blackwolfslaugh
@blackwolfslaugh.bsky.social
Cybersecurity researcher following current conflicts.
Your podcast isn't special
Your podcast isn't special
Reposted by blackwolfslaugh
Probably old news but my mind is always blown by all the stuff #curl can do. I had zero idea that curl has a —form argument that lets you simulate filling out a form, complete with a file upload. Let me automate a super annoying task for a friend with a dead simple bash script.
December 25, 2025 at 11:34 AM
Probably old news but my mind is always blown by all the stuff #curl can do. I had zero idea that curl has a —form argument that lets you simulate filling out a form, complete with a file upload. Let me automate a super annoying task for a friend with a dead simple bash script.
Absolutely love that they just stuck it on her head like a fancy hat
Monument to 'Baba Yaga' Drone Unveiled Near Kyiv nashaniva.com/en/384412
Monument to 'Baba Yaga' Drone Unveiled Near Kyiv
nashaniva.com
December 26, 2025 at 11:16 PM
Absolutely love that they just stuck it on her head like a fancy hat
Reposted by blackwolfslaugh
This is a great video about the growth of Flock's persistent AI-powered video surveillance system even as they demonstrate a fundamental incompetence at software engineering and little concern for security.
www.youtube.com/watch?v=vU1-...
www.youtube.com/watch?v=vU1-...
This Flock Camera Leak is like Netflix For Stalkers
YouTube video by Benn Jordan
www.youtube.com
December 22, 2025 at 9:55 PM
This is a great video about the growth of Flock's persistent AI-powered video surveillance system even as they demonstrate a fundamental incompetence at software engineering and little concern for security.
www.youtube.com/watch?v=vU1-...
www.youtube.com/watch?v=vU1-...
Reposted by blackwolfslaugh
A look at an Android ITW DNG exploit:
googleprojectzero.blogspot.com/2025/12/a-lo...
#android #exploit #vulnerability #zeroclick #exploitation #mobilesecurity
googleprojectzero.blogspot.com/2025/12/a-lo...
#android #exploit #vulnerability #zeroclick #exploitation #mobilesecurity
December 13, 2025 at 1:07 PM
A look at an Android ITW DNG exploit:
googleprojectzero.blogspot.com/2025/12/a-lo...
#android #exploit #vulnerability #zeroclick #exploitation #mobilesecurity
googleprojectzero.blogspot.com/2025/12/a-lo...
#android #exploit #vulnerability #zeroclick #exploitation #mobilesecurity
Reposted by blackwolfslaugh
MachOs explicitly using MTE in the 26.2 beta IPSW's DMGs (not including kernel/coprocessor fws etc)
November 10, 2025 at 5:01 AM
MachOs explicitly using MTE in the 26.2 beta IPSW's DMGs (not including kernel/coprocessor fws etc)
Reposted by blackwolfslaugh
Indictment for a Ukrainian woman extradited to the U.S. for her part in Cyber Army of Russia Reborn and now NoName057(16) pro-Putin hacktivist attacks.
www.documentcloud.org/documents/26...
www.documentcloud.org/documents/26...
USA v Dubranova, et al. INDICTMENT - NoName
www.documentcloud.org
December 11, 2025 at 9:25 AM
Indictment for a Ukrainian woman extradited to the U.S. for her part in Cyber Army of Russia Reborn and now NoName057(16) pro-Putin hacktivist attacks.
www.documentcloud.org/documents/26...
www.documentcloud.org/documents/26...
Reposted by blackwolfslaugh
The cool thing about Generative AI is that it generates stuff. Now, is the stuff it generates the stuff I asked for? No. But that's the beauty of the technology. It doesn't give me what I want, nor does it give me what I need. It just gives me things.
November 30, 2025 at 3:39 AM
The cool thing about Generative AI is that it generates stuff. Now, is the stuff it generates the stuff I asked for? No. But that's the beauty of the technology. It doesn't give me what I want, nor does it give me what I need. It just gives me things.
Reposted by blackwolfslaugh
For software developers: there's currently a highly sophisticated hacking group targeting developers with backdoored coding skills tests. They typically take the form of large source codes specific to your skillset. Please email any suspicious code to me on: [email protected]
1/2
1/2
November 27, 2025 at 6:19 PM
For software developers: there's currently a highly sophisticated hacking group targeting developers with backdoored coding skills tests. They typically take the form of large source codes specific to your skillset. Please email any suspicious code to me on: [email protected]
1/2
1/2
The screams in the distance are the people who have to write dual-use sanctions tearing their papers up yet again
A typical example of Russian DIY UGV manufacturing - building a small mining and logistics UGV in a week from an exercise treadmill. t.me/inzheneryChM...
November 25, 2025 at 8:08 PM
The screams in the distance are the people who have to write dual-use sanctions tearing their papers up yet again
Reposted by blackwolfslaugh
#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8
November 24, 2025 at 5:57 PM
#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8
Someone needs to write a programmer version of those mental load articles to explain why the people drowning open source projects in low-effort AI PRs and bug reports they themselves don't understand are not, in fact, actually helping.
