Lea Viljanen
@ladybugfi.bsky.social
#cybersecurity #appsec is my ikigai. Consulting at lavsecurity.fi, bug bounty service in hackr.fi. Occasional #SCA medievalist. Finland. She/her, will accept they.
Laskiaispulla mantelilla, pizzaan ananasta, kitkarenkaat, maksalaatikko rusinoilla.
Laskiaispulla mantelilla, pizzaan ananasta, kitkarenkaat, maksalaatikko rusinoilla.
Maailma on erilainen jousiampujan silmin.
December 8, 2025 at 9:30 PM
Maailma on erilainen jousiampujan silmin.
Reposted by Lea Viljanen
Scientists recently combined the DNA of a cheetah with the DNA of a crab.
Things went sideways real fast.
Things went sideways real fast.
December 7, 2025 at 5:16 AM
Scientists recently combined the DNA of a cheetah with the DNA of a crab.
Things went sideways real fast.
Things went sideways real fast.
Reposted by Lea Viljanen
You’ve heard of Barbenheimer, but have you heard of …
December 25, 2023 at 12:29 AM
You’ve heard of Barbenheimer, but have you heard of …
Reposted by Lea Viljanen
A few thoughts on the new US national security strategy that was released today.
🧵
www.whitehouse.gov/wp-content/u...
🧵
www.whitehouse.gov/wp-content/u...
December 5, 2025 at 9:49 AM
A few thoughts on the new US national security strategy that was released today.
🧵
www.whitehouse.gov/wp-content/u...
🧵
www.whitehouse.gov/wp-content/u...
Aika paska juttu. #tietoturva
NEW: Your "end-to-end encrypted" poop pictures taken by this $599 (+ subscription) smart toilet camera are actually not end-to-end encrypted.
¯\_(ツ)_/¯
techcrunch.com/2025/12/03/e...
¯\_(ツ)_/¯
techcrunch.com/2025/12/03/e...
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted | TechCrunch
Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.
techcrunch.com
December 3, 2025 at 8:19 PM
Aika paska juttu. #tietoturva
Reposted by Lea Viljanen
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 4:23 PM
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Reposted by Lea Viljanen
based on how often the naughty teens of major cities throw the rentable scooters directly into the river i've formed a theory that the many iron age swords and cauldrons found in lakes around europe that we've previously assumed were ceremonial and sacrificial in nature were in fact thrown by teens
August 17, 2024 at 4:38 PM
based on how often the naughty teens of major cities throw the rentable scooters directly into the river i've formed a theory that the many iron age swords and cauldrons found in lakes around europe that we've previously assumed were ceremonial and sacrificial in nature were in fact thrown by teens
AI has its uses.
In a pilot study, A.I.was able to accurately predict the type of coda, the whale’s vocal clan and the individual whale with over 90% accuracy.
... it might be possible to use A.I. to find patterns within the vocal data and eventually translate what whales were saying to one another.
#incroyable
... it might be possible to use A.I. to find patterns within the vocal data and eventually translate what whales were saying to one another.
#incroyable
Opinion | I’m a Marine Biologist. This Is How I Talk to Whales.
www.nytimes.com
December 2, 2025 at 1:58 PM
AI has its uses.
Introduce yourself with five concerts you've seen:
Pink Floyd
Tina Turner
REM
Massive Attack
Ultra Bra
Pink Floyd
Tina Turner
REM
Massive Attack
Ultra Bra
Introduce yourself with five concerts you've seen
Devo
Massive Attack
Stevie Wonder
Prodigy
Good Boys
Devo
Massive Attack
Stevie Wonder
Prodigy
Good Boys
Introduce yourself with five concerts you’ve seen —
Nouvelle Vague
Depeche Mode
Smashing Pumpkins
Elton John
Manic Street Preachers
Nouvelle Vague
Depeche Mode
Smashing Pumpkins
Elton John
Manic Street Preachers
November 29, 2025 at 9:35 AM
Introduce yourself with five concerts you've seen:
Pink Floyd
Tina Turner
REM
Massive Attack
Ultra Bra
Pink Floyd
Tina Turner
REM
Massive Attack
Ultra Bra
Reposted by Lea Viljanen
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
November 27, 2025 at 10:31 AM
Version 1 of the OWASP AI testing guide just got published.
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
I promise you, from my own experience, this will save you a lot of heartache.
github.com/OWASP/www-pr...
Reposted by Lea Viljanen
If you have to tell people that you are:
A Truth-teller
A Thought leader
A Lady
A Gentleman
A Genius
Then you probably aren't one.
A Truth-teller
A Thought leader
A Lady
A Gentleman
A Genius
Then you probably aren't one.
