter 11 bankruptcy protection, telling investors that its Chinese manufacturer will assume control going forward.…
dlvr.it
December 15, 2025 at 1:05 PM
Roomba maker iRobot gets cleaned out in Chapter 11
ICYMI
This is an excellent read, postmortem and lessons from PostHog which was a victim of a software supply chain attack.
posthog.com/blog/nov-24-...
#appsec #prodsec
This is an excellent read, postmortem and lessons from PostHog which was a victim of a software supply chain attack.
posthog.com/blog/nov-24-...
#appsec #prodsec
Post-mortem of Shai-Hulud attack on November 24th, 2025 - PostHog
At 4:11 AM UTC on November 24th, a number of our SDKs and other packages were compromised, with a malicious self-replicating worm - Shai-Hulud 2.…
posthog.com
December 15, 2025 at 3:11 AM
ICYMI
This is an excellent read, postmortem and lessons from PostHog which was a victim of a software supply chain attack.
posthog.com/blog/nov-24-...
#appsec #prodsec
This is an excellent read, postmortem and lessons from PostHog which was a victim of a software supply chain attack.
posthog.com/blog/nov-24-...
#appsec #prodsec
🤔
With practically all Gov, Banks, etc interactions via apps these days, with a ban from these platforms for whatever reason, how will a person continue to live? Do offline options exists?
This is more significant impact than just a corp enforcing it's rights to choose who it does business with.
With practically all Gov, Banks, etc interactions via apps these days, with a ban from these platforms for whatever reason, how will a person continue to live? Do offline options exists?
This is more significant impact than just a corp enforcing it's rights to choose who it does business with.
December 13, 2025 at 7:44 PM
🤔
With practically all Gov, Banks, etc interactions via apps these days, with a ban from these platforms for whatever reason, how will a person continue to live? Do offline options exists?
This is more significant impact than just a corp enforcing it's rights to choose who it does business with.
With practically all Gov, Banks, etc interactions via apps these days, with a ban from these platforms for whatever reason, how will a person continue to live? Do offline options exists?
This is more significant impact than just a corp enforcing it's rights to choose who it does business with.
Reposted by hoodie🐴
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages.
Notepad++ fixes flaw that let attackers push malicious update files
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages.
www.bleepingcomputer.com
December 11, 2025 at 9:04 PM
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages.
Reposted by hoodie🐴
TL;DR a couple hundred IPs suddenly started exploiting Cisco devices today
- Entire exploitation cluster is originating from OVH (@ovhcloudus.bsky.social).
- Payloads are interesting- attacker is even checking hardware temperatures most likely to ensure they are not honeypots
- Entire exploitation cluster is originating from OVH (@ovhcloudus.bsky.social).
- Payloads are interesting- attacker is even checking hardware temperatures most likely to ensure they are not honeypots
December 10, 2025 at 1:16 AM
TL;DR a couple hundred IPs suddenly started exploiting Cisco devices today
- Entire exploitation cluster is originating from OVH (@ovhcloudus.bsky.social).
- Payloads are interesting- attacker is even checking hardware temperatures most likely to ensure they are not honeypots
- Entire exploitation cluster is originating from OVH (@ovhcloudus.bsky.social).
- Payloads are interesting- attacker is even checking hardware temperatures most likely to ensure they are not honeypots
Reposted by hoodie🐴
interested in standardization of AT at the IETF?
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
December 9, 2025 at 8:13 AM
interested in standardization of AT at the IETF?
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
Reposted by hoodie🐴
Notepad++ have published an update to fix the software being hijacked by threat actors remotely: notepad-plus-plus.org/news/v889-re...
This was being abused by threat actors in China, a blog from mine from a week ago: doublepulsar.com/small-number...
This was being abused by threat actors in China, a blog from mine from a week ago: doublepulsar.com/small-number...
Notepad++ v8.8.9 release: Vulnerability-fix | Notepad++
notepad-plus-plus.org
December 9, 2025 at 9:24 PM
Notepad++ have published an update to fix the software being hijacked by threat actors remotely: notepad-plus-plus.org/news/v889-re...
This was being abused by threat actors in China, a blog from mine from a week ago: doublepulsar.com/small-number...
This was being abused by threat actors in China, a blog from mine from a week ago: doublepulsar.com/small-number...
It's very interesting to see how various platforms are complying with a foreign entity's rules that they are not sovereign to...
It's a canary for how they will act, and how genuinely safely their trust & safety teams will implement the policies.
It's a canary for how they will act, and how genuinely safely their trust & safety teams will implement the policies.
December 9, 2025 at 9:39 PM
It's very interesting to see how various platforms are complying with a foreign entity's rules that they are not sovereign to...
It's a canary for how they will act, and how genuinely safely their trust & safety teams will implement the policies.
It's a canary for how they will act, and how genuinely safely their trust & safety teams will implement the policies.
Reposted by hoodie🐴
So awesome that the nation's so-called eSafety Commissioner is forcing every Australian over the age of 16 to hand over our biometric data to overseas-based companies whose business model is about monetising personal data & linking online accounts to real world individuals.
Excellent work everybody.
Excellent work everybody.
After going through above, I was sent an email, which sent me to the Kids Web Services website. I chose "Face Scan", which directed me to Yoti, face was scanned and it began estimating my age. It was taking so long I forgot about it, and just came back 4hrs later to see it is still "Estimating age"👍
December 9, 2025 at 7:41 AM
So awesome that the nation's so-called eSafety Commissioner is forcing every Australian over the age of 16 to hand over our biometric data to overseas-based companies whose business model is about monetising personal data & linking online accounts to real world individuals.
Excellent work everybody.
Excellent work everybody.
Reposted by hoodie🐴
Bluesky has also asked the @australia.theguardian.com account to put in its age, and is even more restrictive.
Guardian Australia can't use @bsky.app, though 3rd party posts are still going through.
I won't put GdnAus's 2013 launch as birth date in case it nukes the account. Maybe I'll try 1821
Guardian Australia can't use @bsky.app, though 3rd party posts are still going through.
I won't put GdnAus's 2013 launch as birth date in case it nukes the account. Maybe I'll try 1821
December 9, 2025 at 7:09 AM
Bluesky has also asked the @australia.theguardian.com account to put in its age, and is even more restrictive.
Guardian Australia can't use @bsky.app, though 3rd party posts are still going through.
I won't put GdnAus's 2013 launch as birth date in case it nukes the account. Maybe I'll try 1821
Guardian Australia can't use @bsky.app, though 3rd party posts are still going through.
I won't put GdnAus's 2013 launch as birth date in case it nukes the account. Maybe I'll try 1821
Reposted by hoodie🐴
Checkout atproto.com/specs/permis...
Permissions - AT Protocol
Auth Permissions for Account Resources
atproto.com
December 8, 2025 at 7:41 AM
Checkout atproto.com/specs/permis...
Reposted by hoodie🐴
It's actually out.
Permissions - AT Protocol
Auth Permissions for Account Resources
atproto.com
December 8, 2025 at 7:41 AM
It's actually out.