March 12, 2026

A Wikipedia article I would enjoy:
List of Gender Reveals Ranked by Property Damage and Death Toll.

— Ryan Moulton (@moultano) March 11, 2026

You know what it means when Italy changes side... https://t.co/dHgTPAw5C4

— DG MEME 🇪🇺 (@meme_ec) March 11, 2026

A Rey of Mistakes ☀️

The story of a 16 year old ransomware operator, 30+ aliases, and a trail of OPSEC failures that led straight back to him.

Full investigation 👇https://t.co/OrjGorw9b8@dulls 🤡

— Keyser Söze (@KeyserSoze1337) March 12, 2026

Could an empire in decline do THIS? *launches deeply unpopular invasion cementing status as lunatic-led pariah state, its not clear what kind of move i was trying to do*

— Cohen is a ghost (@skullmandible) January 3, 2026

"fog machine of war" is my new favorite phrase https://t.co/S92H7LJKd0

— Ramez Naam (@ramez) March 10, 2026

Thomson Reuters is best known for its media outlet and legal research tools, but it is also a data broker that provides investigative tools to the government, including ICE. Its Minneapolis workers aren't happy about that: https://t.co/TnvaePD4EM

— Kashmir Hill (@kashhill) March 12, 2026

Excerpt from Google’s Cloud Threat Horizons Report.

This scenario could apply to a lot of companies with interconnected GitHub and Cloud tenants. Typical to see trusts between repos and highly privileged Cloud roles for infrastructure as code deployment. pic.twitter.com/4OtxNAic0N

— Adnan Khan (@adnanthekhan) March 11, 2026

I made a video with @KeithRamphal where he explained different types of threat actors and how they operate.

I asked him why threat actors are so bad at AI and whether they read my posts about skills.https://t.co/RVc70gwnHp pic.twitter.com/J9SYgWTwta

— Zack Korman (@ZackKorman) March 10, 2026

Why are hackers ignoring AI? — Zack Korman

source: Zack Korman (@ZackKorman)

Since some of you want all Standard Time and others want all Daylight time and none seem willing to budge, I have a Solomonic compromise:

Let's do each for half of the year.

— Adam (@scrollpastthis) March 10, 2026

The actual memoir is filled with activities that eventually got me raided and I need legal assistance before I publish so I dont end up in prison.
If you're in the book or legal industry and you're interested in a book about the perspective of a female hacker, I have one for you!

— Bluma (@x25princess) March 11, 2026

"Essentially, the enemy used drones to create an air-strike fist. To put it simply - a massive airstrike, but not with heavy bombers, but with drones: 300-400 of them simultaneously. This entire swarm is used at a depth of about 20 kilometers on a narrow frontline.
A kind of… pic.twitter.com/5LlX2AbYsv

— Preston Stewart (@prestonstew_) March 12, 2026

Fiber Optics, Starlink, and Terminal Guidance

It was clear six months ago that the situation with the supply of fiber optics would only worsen. This is a real problem that will definitely impact the capabilities of the defense forces. Recently, Bohdan Miroshnychenko wrote about… pic.twitter.com/OLUQ75142S

— Yaroslav Azhnyuk / Ярослав Ажнюк (@YaroslavAzhnyuk) March 10, 2026

The new Ayatollah’s use of the gender neutral term “Great Satanx” could cost him support among working class Iranians.

— NYTPitchbot (@DougJBalloon) March 12, 2026

This really should have been in the top 10 web hacking techniques of 2025: https://t.co/ixGZFWsrhz

— Justin Gardner (@Rhynorater) March 11, 2026

Fontleak: exfiltrating text using CSS and Ligatures

Fast exfiltration of text using CSS and ligatures

It can download pdfs and never read them? https://t.co/EZw7c0CKjD

— Jonathan Basile (@jonothingEB) March 12, 2026

Accusations of US strategic miscalculation wrongly assume the existence of a strategy

— Neil Renic (@NC_Renic) March 12, 2026

Three of the most popular internet archives have been blasted off the web -- word says that the FBI did it. https://t.co/iPstU9IoSM and its sisters, https://t.co/NBJf9htSdc and https://t.co/VVrB2pEhvO are no longer accessible. The group has been having battles with the FBI and…

— Nury Vittachi (@NuryVittachi) March 12, 2026

BOOM: Autonomous agent hack on McKinsey's AI Platform, Lilly

Scale of data accessible without authentication (How We Hacked McKinsey's AI Platform)https://t.co/h80s7cBuLN autonomous agent hacked Lilly and accessed:
→ 46.5 million chat messages (containing a lot of… pic.twitter.com/OzMjcs6bKF

— Dr Efi Pylarinou (@efipm) March 11, 2026

It's after midnight in the UAE and I believe that for the first in many days--I believe for the first time since hostilities began--the UAE did not release numbers on the total number of drone and ballistic missile strikes upon the UAE and their success in intercepting them. https://t.co/88QDC1lXtr

— Christopher Clary (@clary_co) March 11, 2026

This is a very interesting piece of research by the team on algorithmic methods for effective complex type recovery.

Practical type inference is a challenging problem the industry has been grappling with for years.

paper: https://t.co/8H1AeaAJG7
blog: https://t.co/1e4oLr5Isi https://t.co/4PVxKK6rsA pic.twitter.com/5SFXVLq3GS

— Alex Matrosov (@matrosov) March 11, 2026

[2603.08225] Practical Type Inference: High-Throughput Recovery of Real-World Structures and Function Signatures

The recovery of types from stripped binaries is a key to exact decompilation, yet its practical realization suffers. For composite structures in particular, both layout and semantic fidelity are required to enable end-to-end reconstruction. Many existing approaches either synthesize layouts or infer names post-hoc, which weakens downstream usability. This is further aggravated by an excessive runtime overhead that is especially prohibitive in automated environments. We present XTRIDE, an improve...

Type Inference for Decompiled Code: From Hidden Semantics to Structured Insights

Learn how Binarly enhances decompiled code by recovering meaningful type info—boosting binary analysis, triage, and reverse engineering accuracy.

Practical Type Inference: High-Throughput Recovery of Real-World Structures and Function Signatures

The recovery of types from stripped binaries is a key to exact decompilation, yet its practical realization suffers. For composite structures in particular, both layout and semantic fidelity are required to enable end-to-end reconstruction. Many existing approaches either synthesize layouts or infer names post-hoc, which weakens downstream usability. This is further aggravated by an excessive runtime overhead that is especially prohibitive in automated environments. We present XTRIDE, an improved n-gram-based approach that focuses on practicality: highly optimized throughput and actionable confidence scores allow for deployment in automated pipelines. When compared to the state of the art in struct recovery, our method achieves comparable performance while being between 70 and 2300 times faster. As our inference is grounded in real-world types, we achieve the highest ratio of fully-correct struct layouts. With an optimized training regimen, our model outperforms the current state of the art on the DIRT dataset by 5.09 percentage points, achieving 90.15% type inference accuracy overall. Furthermore, we show that n-gram-based type prediction generalizes to function signature recovery: conducting a case study on embedded firmware, we show that this efficient approach to function similarity can assist in typical reverse engineering tasks.

PDF

source: Alex Matrosov (@matrosov)