November 23, 2025 at 8:07 PM
If you have to tell people that you are:
A Truth-teller
A Thought leader
A Lady
A Gentleman
A Genius
Then you probably aren't one.
A Truth-teller
A Thought leader
A Lady
A Gentleman
A Genius
Then you probably aren't one.
#DOGE is no more. But where is all the data it has collected over the months from all the US gov't agencies?
Bye bye, “DOGE”.
It no longer exists as a “centralized entity”, according to the Office of Personnel Management.
@reuters.com
www.reuters.com/world/us/dog...
It no longer exists as a “centralized entity”, according to the Office of Personnel Management.
@reuters.com
www.reuters.com/world/us/dog...
November 23, 2025 at 10:41 PM
#DOGE is no more. But where is all the data it has collected over the months from all the US gov't agencies?
Reposted by Lea Viljanen
Stunning. Lauri is saving Utah basketball, Sisu 2 made box office history, Laura Birn will get Emmy nom for her epic perf as a sexy sad robot, Helene Schjerfbeck is getting a Met retrospective and will become a Sotheby’s $20M per painting auction beast…. Finland has arrived as a cultural force.
November 23, 2025 at 10:09 PM
Stunning. Lauri is saving Utah basketball, Sisu 2 made box office history, Laura Birn will get Emmy nom for her epic perf as a sexy sad robot, Helene Schjerfbeck is getting a Met retrospective and will become a Sotheby’s $20M per painting auction beast…. Finland has arrived as a cultural force.
Reposted by Lea Viljanen
Twitter pays people based on engagement (views, retweets, comments, etc). It appears that many MAGA accounts are based abroad and they use AI technology to generate low-effort rage bait.
My guess is that this will get worse as AI tech improves. For instance, fake videos of minorities doing crime.
My guess is that this will get worse as AI tech improves. For instance, fake videos of minorities doing crime.
November 23, 2025 at 9:23 AM
Twitter pays people based on engagement (views, retweets, comments, etc). It appears that many MAGA accounts are based abroad and they use AI technology to generate low-effort rage bait.
My guess is that this will get worse as AI tech improves. For instance, fake videos of minorities doing crime.
My guess is that this will get worse as AI tech improves. For instance, fake videos of minorities doing crime.
Reposted by Lea Viljanen
To be fair, Neal wrote "The Baroque Cycle" longhand after a computer backup disaster ate the first five hundred pages or so.
Then he transcribed it himself in EMACS and formatted it for submission using a homebrew set of Elisp macros he wrote—
Yeah nope, that's just deranged.
Then he transcribed it himself in EMACS and formatted it for submission using a homebrew set of Elisp macros he wrote—
Yeah nope, that's just deranged.
November 22, 2025 at 7:26 PM
To be fair, Neal wrote "The Baroque Cycle" longhand after a computer backup disaster ate the first five hundred pages or so.
Then he transcribed it himself in EMACS and formatted it for submission using a homebrew set of Elisp macros he wrote—
Yeah nope, that's just deranged.
Then he transcribed it himself in EMACS and formatted it for submission using a homebrew set of Elisp macros he wrote—
Yeah nope, that's just deranged.
Taas yhden aikakauden loppu. #mikrobitti
Mikrobitti lakkauttaa verkkosivustonsa, verkkosisältö siirtyy osaksi Iltalehden maksullista tilausta
dawn.fi/uutiset/2025...
#uutiset
dawn.fi/uutiset/2025...
#uutiset
Mikrobitti -sivusto lakkautetaan, sisältö siirtyy osaksi Iltalehteä
Alma Media lakkauttaa Mikrobitti -lehden oman sivuston ja siirtää Mikrobitin verkkosisällöt osaksi Iltalehteä.
dawn.fi
November 21, 2025 at 4:07 PM
Taas yhden aikakauden loppu. #mikrobitti
Ja kuka väittää ettei humanistisia aineita kannata opiskella? Pitää palkata kirjallisuuden opiskelijoita AI-hakkereiksi.
Looks like LLMs are *very* vulnerable to attack via poetic allusion: "curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90% ..."
https://arxiv.org/html/2511.15304v1
https://arxiv.org/html/2511.15304v1
November 20, 2025 at 10:58 PM
Ja kuka väittää ettei humanistisia aineita kannata opiskella? Pitää palkata kirjallisuuden opiskelijoita AI-hakkereiksi.
