Another research (from Trento colleagues @marcotonin @brulepri @mtizzoni) suggesting that offline partisan isolation, both considering physical encounters or residential sorting, is higher than online segregation.https://t.co/ZFFA362GJY pic.twitter.com/8HztsoDPnt

— Alberto Acerbi (@acerbialberto) July 18, 2024

🤣 https://t.co/inC0zTl0sB pic.twitter.com/shT0wm5nvp

— Ken Gannon (@Yogehi) July 18, 2024

Hey @CrowdStrike Can you guys maybe review/pull this latest patch you released? We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal.

— Kevin McCurdy (@McCurdy1987) July 19, 2024

Just to follow up -- no official confirmation yet but my understanding is government is treating the widespread computer outages as an a error from an update to a popular cybersecurity software. No evidence so far to suggest it's anything nefarious.

— cameron wilson (@cameronwilson) July 19, 2024

You wouldn't see this with any of our products (just sayin.) 🤷 pic.twitter.com/39veWooFio

— Kaspersky (@kaspersky) July 19, 2024

A Certificate Authority has mis-issued a bunch of certificates and is refusing to revoke them, breaching the CABF Baseline Requirements. I hear you think “what’s new Scott?”, but, here are the reasons provided by the CA on why they won’t revoke the certificates: pic.twitter.com/argJz1a02C

— Scott Helme (@Scott_Helme) July 17, 2024

A detailed analysis from @ret2systems of vulnerabilities CVE-2024-26003 and CVE-2024-26005 in Phoenix Contact CHARX EV chargers, focusing on C++ destructor behavior and UAF issues.

The exploit they used for Pwn2Own Auto 2024 is published here with a detailed blog to come:… pic.twitter.com/9QJRqXgF2i

— Pedram Amini (@pedramamini) July 17, 2024

The copyright office is considering an exemption that would provide legal protection for researchers jailbreaking / circumventing DRM / breaking terms of service to expose how AI tools work. This is really important bc current ToS are v threateninghttps://t.co/AzbLrsJo2O

— Jason Koebler (@jason_koebler) July 18, 2024

forget to say that I found CVE-2024-27802 in Apple's Metal.framework while was trying to find attack surface in WebGPU to escape to GPU process. after spending considerable time on
Render<->GPU IPC, I found that some texture parsing happens in GPU. https://t.co/25mUaRts6r

— Meysam (@R00tkitSMM) July 18, 2024

It's fascinating to watch the AI safety community race through 25 years of painful cybersecurity history and lessons in just 24 months.

Concepts such as full disclosure of vulnerabilities often seem shocking to a group determined to keep a tight hold on information they wrongly… https://t.co/U0B4UkhtqK

— chrisrohlf (@chrisrohlf) July 18, 2024

Nice work from @InterruptLabs on their JADX-GUI (Java Decompiler) collaboration extension:https://t.co/I71fXxBtCr

Operates over Git, multiple users can push/pull symbols. Read more about the plug-in design in their blog here:https://t.co/jLPywTsmjn pic.twitter.com/YNJLWajhbW

— Pedram Amini (@pedramamini) July 17, 2024

I hacked the @SAP AI platform by changing my UID to 1337.

…Yeah, really.

This led to admin permissions on several SAP systems, but also access to customers’ secrets and private AI files 👀

This is the story of #SAPwned 🧵⬇️ pic.twitter.com/Ljgme06CrH

— Hillai Ben-Sasson (@hillai) July 17, 2024

The Meiji government translated 10,000 technical books (applied science, industry, etc).

Then, Japan became an industrial powerhouse.

Must be the greatest industrial policy investment ever made!

Once again: the importance of upper human capital.

h/t 🔒 https://t.co/lAlTK8c7fU pic.twitter.com/aJfa7X9SLZ

— Whyvert (@whyvert) July 18, 2024

I'm going to talk about this publicly because enough time has passed and there's no longer any capability to burn. I typically don't talk about anything I work on due to obvious reasons but here goes...

Several years ago I was monitoring an APT actor. There's little point trying…

— Dan Kelly (@int0x00) July 18, 2024

1/ The exploiter of the @WazirXIndia Multisig was able to drain it after changing the implementation of the Multisig, that couldn't have been done without compromising the signers EOA, but here's a closer look on the attack flow 🧵

— Vazi (@0xVazi) July 18, 2024

this is almost north korean complexity

— SIGNAL (@SIGNAL_RETURN) July 18, 2024

i’ll never stop being amazed that we invented a computer that cannot do math. that’s like. their whole thing. https://t.co/jop8ZCpv0n

— worm food 🇵🇸🌸✨🌸🇵🇸 (@frogs4girls) July 18, 2024

A thread on a my just published article — “Digital Rummaging” — that tries to reimagine the Fourth Amendment harms of new mass surveillance technologies.  #surveillance #privacy #FourthAmendment 1/12  https://t.co/3b7BmZgzIv pic.twitter.com/FElqLgwreb

— Andrew G. Ferguson (@ProfFerguson) July 18, 2024

Important update here: The FBI briefed senators yesterday that they believed this Steam account did indeed belong to Crooks, per source familiar. Now, the FBI has revised that assessment and investigators think the account is fake, US official tells CNN https://t.co/3d1ovGu7rO

— Sean Lyngaas (@snlyngaas) July 18, 2024