Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds and have spawned a philosophical conversation on the implications of bug bounty and offensive security. Nerd stuff

Google submits a CVE thingie to them, but FFmpeg is mad because while people finding… https://t.co/hIvRSGOYFy

— vx-underground (@vxunderground) November 1, 2025

LinkedIn still has some bangers pic.twitter.com/442dmkyr1M

— Justin Elze (@HackingLZ) November 1, 2025

Really great blogpost about bypassing client isolation on wifi networks (WPA till 2 and public) from Ben Knight https://t.co/yZreoQWj6h

— Aurélien Chalot (@Defte_) October 31, 2025

kind of funny that bugs that are communicated to vendors in a way they don't appreciate can result in no CVE being allocated for the vuln(s). while i guess it is bureaucratically legit (or is it?) it makes the CVE system an unreliable source of truth (more news at 11) https://t.co/zkt4iyOEXr

— blasty (@bl4sty) October 31, 2025

#SpyNews - week 44 (October 26-November 1):
A summary of 57 espionage-related stories from week 44 coming from 🇺🇸🇮🇱🇮🇷🇬🇷🇩🇪🇦🇺🇬🇧🇵🇸🇮🇹🇷🇺🇧🇾🇹🇷🇨🇦🇺🇦🇵🇱🇷🇴🇵🇰🇨🇳🇮🇳🇻🇪🇹🇹🇱🇻🇭🇰🇦🇿🇫🇷🇦🇲🇸🇦🇱🇧🇧🇪🇭🇺🇾🇪🇴🇲🇷🇸🇮🇶🇱🇰🇳🇱🇳🇬🇯🇵🇳🇴🇪🇸🇦🇹🇦🇪🇧🇹🇨🇭🇰🇷🇨🇺🇬🇾 https://t.co/iZDG1wRfJR#OSINT #HUMINT #SIGINT #spy #espionage

— Spy Collection (@SpyCollection1) November 2, 2025

I have a lot of respect for the technical abilities of Google Security but the approach of to open source software or no patches, 90 day deadlines and naming and shaming isn’t appropriate when combined with the publicity hoopla and potential scale of AI based bug finding.

— Sean Heelan (@seanhn) November 2, 2025

It’s been a while since I started poking around @patch1t post about "A New Era of macOS Sandbox Escapes"

It forced me to learn how to properly attack XPC helpers and step up my Objective-C kung fu.

I shared the caveats I faced and how to bypass them.https://t.co/JiADryowZd

— Tony Gorez (@tonygo_) November 1, 2025