Reposted by Lea Viljanen
Fish have committed credit card fraud
November 19, 2025 at 9:49 PM
Fish have committed credit card fraud
Reposted by Lea Viljanen
So that means that any attempt to neuter a hippo is:
A) Exploratory Surgery
B) Done under "best guess" conditions
C) Where the drugs are *going* to wear off
D) On an animal that weighs more than a Ford F150
E) All of which is muscle
F) On testicles that are hiding from you
G) And it is mad about it
A) Exploratory Surgery
B) Done under "best guess" conditions
C) Where the drugs are *going* to wear off
D) On an animal that weighs more than a Ford F150
E) All of which is muscle
F) On testicles that are hiding from you
G) And it is mad about it
a large hippopotamus is standing in the water with its mouth open
Alt: a large hippopotamus is standing in the water with its mouth open
media.tenor.com
March 12, 2025 at 5:53 AM
So that means that any attempt to neuter a hippo is:
A) Exploratory Surgery
B) Done under "best guess" conditions
C) Where the drugs are *going* to wear off
D) On an animal that weighs more than a Ford F150
E) All of which is muscle
F) On testicles that are hiding from you
G) And it is mad about it
A) Exploratory Surgery
B) Done under "best guess" conditions
C) Where the drugs are *going* to wear off
D) On an animal that weighs more than a Ford F150
E) All of which is muscle
F) On testicles that are hiding from you
G) And it is mad about it
Reposted by Lea Viljanen
Reposted by Lea Viljanen
I do this ish for a living, I am an AI developer and researcher, and *I* don’t fully understand the security implications. What hope do regular users have?
www.windowscentral.com/microsoft/wi...
www.windowscentral.com/microsoft/wi...
Microsoft warns that Windows 11's agentic AI could install malware on your PC: "Only enable this feature if you understand the security implications"
Microsoft is pushing ahead with its plan to add agentic capabilities to Windows 11 but has issued an important security warning for anyone who is interested in trying it out.
www.windowscentral.com
November 18, 2025 at 8:30 PM
I do this ish for a living, I am an AI developer and researcher, and *I* don’t fully understand the security implications. What hope do regular users have?
www.windowscentral.com/microsoft/wi...
www.windowscentral.com/microsoft/wi...
Reposted by Lea Viljanen
Turns out you can communicate across containers via 63-bits of available space in a shared lock you acquire on /proc/self/ns/time that all processes have access to.
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
November 12, 2025 at 2:35 PM
Turns out you can communicate across containers via 63-bits of available space in a shared lock you acquire on /proc/self/ns/time that all processes have access to.
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
No networking required. The post has a demo of a chat app communicating across unprivileged containers.
h4x0r.org/funreliable/
#TIetoturva Haavoittuvuus, jossa ilmeisesti rajapintavastaus antoi vinkkiä siitä oliko vastaus oikein vai väärin.
www.hs.fi/kulttuuri/ar...
www.hs.fi/kulttuuri/ar...
Televisio | Katsojat petkuttaneet Elämäni biisi -ohjelman kotipelissä
Varsinaisia palkintoja suositun ohjelman kotipeliosuudessa ei ole, ja siksi vilpin ilmeneminen on vähän huvittavaakin, ohjelman vastaava tuottaja kommentoi.
www.hs.fi
November 15, 2025 at 11:50 AM
#TIetoturva Haavoittuvuus, jossa ilmeisesti rajapintavastaus antoi vinkkiä siitä oliko vastaus oikein vai väärin.
www.hs.fi/kulttuuri/ar...
www.hs.fi/kulttuuri/ar...
Reposted by Lea Viljanen
HOLY SHIT. They found the genes for fibromyalgia - and it's *not* autoimmune, it's the central nervous system. It's very cool to see some progress made on the thing that's ruined my life since late teenage years!
Medical Republic: 'Fibromyalgia finally gets a genetic fingerprint'
'Additionally, certain risk loci overlapped with long covid (BPTF) and ME/CFS (OLFM4, RABGAP1L/GPR52), two poorly characterised disorders, albeit with different lead variants.'
www.medicalrepublic.com.au/fibromyalgia...
'Additionally, certain risk loci overlapped with long covid (BPTF) and ME/CFS (OLFM4, RABGAP1L/GPR52), two poorly characterised disorders, albeit with different lead variants.'
www.medicalrepublic.com.au/fibromyalgia...
Fibromyalgia finally gets a genetic fingerprint - Medical Republic
A massive global study links the chronic pain condition to 26 genes associated with brain signalling, marking a turning point in understanding its biological roots.
www.medicalrepublic.com.au
November 14, 2025 at 4:09 AM
HOLY SHIT. They found the genes for fibromyalgia - and it's *not* autoimmune, it's the central nervous system. It's very cool to see some progress made on the thing that's ruined my life since late teenage years!