Quelques réflexions sur le pentest à l'ère de l'IA

moulinette.org/posts/ia-llm...

Ça va trop loin ce qu'on demande à l'IA

Vulnerability Research Is Cooked — Quarrelsome For the last two years, technologists have ominously predicted that AI coding agents will be responsible for a deluge of security vulnerabilities. They were right! Just, not for the reasons they…

Tom Ptacek posted a great writeup titled "Vulnerability Research Is Cooked", covering the state of vulndev and its rapidly accelerating future:
sockpuppet.org/blog/2026/03...

Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the ...

SCOOP: Proton Mail provided Swiss authorities with payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by 404 Media.

An Orange Cyberdefense report concludes that hacktivism has evolved from a form of digital protest into the realm of hybrid warfare

www.orangecyberdefense.com/global/blog/...

Danish parliamentarian Rasmus Jarlov speaking to MS NOW on Stephen Miller comments regarding Greenland: "I hope he’s kept away from young women, because that’s the mentality of a rapist. You can’t defend yourself, so I’m going to take you. That’s basically what he’s saying."

Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch Kelly "Aloria" Lum was 41 when she passed away in New York City. She was a beloved member of the cybersecurity community, particularly in the city.

For some reason I thought about Aloria today.

She was an inspiring woman, and this quote about her mental health struggles will always stick with me: “It’s a long hard road ahead sometimes, but that doesn’t mean that the journey isn’t going somewhere, and it isn’t worthwhile.”

A powerful reminder.

PSA: You don’t owe anyone an explanation about the health reasons why you are wearing a mask.

Badgering others about the tools they need to survive is stigmatizing and ableist, and should have no place in decent society.

"Keep absolutely still. Its vision is based on movement."

silent night YouTube video by Samuel Brémont

Ne faisons pas semblant, la spécificité de la nuit de Noël c'est justement qu'elle n'est pas spécialement silencieuse, et c'est pour ça qu'on l'aime bien.

Alors maintenant, quitte à ce qu'elle soit un peu sonore, qu'elle le soit bien. Non, mieux, REMARQUABLEMENT.

www.youtube.com/watch?v=noMh...

Jólakötturinn is huge, as big as if not bigger than a house, and only comes around for Christmas. Some say Jólakötturr (as sometimes shortened) is the pet of the a family of trolls known as the Yule Lads who are Santa’s helpers in Iceland. It’s also said that he has a particular taste for ungrateful children. The legend of the Jólakötturinn was not written down for publishing until the early 19th century. At first a more obscure countryside myth, the lore of Yule Cat has only grown since and is now internationally known and celebrated. It is theorized the practical purpose of this myth may have been to aid in wool production in earlier seasons of the year which children took part in helping with. ❄️❄️ ❄️❄️❄️

In Icelandic folklore Jólakötturinn, the Yule Cat, comes to eat those who do not wear their new clothes for Christmas. In this image, you can see somebody did not put on their new Christmas sweater. Or perhaps even more unfortunately, no one got them one!

More ... 👇

Sous-Marin SNLE-Maquette COBI Plongez dans l'univers mystérieux et stratégique de la Marine nationale avec ce modèle réduit de sous-marin nucléaire lanceur d'engins (SNLE). À l'échelle 1/300 et composé de 643 briques, cette pièce ...

Fruit de notre collaboration avec COBI Bricks et la @marinenationale.bsky.social , la maquette de SNLE est en réassort sur notre boutique !
Un cadeau de plus à mettre dans votre hotte…

shop.naval-group.com/fr/maquettes...

“The sky above the port was the color of television tuned to a dead channel.” — Neuromancer by @greatdismal.bsky.social , 1984.

flynnos.org/cyberpunks.h...

bsky.app/profile/lepa...

Je suis dans l'incompréhension, l'IA m'avait pourtant donné les chiffres gagnants du loto...

Drielandenpunt, NL/BE/DE

lolwifi.network really does point out the elephant in the cyber room. It’s not about WiFi it’s about security professionals understanding risk assessment.

Cloudflare is down which means that downdetector - the service people use to check if things are down - is also down.

Funny internet we are having now.

The deep problems with cybersecurity degree programs are significant and a whole other discussion. Cyber degrees usually fail to teach good foundations in computers. They become obsolete too fast. We know that and orgs are rapidly shifting to prefer CS, CE, and NE majors for juniors.

Hugo Stiglitz Introduction YouTube video by Quentin Tarantino Fan Club

Has there ever been a non-anime character intro as badass as that for Hugo Stiglitz???
www.youtube.com/watch?v=p2MW...

U.S. agencies back banning popular home WiFi device, citing national security risk The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from its China ties, people familiar with the matter said.

I testified to Congress that I believe the PRC operations prepositioning for disruptive effects in the US make it a bad idea to use TP-Link routers in millions of American homes. New reporting- the government appears to have reached the same conclusion!

www.washingtonpost.com/technology/2...

Overheard at #Pwn2Own: This exploit will take 1 second.

Seen at #Pwn2Own: PHP Hooligans take 1 second to run their exploit of the QNAP TS-453E.

They head off to the disclosure room to explain the hours of work that lead to that 1 second demo.

Grave, c'est une plaie

In the early 2000s we put a very simple chatbot based on Markov chains on a couple of IRC channels and let it learn from all messages. After a couple of weeks people got into fiery arguments with it because they expected a human and instinctively ignored telltale signs of a chatbot.

Certify 2.0 - SpecterOps Certify 2.0 features a suite of new capabilities and usability enhancements. This blogpost introduces changes and features additions.

The AD CS security landscape keeps evolving, and so does our tooling. 🛠️

Valdemar Carøe drops info on Certify 2.0, including a suite of new capabilities and refined usability improvements. ghst.ly/45IrBxI

2025 Summer Challenge: OCInception 🏆 Prizes Here are the prizes for the top three participants:

The latest Synacktiv Summer Challenge was in 2019, and after 6 years, it's back!
Send us your solution before the end of August, there are skills to learn and prizes to win 🎁
www.synacktiv.com/en/publicati...

Phrack #72 release reveals TTPs, backdoors and targets of a Chinese/North Korean state actor mimicking Kimsuky

A copy of his workstation is available for all researchers to analyze!

Article: data.ddosecrets.com/APT%20Down%2...
Data dump: ddosecrets.com/article/apt-...

GitHub - NCSC-NL/citrix-2025 Contribute to NCSC-NL/citrix-2025 development by creating an account on GitHub.

The Dutch cybersecurity agency has released a script to detect webshells typically installed by attackers exploiting the CitrixBleed2 vulnerability in Citrix NetScaler appliances

github.com/NCSC-NL/citr...

We now have a (draft) @metasploit-r7.bsky.social exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metas...

Ozzy Osbourne

Ozzy Osbourne has died at the age of 76, just weeks after his farewell show.