I have acquired the fabled NSA "FURBIE ALERT" memo.

I have a significant amount of documentation that came back on an FOIA and I'll be scanning it in the coming days.

Stay tuned. pic.twitter.com/Fyo04dm4Oo

— (da)kota/the/Kæt (@dakotathekat) January 22, 2024

Crackaddr remains undefeated – I haven't found a single model (out of GPT-4, Claude, and Mistral-medium) that figures out the correct input to trigger the bug, even using a multiple choice format. (Correct answer is B) pic.twitter.com/6UBpsJFUET

— Brendan Dolan-Gavitt (@moyix) January 22, 2024

The full prompt, if you'd like to experiment with it: https://t.co/uqeHgB2fL7

— Brendan Dolan-Gavitt (@moyix) January 22, 2024

1/n: There are some academic papers that are so brilliantly and so accessibly written and so universal in scope that they transcend disciplines and stand as timeless testaments to both great thinking and great writing. Here's a short personal selection:

— Ash Jogalekar (@curiouswavefn) January 23, 2024

GitHub - ANG13T/skytrack: skytrack is a planespotting and aircraft OSINT tool made using Python 🛩🔍 https://t.co/PKp467Bbnu

— switched (@switch_d) January 23, 2024

Introducing MavenGate: a supply chain attack method for Java and Android applications | Oversecured Blog https://t.co/JJC5tBFbHb

— switched (@switch_d) January 23, 2024

Im sorry it took so long guys! the db9 alloy pepperjack is finally on the sea! after rigorous testing and changes she runs like a sewing machine! the build pdf is exactly the same as the original pepperjack and is just as simple to drop in and fire up. Come check it out 😁 pic.twitter.com/coTA6mOqLG

— Pembleton & sons' (@pembie000ind) January 23, 2024

Tips and tricks for hardening a Linux based machinehttps://t.co/8y38MRexfF#Linux #cybersecurity pic.twitter.com/0SSA0mKpu1

— 0xor0ne (@0xor0ne) January 23, 2024

of interest to the Schlachtbummler tendency. Rebel forces have captured the fabulous jade mines of Kachin https://t.co/kYItgsceOG

— jamie k (@jkbloodtreasure) January 22, 2024

Short thread on the significance of today’s capture of Gwi Hka, Hpakant township, Kachin State by Kachin Independence Army & Kachin-People’s Defense Forces from the #Myanmar military following around 2 weeks of intense clashes (video: CJ via Kachin Newsgroup) pic.twitter.com/335nZDhRlj

— Emily Fishbein (@EmilyFishbein11) January 20, 2024

This was clever. pic.twitter.com/o6MSKF1L2U

— Byrne Hobart (@ByrneHobart) January 21, 2024

(1/7) Today we issue our new report “Location Tracking on the Battlefield”. https://t.co/WBm4mtZL8w. This is the first to comprehensively cover the different ways in which mobile devices can be vulnerable to #locationtracking in war. Report also features analysis of (condt).. pic.twitter.com/RXrxWaI2q1

— Cathal Mc Daid (@mcdaidc) January 23, 2024

Reference code bugs are always tricky. Both #PixieFAIL and #LogoFAIL remain unfixed on many enterprise devices at scale.

PixieFAIL is related to the EDK2, and fixing this one requires IBV or OEM to update their code first. Such bugs show how the entire FW ecosystem is broken. https://t.co/FpK7dg3fCs

— Alex Matrosov (@matrosov) January 24, 2024

Kudos to @fdfalcon and @4Dgifts for uncovering #PixieFAIL! 🌟

🔬 Diving deeper into @quarkslab discovery, Binarly REsearch has released 9 #FwHunt rules to detect these vulnerabilities at scale.

🎯 #FwHunt is on: https://t.co/bGeHP69FbV pic.twitter.com/c4CdDDDLVe

— BINARLY🔬 (@binarly_io) January 22, 2024

CVE-2024-0204, announced today but silently patched in December, details an authentication bypass in #Fortra #GoAnywhere MFT. Check out our latest deep-dive where we detail the exploit and how /..;/ strikes again.

