Bill
@sempf.infosec.exchange.ap.brid.gy
I break web applications. Front man for the cover band Thundersnow.
🌉 bridged from ⁂ https://infosec.exchange/@Sempf, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://infosec.exchange/@Sempf, follow @ap.brid.gy to interact
"In a long social-media post yesterday, Mike Johnson challenged Pope Leo XIV’s understanding of Christian Scripture, detailing how his study of the Bible leads him to the “Biblical case for border security and immigration enforcement.”"
Apparently representative Johnson's religious training did […]
Apparently representative Johnson's religious training did […]
Original post on infosec.exchange
infosec.exchange
February 4, 2026 at 3:23 PM
"In a long social-media post yesterday, Mike Johnson challenged Pope Leo XIV’s understanding of Christian Scripture, detailing how his study of the Bible leads him to the “Biblical case for border security and immigration enforcement.”"
Apparently representative Johnson's religious training did […]
Apparently representative Johnson's religious training did […]
Oh look, more AI bugs. But hey, it's in docker and no one uses that.
Isn't docker needing AI like my oven needing internet?
https://www.infosecurity-magazine.com/news/dockerdash-weakness-dockers-ask/
#genai #docker
Isn't docker needing AI like my oven needing internet?
https://www.infosecurity-magazine.com/news/dockerdash-weakness-dockers-ask/
#genai #docker
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
www.infosecurity-magazine.com
February 4, 2026 at 4:46 AM
Oh look, more AI bugs. But hey, it's in docker and no one uses that.
Isn't docker needing AI like my oven needing internet?
https://www.infosecurity-magazine.com/news/dockerdash-weakness-dockers-ask/
#genai #docker
Isn't docker needing AI like my oven needing internet?
https://www.infosecurity-magazine.com/news/dockerdash-weakness-dockers-ask/
#genai #docker
Hopefully it links to the executive's chair that made these shitty decisions for Mozilla and sends a little jolt every time it is turned off.
https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html
#mozilla #genai
https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html
#mozilla #genai
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage individual AI features if you choose to use them. This
thehackernews.com
February 4, 2026 at 4:41 AM
Hopefully it links to the executive's chair that made these shitty decisions for Mozilla and sends a little jolt every time it is turned off.
https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html
#mozilla #genai
https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html
#mozilla #genai
Hack more AI shit.
February 4, 2026 at 1:07 AM
Hack more AI shit.
Presented without comment.
February 3, 2026 at 9:53 PM
Presented without comment.
Six hundred grand for a pen test? Yeah, ok the accomodations weren't great but picky picky.
https://www.darkreading.com/cybersecurity-operations/county-pays-600k-wrongfully-jailed-pen-testers
#pentesting #legal
https://www.darkreading.com/cybersecurity-operations/county-pays-600k-wrongfully-jailed-pen-testers
#pentesting #legal
February 3, 2026 at 4:32 AM
Six hundred grand for a pen test? Yeah, ok the accomodations weren't great but picky picky.
https://www.darkreading.com/cybersecurity-operations/county-pays-600k-wrongfully-jailed-pen-testers
#pentesting #legal
https://www.darkreading.com/cybersecurity-operations/county-pays-600k-wrongfully-jailed-pen-testers
#pentesting #legal
Someone made a documentary about joybubbles! Phone phreaks for the absolute win.
https://decipher.sc/2026/02/02/phreaks-and-geeks-joybubbles-and-the-pre-history-of-hacking/
#history #hacking
https://decipher.sc/2026/02/02/phreaks-and-geeks-joybubbles-and-the-pre-history-of-hacking/
#history #hacking
Phreaks and Geeks: Joybubbles and the Pre-History of Hacking - Decipher
The proto hacker whose innate ability, curiosity, and absolute joy in the act of discovery is conveyed so artfully in the new documentary Joybubbles.
decipher.sc
February 3, 2026 at 4:30 AM
Someone made a documentary about joybubbles! Phone phreaks for the absolute win.
https://decipher.sc/2026/02/02/phreaks-and-geeks-joybubbles-and-the-pre-history-of-hacking/
#history #hacking
https://decipher.sc/2026/02/02/phreaks-and-geeks-joybubbles-and-the-pre-history-of-hacking/
#history #hacking
I am gonna have to tear a corner off of my appsec card. I canNOT get this GitHub public key to work.
February 3, 2026 at 3:35 AM
I am gonna have to tear a corner off of my appsec card. I canNOT get this GitHub public key to work.
Hey y'all I think @Gabrielle stumbled on a real life active disinformation campaign. If anyone is advising someone who is looking at a move to Canada, you should know this bullshit is out there.
And WILD, huh? "Hey, we need people to be scared of leaving, so can we start making shit up?" […]
And WILD, huh? "Hey, we need people to be scared of leaving, so can we start making shit up?" […]
Original post on infosec.exchange
infosec.exchange
February 3, 2026 at 1:30 AM
Hey y'all I think @Gabrielle stumbled on a real life active disinformation campaign. If anyone is advising someone who is looking at a move to Canada, you should know this bullshit is out there.
