Anyone seen this? Can’t quite figure it out….https://t.co/hrgm47qPiv

— Charl van der Walt 🌻 (@charlvdwalt) February 16, 2024

A fun UX I've been playing with for a project: If you scan this QR code, a small .png file will be downloaded to your device (SFW, I promise).

The kicker is that file is not hosted on any server, anywhere. It lives completely within the QR code itself!

🧵 pic.twitter.com/orVuiQtkNu

— Guy Dupont (@gvy_dvpont) February 15, 2024

The real scam going around that regular people fall for is someone you don’t know sends you $2-3k on Venmo. Panic messages this was a mistake. Please send back I need it. And when you do you just laundered their money while the stolen proceeds they sent will be recovered from you

— warrior cop (@wyatt_privilege) February 15, 2024

On January 20, 2024, the US government conducted a disruption operation against infrastructure used by a threat actor we track as Forest Blizzard (STRONTIUM), a Russian state-sponsored threat actor, as detailed here: https://t.co/gfeIE2JZYK

— Microsoft Threat Intelligence (@MsftSecIntel) February 15, 2024

Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. https://t.co/CcBTvjK1BR

— switched (@switch_d) February 15, 2024

The question "I have an #SBOM. Now what?" is a legitimate one, and more tools and use cases emerge every day.

But this basic analysis from @GossiTheDog on what's in Avanti tells a pretty clear story of why we need transparency for our software NOW. pic.twitter.com/nFtNB1BSnA

— Allan is @allanfriedman on bsky & infosec.exchange (@allanfriedman) February 15, 2024

I told you! That cyber operation was part of the U.S. retaliation for the drone strikes. https://t.co/7SOiowv1CW https://t.co/P4UiRFjHHr pic.twitter.com/6sBIxud1PD

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) February 16, 2024

Could the U.S. response be with CYBER? It can be done to avoid escalations. The downside of using cyber is that the public would not necessarily see it, which undermines the point of satisfying U.S. public opinion desires to 'take action'. https://t.co/xntrecXVAP pic.twitter.com/jFn4UpcGsW

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) January 31, 2024

No intentional overfitting from our side. Btw all paper/evaluation artifacts are openly accessible for reproduction: https://t.co/lsMOMQSSx4

— Stephan Lipp (@stephanlipp) February 15, 2024

I don’t see anyone talking about what is happening to the CVE system except exploit developers, and we need to be talking about it more.

Blue teamers, this might seem like someone else’s problem. It is not. No enterprise is prepared for this. I assure you it will become yours

— Ian Coldwater 📦💥 (@IanColdwater) February 16, 2024

The disdain for labeling security fixes and CVEs in the Linux kernel is not new. The official stance was: All Bugs Matter. Security fixes are not special.

Now in response to “continuing pressure” ALL bug fixes get CVEs. So they can smugly say “well this what you wanted!” 🙄🙄 pic.twitter.com/d7TnPFvzRF

— chompie (@chompie1337) February 14, 2024

Say hi to "bippy", the Bash script (really) behind the new Linux CNA, and the boilerplate message you'll be seeing a lot of: https://t.co/Kw6CayRFko Completely unrelated, the LF recorded revenue of $177M in 2022: https://t.co/bwdXj645hA pic.twitter.com/J1rpkh79ab

— Brad Spengler (@spendergrsec) February 16, 2024

Current CVE fiasco in security terms: It's a UAF, where the existing CVE definition has been freed, and everyone using it after that point is operating on garbage

— Brad Spengler (@spendergrsec) February 15, 2024

This was an excellent blog post by Andreas Kellas (@trailofbits) on exploiting SQLite implementations of the printf functions (CVE-2022-35737)https://t.co/qLb0KXHnKa#sqlite #infosec #cybersecurity pic.twitter.com/sdGKIwIezv

— 0xor0ne (@0xor0ne) February 16, 2024

This is a friendly reminder that anything build on @OpenAI's GPT4 via API is vulnerable to invisible prompt injection via unicode tags.

It may take 2-3 attempts. See the screenshot: pic.twitter.com/DltxjvD5It

— Joseph Thacker (@rez0__) February 16, 2024

Air Canada must honor refund policy invented by airline’s chatbot https://t.co/PMCC6V4opG

— Ars Technica (@arstechnica) February 16, 2024

All the people saying "I would never get scammed!!" should know it can happen to anyone... My gf in Slovenia has a PhD and she got scammed out of $20,000 right after I sent her $20,000 for a plane ticket to America so we could finally meet in person

— ''Steve'' (@extranapkins) February 15, 2024

I never thought I was the kind of person to fall for a scam, and then I found myself agreeing to take over the spice mining operations on the desert planet Arrakis pic.twitter.com/bbu5OmYT0K

— Jackson McHenry (@McHenryJD) February 15, 2024

On this day 12 years ago, the, "How Do You Do, Fellow Kids?" moment aired on 30 Rock. pic.twitter.com/lC0PnHbyKq

— Know Your Meme (@knowyourmeme) February 16, 2024

Air Canada must honor refund policy invented by airline’s chatbot https://t.co/PMCC6V4opG

— Ars Technica (@arstechnica) February 16, 2024

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoChttps://t.co/sJPbySQBa3

Happy weekend.

— Alex (@xaitax) February 16, 2024

Until I read this Hal Borland passage a few days ago I never realized/noticed that blossoming plants melt the snow, and it’s because that act generates a bunch of heat pic.twitter.com/zrZ7K4GfdX

— chuck 🏔 (@crowcialist) February 16, 2024

Mastodon hacking. I smiled at this paragraph. Before running Mastodon, I did quickly scan the code for risks, but just for RCE or path traversal. Checking for in-protocol logic bugs is harder and without other users or private messages less concerning.https://t.co/EuR95Ftd4i pic.twitter.com/OuHkPCsGL0

— scriptjunkie (Matt) (@scriptjunkie1) February 16, 2024

In case you missed it, check out our new video from CppCon 2023!

Undefined Behavior in C++: What Every Programmer Should Know and Fear - Fedor Pikus - CppCon 2023https://t.co/xyicGT1kWN#Cpp #HowTo #cppcon

— CppCon (@CppCon) February 16, 2024

my review of the apple vision pro pic.twitter.com/pbdql2Ne2L

— Michael Kandel (@K_A_N_D_E_L) February 16, 2024

OH:
"you could change -e to --exit-status to make it more readable"
"no this is a C codebase, it's maintained by people who hate each other"

— Kate (@thingskatedid) February 16, 2024

Today, and for decades, the main challenge in offensive cybersecurity has been that defenders need just one successful detection to break the best operation. Attackers need to have the best stealth, and luck, at all times, across increasingly complex digital terrain. No errors. https://t.co/SO025c2ha9

— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) February 17, 2024

Deep sigh: pic.twitter.com/HyyMsSkAzd

— Brian in Pittsburgh (@arekfurt) February 16, 2024