“Finally, Copilot hides the source of the instructions, so the user can’t trace what happened”

Fun times ahead! https://t.co/fTi9P6A42k pic.twitter.com/wHDW0LsF1E

— Andrew Orlowski (@AndrewOrlowski) June 12, 2025

Very stealthy way of dumping LSASS, is done from the kernel, doesn't matter if LSASS is LSA Protected. Once loaded, the rootkit creates a system thread (PsCreateSystemThread) for dumping LSASS, iterates over all processes gets its EPROCESS (PsLookupProcessByProcessId ), then its… pic.twitter.com/Isi6ZRL3K6

— Saad AHLA (@d1rkmtr) June 12, 2025

This works even with LSASS protection through HVCI?

— Andrew Case (@attrc) June 12, 2025

Actually HVCI has nothing to do with lsass protection it’s just a feature of VBS so i think you mean LSA protection and the above code would work because kernel is not restricted by PPL boundaries so yeah even if the lsass was protected you can do so from kernel mode

— Unhandled0xD (@trap_handler) June 13, 2025

NEW REPORT: Our forensic analysis confirms ✅ two more European journalists targeted with Paragon's Graphite spyware. Read it here: https://t.co/t6CBY6yXYV

— The Citizen Lab (@citizenlab) June 12, 2025

Army Cyber Corps - A Prehistory
June 12, 2025https://t.co/Zr4BkQZLKl
This first essay provides a general synopsis of the emergence of cyber and how it became a key focus for the U.S. military, tracing its early connections to information warfare and operations#Army250

— 780th Military Intelligence Brigade (Cyber) (@780thC) June 13, 2025

🚨 LockBit's admin panel hacked! Our analysis of the leaked data reveals surprising victimology (China & Taiwan), affiliate negotiation tactics, and the true — often inflated — earnings of a major RaaS operation. Read more by @j_tologon. https://t.co/RGSl1V4U1G pic.twitter.com/P062yURvxE

— Trellix Advanced Research Center (@TrellixARC) June 12, 2025

I also wrote a blog post about another nation-state threat actor that's been actively trying to steal cryptocurrency from developers. In this case, they were unsuccessful, but we got a rare glimpse into the process of developing the malicious code. https://t.co/iJy2LplNro

— Charlie Eriksen (@CharlieEriksen) June 12, 2025

ASIO following the same Soviet spy with the same Ford Falcon for two years. Oh dear.

cc: @thegrugq pic.twitter.com/ktJ09YbgkY

— Ravi Nayyar (@ravirockks) June 14, 2025

Here you guys go. Here is a pdf file that is ALSO a javascript file //_id":"../../.././/////////bypass":"%PDF-1.3 1 0 obj << /Pages 2 0 R /Type /Catalog >> endobj 2 0 obj << /Count 1 /Kids [ 3 0 R ] /Type /Pages >> endobj 3 0 obj << /Contents 4 0 R /MediaBox […

— xssdoctor (@xssdoctor) June 12, 2025

Happy Friday! Our intern, @__neverm0r_ , discovered and reported a NPD due to race-condition in afd.sys. Wasn’t assigned a cve doesn’t mean it’s less interesting, right!? https://t.co/m7HDVQd5pj

— PixiePoint Security (@pixiepointsec) June 13, 2025

Do NOT do that! You're not guaranteed to get fair warning to do a complicated two-button gesture when the police nab you. If you're taking your device to a protest, configure it ahead of time so it can't be unlocked with your fingerprint or by pointing it at your face. https://t.co/QLMyMewYEx

— Pinboard (@Pinboard) June 14, 2025

Also consider the wisdom of not taking the always-on tracking device that carries your entire online history to a protest. Advice is highly situational (sometimes it's much safer to be filming/streaming) but something to think about a bit.

— Pinboard (@Pinboard) June 14, 2025

If such a thing is possible, put your politics aside and look at how the January 6 prosecutions were conducted. It's a really good model for figuring out the cost/benefit of taking a phone with you to a protest that might be declared an illegal assembly.

— Pinboard (@Pinboard) June 14, 2025

The problem here is nerds see this as a challenge and come up with weird bank-shot advice for how people can finagle Linux-on-the-desktop into protests or at border crossings, because this is all a LARP to people who write security advice for activists.

— Thomas H. Ptacek (@tqbf) June 14, 2025