Notifications for deleted shouldn't remain in any OS notification database, and we've asked Apple to address this.
In the meantime, you can prevent any preview text from your Signal messages from appearing in your notifications.
Signal Settings > Notifications > Show “No Name or Content”
so far being a now-patched 27-year-old bug in OpenBSD—an operating system known primarily for its security. It also awakened a thousand year old demon spirit embedded in MS Windows 3.1 which foretold humanity's demise before escaping through a vent. We are working with Microsoft to address this issue.
I feel like we're not addressing the most concerning news from Mythos
Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations Ryan Babbush,1, ∗ Adam Zalcman,1, † Craig Gidney,1, ‡ Michael Broughton,1 Tanuj Khattar,1 Hartmut Neven,1 Thiago Bergamaschi,1, 2 Justin Drake,3 and Dan Boneh4 1Google Quantum AI, Santa Barbara, CA 93111, United States 2Department of Computer Science, University of California Berkeley, Berkeley, CA 94720, United States 3Ethereum Foundation, Zeughausgasse 7a, 6300 Zug, Switzerland 4Department of Computer Science, Stanford University, Stanford, CA 94305, United States (Dated: March 30, 2026) The expected emergence of cryptographically relevant quantum computers (CRQCs) will represent a singular discontinuity in the history of digital security, with wide ranging impacts. This whitepaper seeks to elucidate specific implications that the capabilities of developing quantum architectures have on blockchain vulnerabilities and potential mitigation strategies. First, we provide new resource estimates for breaking the 256-bit Elliptic Curve Discrete Logarithm Problem over the secp256k1 curve, the core of modern blockchain cryptography. We demonstrate that Shor’s algorithm for this problem can execute with either ≤ 1200 logical qubits and ≤ 90 million Toffoli gates or ≤ 1450 logical qubits and ≤ 70 million Toffoli gates. In the interest of responsible disclosure, we use a zero- knowledge proof to validate these results without disclosing attack vectors. On superconducting architectures with 10−3 physical error rates and planar connectivity, those circuits can execute in minutes using fewer than half a million physical qubits. We introduce a critical distinction between “fast-clock” (such as superconducting and photonic) and “slow-clock” (such as neutral atom and ion trap) architectures. Our analysis reveals that the first fast-clock CRQCs would enable “on-spend” attacks on public mempool transactions of some cryptocurrencies. We survey major crypto…
> We demonstrate that Shor’s algorithm...can execute with either ≤ 1200 logical qubits and ≤ 90 million Toffoli gates or ≤ 1450 logical qubits and ≤ 70 million Toffoli gates
research.google/blog/safegua...
quantumai.google/static/site-...
have you seen the new supply chain vuln? don't update tubu. it's literally on heebee. they got poodee's deps. they infiltrated dippy. roll back weeno. disable scripts in ~/.gumpyrc. it's in poob. do not install poob. do not update poob. uninstall poob right now. poob has it in for you.
2 panel comic. Panel 1. Balding man. "Gonk is this true?" Panel 2. Gonk Droid. "GONK."
Every day we wake up to more of this.
Hadn't realised that the third party review of Twitter's chat protocol had been published and wow github.com/trailofbits/...
Our digital systems reward belonging over accuracy, with people gaining status by aligning with their group, not by checking facts. Once beliefs become tied to identity, more media literacy won’t shift behaviour, the social rewards run against work against it.
my latest investigation for @consumerreports.org is based on months of reporting and 60+ lab tests of leading protein supplements
we found that most protein powders and shakes have more lead in one serving than our experts say is safe to have in a day (🧵)
www.consumerreports.org/lead/protein...
Workday discloses "third-party CRM" breach... most likely their Salesforce account
blog.workday.com/en-us/protec...
Exciting! MLS e2ee messaging with fingerprints in Bluesky bios (to prevent silent bindings) and pre-keys in PDS.
Kinda wish the key was published in the DID document though, especially if one day plc.directory will become a tlog. (Basically free KT!)
www.germnetwork.com/blog/integra...
New from 404 Media: we spoke to the researcher who found hackers can remotely trigger brakes on American trains. Says was ignored for years, DHS confirmed. "All of the knowledge to generate the exploit already exists on the internet, AI could even build it for you." www.404media.co/hackers-can-...
Just to clear up some misinfo, a BGP hijack was not the cause of Cloudflare DNS going down today.
At 21:51 UTC, Cloudflare (AS13335) withdrew both 1.1.1.0/24 and 1.0.0.0/24 for an unknown reason.
I suspect AS4755 was always announcing 1.1.1.0/24, when CF went away, it leaked a bit (%2).
Activision has pulled a Call of Duty game after multiple reports of PC players having their computers hacked. An old insecure version of the game was reportedly uploaded to the Microsoft Store 😬 www.theverge.com/news/702255/...
Today’s unsigned, unexplained #SCOTUS ruling clearing the way for removals of migrants to third countries without any additional process is a disaster—not just on the merits, but because of the government misbehavior that it not only refuses to punish, but effectively rewards.
Me, via “One First”:
Here's something I am very excited about: Photosynthesis! 🌱☀️
A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.
This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.
this is actually how my cursed Online brain read the post
A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.
Most engineers aren’t taught how to write secure code or catch threats after deploy.
Detection engineering used to be limited to experts. Now anyone can do it with prompts, Goose, and the Panther MCP server. 💪
block.github.io/goose/blog/2...
New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers.
One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."
Our latest investigation…
I'm often asked if I'll redo the 2019 quantum factoring estimate. Denser storage by yokes, smaller magic factories by cultivation, slimmer approx arithmetic by Chevignard et al… surely the cost is lower now?
Yes, it's lower now.
security.googleblog.com/2025/05/trac...
arxiv.org/abs/2505.15917
SCOOP: In Feb, federal agencies "lost" many #FOIA requests but you probably had no idea. It turns out that the FOIAs disappeared due to an "insider threat attack" by 2 employees at a software company who were previously convicted of hacking into the State Dept
🧵
🎁 www.bloomberg.com/news/article...
DHI
New: Docker Hardened Images 🔐
✅ Non-root by default
✅ SLSA Level 3 compliant
✅ SBOMs, VEX, provenance — all signed
✅ Built-in to Docker Hub
👉 http://spklr.io/63323CAqR
#Docker #DevSecOps #SoftwareSupplyChain #Containers #CloudNative #DockerHardenedImages
DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server micahflee.com/ddosecrets-p...
Time to update microcode on your Intel processors (gen >9)
new speculative prediction bug lets you capture /etc/shadow with 99% reliability. They didn't make anything like it work on AMD or ARM, yet...
comsec.ethz.ch/research/mic...
www.intel.com/content/www/...
github.com/intel/Intel-...
Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs. My findings are based on TM SGNL's source code, and they are corroborated by hacked data micahflee.com/despite-misl...
TeleMessage, the Israeli company that makes the modified Signal app used by Trump officials, was hacked. “I would say the whole process took about 15-20 minutes,” the hacker said micahflee.com/the-signal-c...
PhD Timeline xkcd.com/3081
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
