Okay CTA. This is a good sign.

TIL the Raspberry Pi firmware supports the storage of ECDSA private keys which allows the user-space to sign data.

I ported rpifwcrypto in Go to add the ability to sign ES256 JWT tokens and export public keys as JWKS or PEM to authenticate with external services.

github.com/ezoidc/go-rp...

Updates to GitHub Copilot interaction data usage policy From April 24 onward, interaction data from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out.

turn it off here github.com/settings/cop...

CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements An internal DHS document obtained by 404 Media shows for the first time CBP used location data sourced from the online advertising industry to track phone locations. ICE has bought access to similar t...

New from 404 Media: CBP tapped into the online advertising ecosystem to track peoples' movements, according to an internal DHS document. Shows for the first time DHS tracked phones via process for putting ads in ordinary apps—video games, fitness apps, many more www.404media.co/cbp-tapped-i...

nvm je sais pas lire “The policy change is separate and unrelated to Anthropic’s discussions with the Pentagon”

Anthropic ditches its core safety promise in the middle of an AI red line fight with the Pentagon | CNN Business Anthropic, a company founded by OpenAI exiles worried about the dangers of AI, is loosening its core safety principle in response to competition.

welp www.cnn.com/2026/02/25/t...

Even the internet's favorite dog account calls out Ring video cameras what they are: Mass surveillance.

Notepad++ have published an update to fix the software being hijacked by threat actors remotely: notepad-plus-plus.org/news/v889-re...

This was being abused by threat actors in China, a blog from mine from a week ago: doublepulsar.com/small-number...

New blog post: Don't fall into the anti-AI hype.

antirez.com/news/158

DHS Is Lying To You About ICE Shooting a Woman At least four videos show what really happened when ICE shot a woman in Minneapolis on Wednesday. DHS has established itself as an agency that cannot be trusted to live in or present reality.

New: DHS is lying to you.

At least four videos show what really happened when ICE shot a woman in Minneapolis. Shots clearly fired while vehicle already turning away from the officer. But DHS lied. Trump lied. Noem lied. Even judges have catalogued DHS' serial lying

www.404media.co/dhs-is-lying...

en.wikipedia.org/wiki/Text-ba...

TUIs are clunky and overrated

it must feel good for the LLM to glaze humans

happy yearly exposure to cable tv for those who celebrate

2025 Word of the Year: Slop Plus 'gerrymander', 'touch grass', 'performative', and other words that defined the year

bit.ly/453uzfx

Me: I want to have more friends

Tech companies:

After 404 Media's months-long reporting and pressure from lawmakers, the data broker owned by the U.S.’s major airlines will now shut down a program in which it sold access to hundreds of millions of flight records to the government and let agencies track peoples’ movements without a warrant.

Prompt injection to RCE in AI agents We bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.

Argument injection (and RCE) in three distinct AI agents

blog.trailofbits.com/2025/10/22/p...

beau ping

"an agent is simply an LLM call in a loop"

sure and a web server is just accept(2) in a loop

were u a good boi

something something “whatever happens in the US happens in Canada just 5 years later” 😬

becojo forcefield

oof this looks rough. see the original gif on tumblr
becojo.tumblr.com/post/7903614...

👀 bsky.app/profile/bsky...

Identifying birds using the Merlin Bird ID is real life Pokémon.

My writeup for @northsec.io CTF 2025's "Containers" reverse track:

merkletr.ee/ctf/2025/nse...

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.

👋 Hello Bsky! MontréHack is a bilingual, monthly cybersecurity workshop in Montreal where challenge designers present their CTF challenges and participants solve them.

Fellow cybersecurity folks: Make sure to follow @northsec.bsky.social if you came to bluesky from Twitter! Great conference in Montreal and probably the biggest on-site CTF in the world.