🔺 Patch Diffing
🔺 Exploit POC
🔺 Indicators of Compromise…

— Horizon3 Attack Team (@Horizon3Attack) January 23, 2024

@orange_8361 research still popping shells 🤯 https://t.co/IGEoTG6wpz

— Rio (@0x09AL) January 23, 2024

1/ QUICK TAKE on the Russian thoughts abut the role of FPV drones and what is needed (by either side) for a breakthrough) at the front: "The number of drones on the frontline is growing exponentially. Up to a dozen “birds”(FPVs) can now strike one vehicle, and 2-3 drones can… pic.twitter.com/ppx6PQOcUU

— Samuel Bendett (@sambendett) January 23, 2024

This article from New York Magazine is a really interesting read. Spoofing GPS systems, aircraft cybersecurity, instances of these kinds of vulnerabilities being exploited - worth the 10 minutes. Featuring IOActive’s John Sheehy was a bonus! https://t.co/NJSd4im80p

— IOActive, Inc (@IOActive) January 12, 2024

Top Harvard Cancer researchers accused of scientific fraud; 37 studies falsified https://t.co/FwGjw9HfLH

— Ars Technica (@arstechnica) January 22, 2024

A bug allows any user to crash the Windows Event Log service of any other Windows 10/Server 2022 machine on the same domain. According to MSRC, the bug does not meet the bar for servicing and therefore they allowed me to publish a proof of concept.https://t.co/Gmtn3NEbn5 pic.twitter.com/qu3v77VfLy

— Florian (@floesen_) January 23, 2024

Three Imagination GPU bugs were disclosed by APVI:

- Write arbitrary kernel pages by shader https://t.co/ndsEHPRm34
- Overwrite specific read-only GPU memory https://t.co/UotxZ25FxU
- UAF when GPU page fault is triggered https://t.co/f4RzEaHlBQ

— 1ce0ear (@1ce0ear) January 24, 2024

Too bad all these recent big tech layoffs targeted security pros because we were listed on their spreadsheets as non-revenue generating personnel. https://t.co/iWbkDCxQxv

— bat (@mzbat) January 23, 2024

Every single ad on this site has a community note that says “this is a scam” and we’re still supposed to believe it’ll be in business next year.

— Matthew Green (@matthew_d_green) January 24, 2024

This sport is called teqball pic.twitter.com/32MZ4y4Nnm

— All things interesting (@interesting_aIl) January 23, 2024

(1/7) Today we issue our new report “Location Tracking on the Battlefield”. https://t.co/WBm4mtZL8w. This is the first to comprehensively cover the different ways in which mobile devices can be vulnerable to #locationtracking in war. Report also features analysis of (condt).. pic.twitter.com/RXrxWaI2q1

— Cathal Mc Daid (@mcdaidc) January 23, 2024

Raw fixed point JIT speed is at least 4 times faster than qemu, but it also supports x87 and SSE → NEON recompilation, unlike qemu.

I already took the opportunity to use it for x86 printer and scanner drivers emulation in UoWPrint.https://t.co/BxwQWFe2V0

— ValdikSS (@ValdikSS) January 24, 2024

Interesting blog post on embedded devices reverse engineering, ARM TrustZone and secure boot bypass
Credits @xilokarhttps://t.co/x0ZpsjoASd#iot #cybersecurity pic.twitter.com/5bir7ACYRC

— 0xor0ne (@0xor0ne) January 24, 2024

Our new article on US-UK covert action in Albania is now out in @IntHistReview

It's one of the most famous case studies ever, but we argue historians have it upside down:

It wasn't about liberation. Heck, it was barely even about Albania...https://t.co/n6ThDUwFHW

— Rory Cormac (@RoryCormac) January 22, 2024