SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
@techbytom.bsky.social
Privacy, motorcycle, and craft beer geek. Adversarial thinker. Blue team your blue team for better red teaming.
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Combining NVIDIA DGX Spark + Apple Mac Studio for 4x Faster LLM Inference with EXO 1.0
Disaggregating Prefill and Decode: Faster First Tokens, Faster Streams
blog.exolabs.net
January 6, 2026 at 5:45 AM
If you’re not watching EXO labs, and you have any good reason to run local LLMs stop now and read blog.exolabs.net/nvidia-dgx-s...
Fun way to host your payloads vmux.sdan.io
vmux
Run anything in the cloud. Replace uv run with vmux run.
vmux.sdan.io
January 2, 2026 at 1:27 AM
Fun way to host your payloads vmux.sdan.io
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
At 404, we’re particularly focussed on journalism that has real-world impact. Thanks to your support, this year we can trace a direct line between our work and tangible policy change. @evystadium.bsky.social names a few.
Read our Impact stories here and hny <3 www.404media.co/tag/impact/
Read our Impact stories here and hny <3 www.404media.co/tag/impact/
January 1, 2026 at 7:24 PM
Did you know your taxes were being used to buy your flight records from commercial airlines so your movement could be tracked without a warrant?
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
To wrap up the year, I've published this Havoc extension that enables remote execution of Beacon Object Files (BOFs) using a PIC loader built with Crystal Palace.
github.com/pard0p/Remot...
github.com/pard0p/Remot...
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
github.com
December 31, 2025 at 11:51 PM
This is fork&run to execute BOFs in a remote process, same API, and get output back over a pipe--demonstrated with Havoc.
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Same arch could support explicit injection. Add-in an injector artifact + psexec, could remotely run a BOF without an agent and get output back too. bofexec? :)
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
You've been targeted by government spyware. Now what? | TechCrunch
Tech companies are increasingly warning their customers that they have been targeted by governments with advanced government spyware, such as NSO's Pegasus or Paragon's Graphite. What happens after re...
techcrunch.com
December 29, 2025 at 4:27 PM
NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by NSO Group or Paragon.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
We spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
Claude set a strong bar for structured, workflow-driven AI usage, and it’s no surprise we’re now seeing similar ideas across other platforms like OpenAI.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
Agent Skills
Give Codex new capabilities and expertise
developers.openai.com
December 27, 2025 at 12:33 AM
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
ORLY?
December 20, 2025 at 4:47 AM
ORLY?
This implies that getting a warrant for this was anything other than a rubber stamp in a web interface before now.
NARRATOR (V.O.) It wasn't.
NARRATOR (V.O.) It wasn't.
December 19, 2025 at 3:23 PM
This implies that getting a warrant for this was anything other than a rubber stamp in a web interface before now.
NARRATOR (V.O.) It wasn't.
NARRATOR (V.O.) It wasn't.
30% of the code, and 100% of the design is now done by AI
December 19, 2025 at 3:02 PM
30% of the code, and 100% of the design is now done by AI
0nrnicrosoft[.]com was registered last night
December 19, 2025 at 2:57 PM
0nrnicrosoft[.]com was registered last night
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
“ALPRs, operating at the scale that they’re operating now, with the kind of vendors that are running these systems now, are posing a direct public safety threat,” particularly in this political climate, EFF’s @tsnvaa.bsky.social told @kqednews.kqed.org. www.kqed.org/news/120669...
California Cities Double Down on License-Plate Readers as Federal Surveillance Grows | KQED
California municipalities continue to press ahead with automated license-plate reader contracts, betting the technology’s public-safety value outweighs demonstrated risks to data privacy and civil liberties.
www.kqed.org
December 19, 2025 at 2:18 PM
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
www.wsj.com/tech/ai/anth...
We Let AI Run Our Office Vending Machine. It Lost Hundreds of Dollars.
An AI agent ran a snack operation in the WSJ newsroom. It gave away a free PlayStation, ordered a live fish—and taught us lessons about the future of AI.
www.wsj.com
December 19, 2025 at 1:21 AM
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
www.wsj.com/tech/ai/anth...