One of the many joys of using AI for programming is the creation of huge PRs on complex topics that the authors barely understand, but still suggest "because they work". Here's a great example from #OCaml github.com/ocaml/ocaml/...
Kudos to OCaml's maintainers for handling this so gracefully.
Kudos to OCaml's maintainers for handling this so gracefully.
DWARF support for macOS and Linux by joelreymont · Pull Request #14369 · ocaml/ocaml
DWARF v5 Debugging Support for OCaml Native Compiler
This PR adds DWARF v5 debug information to the OCaml native compiler, allowing proper source-level debugging in GDB and LLDB.
What's Impleme...
github.com
November 25, 2025 at 8:00 AM
Someone needs to write a programmer version of those mental load articles to explain why the people drowning open source projects in low-effort AI PRs and bug reports they themselves don't understand are not, in fact, actually helping.
Crowdstrike strikes again
CrowdStrike says it caught an insider sharing screenshots taken on internal systems with unnamed threat actors.
CrowdStrike catches insider feeding information to hackers
CrowdStrike says it caught an insider sharing screenshots taken on internal systems with unnamed threat actors.
www.bleepingcomputer.com
November 21, 2025 at 6:35 PM
Crowdstrike strikes again
Reposted by blackwolfslaugh
There is a solution: github.com/jayphelps/gi...
GitHub - jayphelps/git-blame-someone-else: Blame someone else for your bad code.
Blame someone else for your bad code. Contribute to jayphelps/git-blame-someone-else development by creating an account on GitHub.
github.com
November 17, 2025 at 4:16 AM
There is a solution: github.com/jayphelps/gi...
Reposted by blackwolfslaugh
Doctor says, 'Dont worry, parser design is simple. Great programmer Kate Compton has written the parser you seek’
November 16, 2025 at 2:44 PM
Doctor says, 'Dont worry, parser design is simple. Great programmer Kate Compton has written the parser you seek’
Tool perhaps? Asking for a friend 👀
November 8, 2025 at 1:42 AM
Tool perhaps? Asking for a friend 👀
Reposted by blackwolfslaugh
Here’s @malwaretech.com take. I encourage more people to look at the samples because, lol.
November 5, 2025 at 8:55 PM
Here’s @malwaretech.com take. I encourage more people to look at the samples because, lol.
Reposted by blackwolfslaugh
There's some really big caveats to this. A thread.
New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/...
Report also has interesting stories about state actors' AI use.
Report also has interesting stories about state actors' AI use.
November 5, 2025 at 3:52 PM
There's some really big caveats to this. A thread.
Reposted by blackwolfslaugh
Huh. At least on macOS, less really is more.
October 31, 2025 at 5:02 PM
Huh. At least on macOS, less really is more.
Reposted by blackwolfslaugh
GrapheneOS is great and I recommend it all the time for Android users who are concerned about spying by governments and law enforcement.
"We’ve reached out to Google to inquire about why a custom ROM created by volunteers [@grapheneos.org] is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say." arstechnica.com/gadgets/2025...
Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking
Cellebrite can apparently extract data from most Pixel phones, unless they’re running GrapheneOS.
arstechnica.com
October 31, 2025 at 12:33 AM
GrapheneOS is great and I recommend it all the time for Android users who are concerned about spying by governments and law enforcement.
Reposted by blackwolfslaugh
Zack Korman on X: "Microsoft isn’t disclosing this so: M365 Copilot allowed users to access files without producing an audit log" https://x.com/ZackKorman/status/1957856630814421293
October 29, 2025 at 1:34 PM
Zack Korman on X: "Microsoft isn’t disclosing this so: M365 Copilot allowed users to access files without producing an audit log" https://x.com/ZackKorman/status/1957856630814421293
Reposted by blackwolfslaugh
We're updating our bounty program with the top award now set at $2 million for zero-click remote exploit chains. In addition - there are increased awards for proximate wireless attacks, WebKit, and Gatekeeper
security.apple.com/blog/apple...
security.apple.com/blog/apple...
A major evolution of Apple Security Bounty, with the industry's top awards for the most advanced research - Apple Security Research
Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards — up to $2 million and a maximum payout in excess of $5 million — expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.
security.apple.com
October 10, 2025 at 5:05 PM
We're updating our bounty program with the top award now set at $2 million for zero-click remote exploit chains. In addition - there are increased awards for proximate wireless attacks, WebKit, and Gatekeeper
security.apple.com/blog/apple...
security.apple.com/blog/apple...
Reposted by blackwolfslaugh
NEW in Xcode 26.1 beta2
`usr/include/arm64/mte.h`
`usr/include/arm64/mte.h`
October 6, 2025 at 5:58 PM
NEW in Xcode 26.1 beta2
`usr/include/arm64/mte.h`
`usr/include/arm64/mte.h`
Reposted by blackwolfslaugh
“We would like your feedback”
I seriously doubt it.
I seriously doubt it.
October 6, 2025 at 4:41 PM
“We would like your feedback”
I seriously doubt it.
I seriously doubt it.