Evariste
@evaristegal0is.bsky.social
🏳️🌈🦄 don't drink and root 🦄🏳️🌈
Pinned
Feels like CVE-2025-64512 is underrated. It can literally be used to run arbitrary code in markitdown (84k ⭐️ on GitHub) and other projects, ingesting a crafted file.
github.com/luigigubello...
github.com/luigigubello...
Reposted by Evariste
Le auto che si guidano da sole fanno molti meno incidenti
Le auto che si guidano da sole fanno molti meno incidenti
I dati su una delle più grandi sperimentazioni negli Stati Uniti mostrano come siano più sicure e coinvolte in meno incidenti mortali
ilpost.link
December 18, 2025 at 9:15 AM
Le auto che si guidano da sole fanno molti meno incidenti
Reposted by Evariste
Introducing Pathfinding.cloud, a library of privilege escalation paths in AWS
securitylabs.datadoghq.com/articles/int...
by @sethsec.bsky.social
securitylabs.datadoghq.com/articles/int...
by @sethsec.bsky.social
December 17, 2025 at 10:29 PM
Introducing Pathfinding.cloud, a library of privilege escalation paths in AWS
securitylabs.datadoghq.com/articles/int...
by @sethsec.bsky.social
securitylabs.datadoghq.com/articles/int...
by @sethsec.bsky.social
Reposted by Evariste
🚨 THE FINAL EIGHT 🚨
We’ve made it to the quarter finals — only two days away from crowning a winner for Worst Person in Tech 2025.
Don’t miss your chance to vote!
🗳️ Cast your ballot: twsu.forms.app/wpit2025-qf
We’ve made it to the quarter finals — only two days away from crowning a winner for Worst Person in Tech 2025.
Don’t miss your chance to vote!
🗳️ Cast your ballot: twsu.forms.app/wpit2025-qf
December 17, 2025 at 2:16 PM
🚨 THE FINAL EIGHT 🚨
We’ve made it to the quarter finals — only two days away from crowning a winner for Worst Person in Tech 2025.
Don’t miss your chance to vote!
🗳️ Cast your ballot: twsu.forms.app/wpit2025-qf
We’ve made it to the quarter finals — only two days away from crowning a winner for Worst Person in Tech 2025.
Don’t miss your chance to vote!
🗳️ Cast your ballot: twsu.forms.app/wpit2025-qf
Reposted by Evariste
you, uh, do not crowdsource investigate a potential security incident in public. least of all when it pertains to peoples' offline identities and real-world locations.
this could have been handled with a private group of maintainers, but was not.
this could have been handled with a private group of maintainers, but was not.
December 16, 2025 at 11:11 PM
you, uh, do not crowdsource investigate a potential security incident in public. least of all when it pertains to peoples' offline identities and real-world locations.
this could have been handled with a private group of maintainers, but was not.
this could have been handled with a private group of maintainers, but was not.
suggerimento per la vita: non leggetevi i commenti youtube sotto le canzoni dei national se non volete sotterrarvi
December 16, 2025 at 12:56 PM
suggerimento per la vita: non leggetevi i commenti youtube sotto le canzoni dei national se non volete sotterrarvi
Reposted by Evariste
Despite what some adults seem to think, teenagers are fully human.
December 15, 2025 at 2:40 AM
Despite what some adults seem to think, teenagers are fully human.
Reposted by Evariste
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
GUAC: Mapping Software Relationships for Supply Chain Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 15, 2025 at 9:28 PM
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
Reposted by Evariste
I just got my first Grokipedia hit through Google Search. Not a good sign for the future of the internet.
December 15, 2025 at 6:03 PM
I just got my first Grokipedia hit through Google Search. Not a good sign for the future of the internet.
This is a good point, but it doesn't answer the original question, I guess
The field of cryptography in general has had a lot of contributions from the cryptocurrency world
December 15, 2025 at 4:29 PM
This is a good point, but it doesn't answer the original question, I guess
Ransomware payments and highly-inflation protection, in some cases
Genuine question: what's the most practical application for blockchain or crypto?
December 15, 2025 at 3:45 PM
Ransomware payments and highly-inflation protection, in some cases
Il titolo più bello e intellettualmente onesto del mese.
🧵 Federico Rampini commenta un articolo ritirato da Nature senza capire niente
www.valigiablu.it/rampini-natu...
www.valigiablu.it/rampini-natu...
Federico Rampini commenta un articolo ritirato da Nature senza capire niente - Valigia Blu
Rampini cita il ritiro di uno studio sul clima come prova dell’esistenza di “scienziati-sacerdoti”, ma i fatti raccontano altro: lo studio pubblicato su Nature è stato ritirato volontariamente dagli s...
www.valigiablu.it
December 15, 2025 at 3:40 PM
Il titolo più bello e intellettualmente onesto del mese.
Reposted by Evariste
I have grown to believe that excessive wealth does something to your brain that is analogous to a serious head injury
December 15, 2025 at 6:03 AM
I have grown to believe that excessive wealth does something to your brain that is analogous to a serious head injury
Sadness in personal life makes you more highly productive at work, to escape reality; let's hope capitalism doesn't see this
December 15, 2025 at 1:58 PM
Sadness in personal life makes you more highly productive at work, to escape reality; let's hope capitalism doesn't see this
Reposted by Evariste
🇮🇹 We’ve just dropped an updated version of the 𝗗𝗜𝗦𝗜𝗡𝗙𝗢𝗥𝗠𝗔𝗧𝗜𝗢𝗡 𝗟𝗔𝗡𝗗𝗦𝗖𝗔𝗣𝗘 𝗜𝗡 𝗜𝗧𝗔𝗟𝗬, part of EU DisinfoLab’s work mapping how disinformation shows up across Europe 🇪🇺
💛 Grazie ✍️ Maria Giovanna Sessa and Mattia Caniglia
🔗 www.disinfo.eu/publications...