Apple Maps in CarPlay does not allow you to tap on the numbers on the map. You MUST tap the item in the list, wait for the zoom animation to show you which of the map locations it was for, then (while no longer seeing the whole route) choose if you want to add to route or not.
December 18, 2025 at 3:00 PM
Apple Maps in CarPlay does not allow you to tap on the numbers on the map. You MUST tap the item in the list, wait for the zoom animation to show you which of the map locations it was for, then (while no longer seeing the whole route) choose if you want to add to route or not.
Maybe Bieber will complain and Tim Apple will do something.
December 18, 2025 at 5:39 AM
Maybe Bieber will complain and Tim Apple will do something.
Ok, but can I PLEASE tap on the destination on the map instead of being forced to use a list and back button to discover where each location is while I’m TRYING TO DRIVE?
December 18, 2025 at 5:38 AM
Ok, but can I PLEASE tap on the destination on the map instead of being forced to use a list and back button to discover where each location is while I’m TRYING TO DRIVE?
Hey @wiz_io BurbSec really appreciates the CVS sized receipt!
December 18, 2025 at 3:16 AM
Hey @wiz_io BurbSec really appreciates the CVS sized receipt!
Can we please stop using pictures of consumer drones for LE and military drone stories?
December 17, 2025 at 6:38 PM
Can we please stop using pictures of consumer drones for LE and military drone stories?
Not a fan of this company, but I LOVE the 2FA explainer. Very well executed.
December 17, 2025 at 2:46 PM
Not a fan of this company, but I LOVE the 2FA explainer. Very well executed.
I’m at 2x32GB modules and still have the 2x16GB modules just laying in the drawer from last spring. Maybe I should cash out and buy a new car?
December 16, 2025 at 6:58 PM
I’m at 2x32GB modules and still have the 2x16GB modules just laying in the drawer from last spring. Maybe I should cash out and buy a new car?
There’s such a strange acceptance of LE skipping out on search and seizure laws by paying a private company for the data instead of (illegally) collecting it themselves. I feel like the outcome is a reality that fundamentally undermines the intent of the Fourth Amendment.
December 9, 2025 at 3:01 PM
There’s such a strange acceptance of LE skipping out on search and seizure laws by paying a private company for the data instead of (illegally) collecting it themselves. I feel like the outcome is a reality that fundamentally undermines the intent of the Fourth Amendment.
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
Interesting project. Reimplements TCG example loaders in Rust and demonstrates Rust patterns for TCG and Crystal Palace.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
Implementing PICOs and allowing for easy development in rust github.com/laachy/trade...
@raphaelmudge.bsky.social
@raphaelmudge.bsky.social
github.com
December 9, 2025 at 2:44 AM
Interesting project. Reimplements TCG example loaders in Rust and demonstrates Rust patterns for TCG and Crystal Palace.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
One note: my scope, dev, tests, and unit tests are limited to MinGW.
Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
You know what would make for an epic third party compromise? xterm.js
December 8, 2025 at 10:21 PM
You know what would make for an epic third party compromise? xterm.js
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
Fed up with this dystopian nightmare? We are too. That's why we're pushing back against surveillance tech and government censorship, both in the courts and on the streets. Help us today: eff.org/power-up
Double Your Impact on Privacy & Free Speech
Right now, your donation to EFF gets an automatic 2X match! Don't let tyrants co-opt tech.
supporters.eff.org
December 3, 2025 at 9:03 PM
Fed up with this dystopian nightmare? We are too. That's why we're pushing back against surveillance tech and government censorship, both in the courts and on the streets. Help us today: eff.org/power-up
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 4:23 PM
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
Hey everyone. It's currently 2025 (and almost 2026). If you're scraping sites and not running javascript, you probably aren't going to render most of the content ;)
December 3, 2025 at 10:36 PM
Hey everyone. It's currently 2025 (and almost 2026). If you're scraping sites and not running javascript, you probably aren't going to render most of the content ;)