February 7, 2025

                February 7, 2025

            February 7, 2025

            February 7, 2025

   Snooper's Charter realized. "The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies."  Huge story from @joemenn.bsky.social https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/
             — Kevin Collier  (@kevincollier.bsky.social)            2025-02-07T11:06:23.951Z 

It's finally here! Ghidra 11.3 dropped with built-in support for Python 3 through Pyhidra. Let's go! https://t.co/iZMl9L9lZq
— Zion Leonahenahe Basque (@mahal0z) February 6, 2025

While working on a nday vulnerability research project, we stumbled upon a vulnerability in the core of the TCP subsystem of the Linux kernel. We reported it upstream, which was fixed in May of last year. This blog post shares how we came across it and our vulnerability analysis.
— Allele Security Intelligence (@allelesecurity) February 5, 2025

It is a reference counter issue, and a mechanism in the Linux kernel usually prevents those issues from being exploitable. Still, in this case, it could even be with the mechanism present. Read it and see how it could be done.
— Allele Security Intelligence (@allelesecurity) February 5, 2025

Accidentally uncovering a seven years old vulnerability in the Linux kernelhttps://t.co/BskRsCLG2K
— Allele Security Intelligence (@allelesecurity) February 5, 2025

This LLM attack should have made more noise:https://t.co/pDpYBYF8Qh
— Gil Dabah (@_arkon) February 7, 2025

Hacking llama.cpp for real (not the social engineering bs) - a really detailed walk through - https://t.co/7g6yYePrmV kudos
— Gil Dabah (@_arkon) February 7, 2025

A blog post¹ by Jacob Torrey on a new feature we excluded from Canary.

It’s easy to ship everything u build, but resisting it is worth the effort.

Is the benefit worth the increased cognitive load?

Does it introduce new risks? (This time it did!)

__
¹ https://t.co/TaUe3OZJRh pic.twitter.com/3jTwgE5J3L
— Thinkst Canary (@ThinkstCanary) February 6, 2025

                  BrianKrebs: "Drop what you are doing and read this incredible …" - Infosec Exchange
Attached: 1 image

Drop what you are doing and read this incredible story from Wired, if you can. After that, come back here.

https://www.wired.com/story/edward-coristine-tesla-sexy-path-networks-doge/

It mentions that a 19 y/o man who's assisting Musk's team and who has access to sensitive government systems is Edward Coristine. Wired said Coristine, who apparently goes by the nickname "Big Balls," runs a number of companies, including one called Tesla.Sexy LLC 

"Tesla.Sexy controls dozens o...            

Meta torrented over 81.7TB of pirated books to train AI, authors say https://t.co/iTLptrCjt1
— Ars Technica (@arstechnica) February 6, 2025

                   Kim Zetter: "In a first-ever report from the intelligence comm…" - Infosec Exchange
In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Her...            

                   Zack Whittaker: "ICYMI from yesterday: The biggest breach of U.S. …" - Mastodon
ICYMI from yesterday: The biggest breach of U.S. government data is under way.

"Whether DOGE staffers are bad actors misses part of the point. Acts of subterfuge, espionage, or ignorance could produce the same suboptimal outcome: exposure or loss of the nation’s sensitive datasets."

https://techcrunch.com/2025/02/05/the-biggest-breach-of-u-s-government-data-is-under-way/            

   Like in Europe, the US may soon get anti-terrorism financing legislation as well that can be used to silence muslim and nonprofit organizations: https://www.codastory.com/surveillance-and-control/the-tool-donald-trump-might-use-to-crush-dissent/
             — Electrospaces.net (@electrospaces.bsky.social)            2025-02-07T09:31:42.051Z 

pic.twitter.com/R696HkxlOv
— Theo - t3.gg (@theo) February 6, 2025

https://m.youtube.com/watch?v=Ycb6DyiccF8

In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial…
— GrapheneOS (@GrapheneOS) February 7, 2025

What the hell is going on anymore pic.twitter.com/ROUUrp1rEJ
— Mira of Kyiv 🇺🇦 (@reshetz) February 6, 2025

                Don't miss what's next. Subscribe to the grugq's newsletter: