Lightnews — Scholar-powered news

Reposted by Nicolas Grégoire

OffensiveCon @offensivecon.bsky.social · 7h

🚨 Save the Date for #offensivecon26

Mark your calendars, spread the word, and stay tuned for when registrations open!

📍 Hilton Berlin
🧠 Trainings: 11–14 May 2026
🎤 Conference: 15–16 May 2026

Visit 🔗offensivecon.org for more details.

2 2

Reposted by Nicolas Grégoire

Kim Zetter @kimzetter.bsky.social · 5h

CISA: Nation-state hacker has compromised F5’s systems and stolen a portion of its BIG-IP source code and vulnerability info, giving them ability to study the code for zero-day vulnerabilities. "This cyber threat actor presents an imminent threat to federal networks using F5 devices and software"

ED 26-01: Mitigate Vulnerabilities in F5 Devices | CISA

Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security

www.cisa.gov

10 12

Reposted by Nicolas Grégoire

Andy Greenberg @agreenberg.bsky.social · 1d

Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: www.wired.com/story/satell... 🧵👇

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data

With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypte...

www.wired.com

20 460 890

Nicolas Grégoire @agarri.fr · 1d

🎂🎂🎂

Nicolas Grégoire @agarri.fr · 2d

Gecko Security stole some vulnerabilities published, among others, by Fuzzing Labs 😱 They also asked for CVE IDs 🤡

Check if your research is impacted too! www.notion.so/fuzzinglabs/...

6

Reposted by Nicolas Grégoire

Kim Zetter @kimzetter.bsky.social · 5d

Apple announces new payouts for certain types of bugs - company will pay up to $2 million for anyone disclosing a chain of bugs that could be abused for spyware like Pegasus, as well as bonus awards for exploits that can bypass Lockdown Mode or are found while Apple software is still in beta testing

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits

With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.

www.wired.com

1 12 25

Nicolas Grégoire @agarri.fr · 5d

In case you're looking for something nice to read this weekend

Paged Out #7 has been released pagedout.institute

Paged Out!

Deeply technical zine. And it's free.

pagedout.institute

3

Nicolas Grégoire @agarri.fr · 5d

What a shame for Deloitte!!

apnews.com/article/aust...

Deloitte to partially refund Australian government for report with apparent AI-generated errors

Deloitte Australia will partially refund the Australian government for a report filled with apparent AI-generated errors.

apnews.com

1 2

Reposted by Nicolas Grégoire

Tom Quinn @tomquinn.bsky.social · 5d

Kidnapped in international waters, extraordinary rendition to a genocidal state, and then imprisoned indefinitely.

You'd think this would trigger the immediate expulsion of the Israeli Ambassador for these inexcusable actions against an Australian citizen.

Dave Earley @earleyedition.bsky.social · 5d

An Australian woman who has not agreed to sign a waiver acknowledging she sought to 'illegally break Israel’s naval blockade' on Gaza will be “indefinitely detained” in Israel’s Ketziot prison unless she agrees to sign the waiver.

Australian woman on pro-Palestinian aid flotilla will be ‘indefinitely detained’ by Israel unless she signs waiver

Madeleine Habib, who captained the Conscience ship, was arrested by Israeli forces on 8 October and detained in Israel’s Ketziot prison

www.theguardian.com

3 170 320

Nicolas Grégoire @agarri.fr · 5d

AppSec Ezine - 607th edition #AppSec #Security

pathonproject.com/zb/?53e6a08f...

AppSec Ezine

pathonproject.com

3

Nicolas Grégoire @agarri.fr · 11d

I’m just a reposter…

Ask simps0n on X, he is the guy maintaining the ezine

x.com/simps0n

尺Ξn4tø 尺ødɿiguΞ5ǃ͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗͗ ็็้้้ (@simps0n) / X

x.com

1 1

Nicolas Grégoire @agarri.fr · 11d

Afaik this ezine doesn’t have a RSS feed

1

Nicolas Grégoire @agarri.fr · 11d

AppSec Ezine - 606th edition #AppSec #Security 🤖

pathonproject.com/zb/?eaf34249...

AppSec Ezine

pathonproject.com

1 2 2

Reposted by Nicolas Grégoire

Nicolas Grégoire @agarri.fr · 14d

The ticketing for @grehack.bsky.social opened one hour ago, and my Burp Suite Pro workshop is already full booked 😎

a cartoon drawing of a person singing into a microphone with the words sold out behind them

ALT: a cartoon drawing of a person singing into a microphone with the words sold out behind them

media.tenor.com

2 7

Nicolas Grégoire @agarri.fr · 14d

The ticketing for @grehack.bsky.social opened one hour ago, and my Burp Suite Pro workshop is already full booked 😎

a cartoon drawing of a person singing into a microphone with the words sold out behind them

ALT: a cartoon drawing of a person singing into a microphone with the words sold out behind them

media.tenor.com

2 7

Reposted by Nicolas Grégoire

Molly White @molly.wiki · 16d

You would think the obvious solution to "the volunteer-powered project we all train our AI models on for free isn't adequately twisting reality to our political views" would be "... and so we stopped training on it" and not "... and so we will force the volunteers to bend to our will"

8 99 940

Nicolas Grégoire @agarri.fr · 17d

Same, it’s always a pleasure!

1

Nicolas Grégoire @agarri.fr · 17d

Seriously enjoyed my first time at the Romhack conference! 🤩 🇮🇹

Next year, there’s the Romhack camp, and I’m looking forward giving it a try ⛺️

romhack.io/romhack-camp...

RomHack Camp 2026

The second edition of RomHack Camp is scheduled for September 2026, follow us to stay updated!

romhack.io

1 4

Reposted by Nicolas Grégoire

💥 leonjza @leonjza.bsky.social · 17d

Romhack was absolute 🔥! The conference, the community, the vibe - all of it was just something else. Special mention to merlos1977@x and the CybersaiyanIT@x team for making the speaking experience excellent too. 🙃

1 7

Reposted by Nicolas Grégoire

Marco Ivaldi @raptor.infosec.exchange.ap.brid.gy · 17d

“When you’re using a cloud proxy, you’re importing everyone else’s technical debt into your website” — @albinowax

1 2

Reposted by Nicolas Grégoire

Tanner Rowlett @trowlett0.bsky.social · 21d

GUIFuzz++ is the first general-purpose fuzzer for desktop GUI software! Fuzzing by translating AFL++ random input into user interaction with GUIs, leading to the discovery of 23 new bugs!

Paper: futures.cs.utah.edu/papers/25ASE.pdf
Source: github.com/FuturesLab/GUIFuzzPlusPlus

Go test some GUIs!

1 11 17

Reposted by Nicolas Grégoire

Zack Whittaker @zackwhittaker.com · 19d

Since moving to Ghost, all of my past newsletters are now readable at this.weekinsecurity.com. That's 7+ years of cyber history documented weekly since mid-2018.

That's also 7+ years of reader-submitted cyber cats (and friends)! 🐈‍⬛

Please consider subscribing for extra articles, analysis, and more.