And WILD, huh? "Hey, we need people to be scared of leaving, so can we start making shit up?" […]
And WILD, huh? "Hey, we need people to be scared of leaving, so can we start making shit up?" […]
Is the job market starting to turn around? I've received maybe a half-dozen decently written, directly focused requests to interview for real positions that are out there from organizations that I know at least in passing. It seems like I haven't seen that since last summer, maybe earlier.
It's […]
It's […]
Original post on infosec.exchange
infosec.exchange
February 2, 2026 at 6:42 PM
Is the job market starting to turn around? I've received maybe a half-dozen decently written, directly focused requests to interview for real positions that are out there from organizations that I know at least in passing. It seems like I haven't seen that since last summer, maybe earlier.
It's […]
It's […]
Everyone go right now and revoke applications in your personal github that you are no longer using.
February 1, 2026 at 3:01 AM
Everyone go right now and revoke applications in your personal github that you are no longer using.
Hey I got a great idea lets change POINT's whole application pentesting process in a weekend. That sounds like fun dunnit?
February 1, 2026 at 2:07 AM
Hey I got a great idea lets change POINT's whole application pentesting process in a weekend. That sounds like fun dunnit?
Oh, awesome, Discount Schacht is making federal appsec decisions now. That'll turn out well, I'm certain!!!
https://www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
#SBOM #uspol
https://www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
#SBOM #uspol
January 30, 2026 at 4:47 AM
Oh, awesome, Discount Schacht is making federal appsec decisions now. That'll turn out well, I'm certain!!!
https://www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
#SBOM #uspol
https://www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
#SBOM #uspol
The @eff is setting up a push for e2e encryption. Worth doing.
https://encryptitalready.org/
#eff #privacy
https://encryptitalready.org/
#eff #privacy
Encrypt It Already
End-to-end encryption protects the privacy of your data.
encryptitalready.org
January 30, 2026 at 4:41 AM
The @eff is setting up a push for e2e encryption. Worth doing.
https://encryptitalready.org/
#eff #privacy
https://encryptitalready.org/
#eff #privacy
I was shocked when my wife ran into this giant recall of 2000 items, some of which we use! And she was reading it to me I'm thinking "wow I haven't seen one of those kind of recalls in a long time this place must have been a mess." […]
Original post on infosec.exchange
infosec.exchange
January 29, 2026 at 11:12 PM
I was shocked when my wife ran into this giant recall of 2000 items, some of which we use! And she was reading it to me I'm thinking "wow I haven't seen one of those kind of recalls in a long time this place must have been a mess." […]
Ok this one is pretty cool. A C2 client written in JScript (!) so is an more easily interact with bugs in older Microsoft software.
https://thehackernews.com/2026/01/china-linked-hackers-have-used.html?m=1
#JScript #malware
https://thehackernews.com/2026/01/china-linked-hackers-have-used.html?m=1
#JScript #malware
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake updates & web injections.
thehackernews.com
January 29, 2026 at 4:42 AM
Ok this one is pretty cool. A C2 client written in JScript (!) so is an more easily interact with bugs in older Microsoft software.
https://thehackernews.com/2026/01/china-linked-hackers-have-used.html?m=1
#JScript #malware
https://thehackernews.com/2026/01/china-linked-hackers-have-used.html?m=1
#JScript #malware
My doorbell woke me up this morning to tell me that it was so cold it couldn't doorbell anymore.
January 28, 2026 at 12:27 PM
My doorbell woke me up this morning to tell me that it was so cold it couldn't doorbell anymore.
Dark reading has some thoughts on MITRE and the CVE. I may agree.
https://www.darkreading.com/cybersecurity-operations/hand-cve-over-to-private-sector
#cve #uspol
https://www.darkreading.com/cybersecurity-operations/hand-cve-over-to-private-sector
#cve #uspol
January 28, 2026 at 4:10 AM
Dark reading has some thoughts on MITRE and the CVE. I may agree.
https://www.darkreading.com/cybersecurity-operations/hand-cve-over-to-private-sector
#cve #uspol
https://www.darkreading.com/cybersecurity-operations/hand-cve-over-to-private-sector
#cve #uspol
They reset the doomsday clock to 85 seconds til midnight.
Someone page @krypt3ia
Someone page @krypt3ia
January 27, 2026 at 6:19 PM
They reset the doomsday clock to 85 seconds til midnight.
Someone page @krypt3ia
Someone page @krypt3ia
Interesting writeup by Google about Microsoft's new RBAC replacement for home windows devices.
https://projectzero.google/2026/26/windows-administrator-protection.html
#google #microsoft
https://projectzero.google/2026/26/windows-administrator-protection.html
#google #microsoft
January 27, 2026 at 4:51 AM
Interesting writeup by Google about Microsoft's new RBAC replacement for home windows devices.
https://projectzero.google/2026/26/windows-administrator-protection.html
#google #microsoft
https://projectzero.google/2026/26/windows-administrator-protection.html
#google #microsoft