September 27, 2025
September 27, 2025
Precisely this: ๐
โ Dino A. Dai Zovi (@dinodaizovi) September 25, 2025
Understanding how something is built helps you understand how it can break. The best way to understand how something is built is to build it.
Without understanding how things work, security becomes a collection of superstitions and detached from reality. https://t.co/EPgxW9Vjzv
๐จ BAD news for Medical AI models.
โ Rohan Paul (@rohanpaul_ai) September 25, 2025
MASSIVE revelations from this @Microsoft paper.
๐คฏ Current medical AI models may look good on standard medical benchmarks but those scores do not mean the models can handle real medical reasoning.
The key point is that many models pass testsโฆ pic.twitter.com/y7K8Te2YAA
I just released Flareprox ๐ฅ
โ Luke Turvey (@TurvSec) September 26, 2025
A Cloudflare based Fireprox alternative that allows you to route HTTP traffic through Cloudflare, to gain mostly unique IP Addresses, to avoid detection and blocks. pic.twitter.com/kEGVZ90u57
GitHub - MrTurvey/flareprox: Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox
Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox - MrTurvey/flareprox
9/26/2025: Every week I share a curated list of red team-specific jobs (or similar) that caught my attention or were shared with me by others in the community. My goal is to help job hunters in the offensive security space find a red team-specific role.
โ Nick VanGilder (@nickvangilder) September 26, 2025
๐ Company + Role:โฆ pic.twitter.com/dPczM6x5Y0
A new Project Zero blogpost by @tehjh in which he writes about an interesting and little-known bug class that affected web browses, Linux and, most recently, macOS. The bug class can also be used for leaking pointer tag information in some scenarios. https://t.co/Y2xjSpOXqr
โ Ivan Fratric ๐๐ (@ifsecure) September 26, 2025
๐จ Security alert: Malicious "postmark-mcp" npm package is impersonating Postmark
โ Postmark (@postmarkapp) September 25, 2025
โ ๏ธ We had no involvement with this fake package
โ Official Postmark APIs remain secure
Always verify official resources, and for more information, please see our blog: https://t.co/ruUru04b53
๐จ ๐ช๐ฒ'๐๐ฒ ๐๐ป๐ฐ๐ผ๐๐ฒ๐ฟ๐ฒ๐ฑ ๐๐ต๐ฒ ๐ณ๐ถ๐ฟ๐๐ ๐บ๐ฎ๐น๐ถ๐ฐ๐ถ๐ผ๐๐ ๐ ๐๐ฃ ๐๐ฒ๐ฟ๐๐ฒ๐ฟ ๐ถ๐ป ๐๐ต๐ฒ ๐๐ถ๐น๐ฑ.
โ Koidex (@GetKoidex) September 25, 2025
It was only a matter of time. The postmark-mcp npm package (1,500+ weekly downloads) has been backdoored since v1.0.16 - silently BCCing every email to the attacker'sโฆ pic.twitter.com/QObEWrPH5j
Weekly summary is out..https://t.co/IQipUxdudR
โ Ollie Whitehouse (@ollieatnowhere) September 27, 2025
Our hacker movie podcast series is back! And we kicked things off with a banger: SNEAKERS. The great @dcuthbert joined @DennisF to break down this classic and its lasting effect on the hacker community. https://t.co/b8w4bm9z3R
โ Decipher (@DecipherSec) September 25, 2025
A bionic hand that can โreadโ brain signals and move independently of the body is opening new possibilities for people with disabilities. โจ#BrainTech #China pic.twitter.com/KKR5nJjYys
โ China Perspective (@China_Fact) September 24, 2025
This would be very cool if it is real. Video demos canโt be trusted, but hope springs eternalโฆ I want a robot hand that I can control with my mind that can move by itself. You could use the keyboard a trackpad and a mouse all at the same time.
My ongoing war with the HOA may be about to reach a new, critical phase. https://t.co/POQVkf25hJ
โ Sean T at RCP (@SeanTrende) September 26, 2025

OSS Morale Operations: The Story of Cornflakes, Pig Iron and Sheet Iron
โThe Story of Cornflakes, Pig Iron and Sheet Ironโ is a booklet produced and printed in Rome in April 1945 by the Office of Strategic Service Morale Operations.
โ Coinspect Security (@coinspect) September 26, 2025
Born too late to exploit MS08, born too early to deploy icebreakers in cyberspace, born just in time to trigger high severity EDR alerts
โ Josh (@passthehashbrwn) September 26, 2025