🌍 Full series www.disinfo.eu/publications...
💛 Grazie ✍️ Maria Giovanna Sessa and Mattia Caniglia
🔗 www.disinfo.eu/publications...
🌍 Full series www.disinfo.eu/publications...
December 15, 2025 at 11:03 AM
🇮🇹 We’ve just dropped an updated version of the 𝗗𝗜𝗦𝗜𝗡𝗙𝗢𝗥𝗠𝗔𝗧𝗜𝗢𝗡 𝗟𝗔𝗡𝗗𝗦𝗖𝗔𝗣𝗘 𝗜𝗡 𝗜𝗧𝗔𝗟𝗬, part of EU DisinfoLab’s work mapping how disinformation shows up across Europe 🇪🇺
💛 Grazie ✍️ Maria Giovanna Sessa and Mattia Caniglia
🔗 www.disinfo.eu/publications...
🌍 Full series www.disinfo.eu/publications...
💛 Grazie ✍️ Maria Giovanna Sessa and Mattia Caniglia
🔗 www.disinfo.eu/publications...
🌍 Full series www.disinfo.eu/publications...
Reposted by Evariste
Mossad has no legitimate claim to investigate on behalf of all Jewish people. Mossad is the foreign intelligence service of a state, the State of Israel. Just the fact that the Israeli executive, of which Mossad is part, already has a narrative about this, disqualifies Mossad even in principle.
December 15, 2025 at 9:10 AM
Mossad has no legitimate claim to investigate on behalf of all Jewish people. Mossad is the foreign intelligence service of a state, the State of Israel. Just the fact that the Israeli executive, of which Mossad is part, already has a narrative about this, disqualifies Mossad even in principle.
Reposted by Evariste
I just want things to get better, for once
I am so fucking tired
I am so fucking tired
December 15, 2025 at 4:04 AM
I just want things to get better, for once
I am so fucking tired
I am so fucking tired
Reposted by Evariste
Nobody - NOBODY - should go back to the Nazi bar. Let them perish.
December 15, 2025 at 7:54 AM
Nobody - NOBODY - should go back to the Nazi bar. Let them perish.
Reposted by Evariste
boys, i might be down 200k...
December 15, 2025 at 6:37 AM
boys, i might be down 200k...
This.
Cybersecurity isn't like the movies; it's mostly about preventing internal mistakes, handling tickets, and preparing for audits. Exciting incidents are rare, and coordination with other teams to communicate effectively is key. Calm, routine days mean the team is doing well.
Seasoned professionals: any surprise advice to people who want to get into CS?
I will go first.
I have been in the industry for nearly 20 years and have come across many who want to get into the industry thinking CS is all about sitting in a war room and catching hackers but...
reddit.com
December 15, 2025 at 6:19 AM
This.
mi sembra di essere tornato al 2007 ai tempi di forumfree, tutte le persone care ormai le sento su signal, esco di casa solo per buttare la spazzatura, passo il tempo libero a leggere codice per rilassarmi: forse è questa la felicità
December 13, 2025 at 3:44 PM
mi sembra di essere tornato al 2007 ai tempi di forumfree, tutte le persone care ormai le sento su signal, esco di casa solo per buttare la spazzatura, passo il tempo libero a leggere codice per rilassarmi: forse è questa la felicità
Reposted by Evariste
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
saelo.github.io
November 24, 2025 at 9:58 AM
I've uploaded the slides of my recent talk "JS Engine Security in 2025": saelo.github.io/presentation.... I think there'll also be a recording available at some point (otherwise I can make one as not everything's in the slides).
Fantastic conference as usual, big thanks to the PoC Crew!
Fantastic conference as usual, big thanks to the PoC Crew!
Reposted by Evariste
New paper out in @science.org! We unveil the online manipulation market with the Cambridge Online Trust & Safety Index (COTSI). We show in real time the cost of purchasing fake accounts across every social platform around the world - so they can be held accountable
www.science.org/doi/10.1126/...
www.science.org/doi/10.1126/...
Mapping the online manipulation economy
A market perspective on digital manipulation may help improve online trust and safety
www.science.org
December 11, 2025 at 7:05 PM
New paper out in @science.org! We unveil the online manipulation market with the Cambridge Online Trust & Safety Index (COTSI). We show in real time the cost of purchasing fake accounts across every social platform around the world - so they can be held accountable
www.science.org/doi/10.1126/...
www.science.org/doi/10.1126/...
nothing practical is the best learning, tools and technologies are ephemeral, theory and rfc are here to stay: learn how to read an rfc or a standard and you can hack forever
MSc in Cybersecurity is teaching me nothing practical, any advice?
MSc in Cybersecurity is teaching me nothing practical, any advice?
Hey r/cybersecurity,
I'm currently at the start of a master's in Cybersecurity after finishing a bachelor's in computer engineering, and I'm starting to worry a bit. While the theory is interesting...
reddit.com
December 12, 2025 at 6:22 PM
nothing practical is the best learning, tools and technologies are ephemeral, theory and rfc are here to stay: learn how to read an rfc or a standard and you can hack forever
Reposted by Evariste
Excellent way to confront an administration official here.
Secretary Noem tried to tell me that she hasn’t deported any veterans. I introduced her to one.
December 12, 2025 at 4:44 PM
Excellent way to confront an administration official here.