More results...
Here’s the story. The commenters on X (formerly Twitter) are unimpressed.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Blog moderation policy.
E-130J TACAMO. The Navy’s Airborne Strategic Command, Control and Communications Program Office (PMA-271) and Strategic Communications Wing 1 (SCW-1) on Aug. 7 announced the official popular name for the Navy’s […]
Porn sites are hiding code in .svg files:
Unpacking the attack took work because much of the JavaScript in the .svg images was heavily obscured using a custom version of “JSFuck,” a technique that uses only a handful of character types to encode JavaScript into a camouflaged wall of text.
Once decoded, the script causes the browser to download a chain of additional obfuscated JavaScript. The final payload, a known malicious script called Trojan.JS.Likejack, induces the browser to like a specified Facebook post as long as a user has their account open…
Here’s an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a “break” to a “continue.” That turned an error logging statement into an infinite loop, which crashed the system.
This is an integrity failure. Specifically, it’s a failure of processing integrity. And while we can think of particular patches that alleviate this exact failure, the larger problem is much harder to solve.
Davi Ottenheimer …
There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth.
Some really …
The Defense Advanced Research Projects Agency (DARPA) on Monday christened its prototype for the No Manning Required Ship (NOMARS) program, the USX-1 Defiant, as it finishes testing in preparation for […]
The NSA and GCHQ have jointly published a history of World War II SIGINT: “Secret Messengers: Disseminating SIGINT in the Second World War.” This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Securi…
SAP’s August 2025 Patch Tuesday released 15 new security notes, including critical fixes, plus four updates to previously released patches. SAP’s August 2025 Patch Tuesday delivers 15 new security notes, including critical fixes, plus four updates to older patches. Of a total of 26 vulnerabilities addressed by the company, four have been classified as ‘hot […]
A few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a “shockingly realistic” variant, which includes photos of you and your house—more specific information.
The article contains “steps you can take to figure out if it’s a scam,” but omits the first and most fundamental piece of advice: If the hacker had incriminating video about you, they would show you a clip. Just a taste, not the worst bits so you had to worry about how bad it could be, but something. If the hacker doesn’t show you any video, they don’t have any video. Everything else is window dressing…
Fears around children is opening up a new market for automatic license place readers.