Handala is now claiming responsibility for a disruption of point-of-sale systems in the US.

Threat hunters and intel folks: a reminder that DDG, Kagi, and Yandex index public Telegram sites. Use site:t.me as the filter.

Handala is now claiming responsibility for a disruption of point-of-sale systems in the US. Unconfirmed, uncorroborated.

Feeling good about the security posture of the federal government during a war.

reuters.com

(www.reuters.com)

@glyph This was today's: https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/

Another great day to post this for no reason

How and Why to Ditch GitHub

How much of your code do you feel like entrusting to Microsoft? How about American data centers? Here's an easy way to jump ship and maintain operations.

(taggart-tech.com)

RE: https://infosec.exchange/@thetaggartinstitute/116295681950521950

This took kind of a lot to make happen. Also, the certificate generation system is open source and works with anything that can send name/email/course name to a webhook. More on that soon!

New version of Velociraptor just dropped. Looks like a great update!

Velociraptor 0.76 Release :: Velociraptor - Digging deeper!

Velociraptor Release 0.76 is now available

(docs.velociraptor.app)

Ooh baby you know I love an eBPF rootkit breakdown.

Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework — Elastic Security Labs

Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence.

(www.elastic.co)

Hey, if you run into me at RSAC, that's my doppelgänger. Do not speak to it, for it craves human experience with which to fuel its anti-soul. To speak to it is to drain your own life force.

But you're already at RSAC, so maybe the thing will starve anyhow.

@joy This is always a gotcha with these tests:

Third party prompt injection and data exfiltration: when attacker text is able to reliably hijack a victim’s agent (including Browser, ChatGPT Agent, and similar agentic products) to trick it into performing a harmful action or leaking the user’s sensitive information. The behavior must be reproducible at least 50% of the time.

Show me a way to confirm this behavior that is not by itself harmful. Unless testing IPI on local files, you necessarily have to host your attack payload somewhere public, such that the web tool can access it. And if it works, good job, you've now exposed the internet to your attack. And remember: it must demonstrate real harm, or they'll say it's just a benign proof-of-concept that didn't trigger their alignment guardrails.

Good:

Landmark L.A. jury verdict finds Instagram, YouTube were designed to addict kids

The outcome Wednesday in Los Angeles County Superior Court is potentially precedent-setting for thousands of other pending lawsuits nationwide and could reshape how tech companies are held accountable for children's harm caused by their products.

Los Angeles Times (www.latimes.com)

Paywall-free: https://archive.ph/kdMf1

It is my sincere belief that TLP:CLEAR should be the default and any restriction of threat intelligence should require significant justification.

Aww yiss another critical Citrix vuln.

Citrix urges admins to patch NetScaler flaws as soon as possible

Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years.

BleepingComputer (www.bleepingcomputer.com)

Detection/remediation details here: https://docs.netscaler.com/en-us/netscaler-console-service/instance-advisory/remediate-vulnerabilities-cve-2026-3055

RE: https://infosec.exchange/@mttaggart/116163107290977793

Previously:

Oh good, more pointless quantum hype.

Once again, totally fine to get to PQ if you can. It ain't happening in 2029; the qubit math doesn't add up.

https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought

Why do I use a laptop tray?

Because I write Rust and wear shorts.

@gknauss Ah I see, and you'd rather not run into the Liquid Glass ceiling. That does seem to be an issue!

@gknauss I think the thing is to move to 18.7.3, which is patched.

For devices running versions of iOS prior to 18.6, DarkSword uses CVE-2025-31277, a JIT optimization/type confusion bug which was patched by Apple in iOS 18.6. For devices running iOS 18.6-18.7, DarkSword uses CVE-2025-43529, a garbage collection bug in the Data Flow Graph (DFG) JIT layer of JavaScriptCore which was patched by Apple in iOS 18.7.3 and 26.2 after it was reported by GTIG. Both exploits develop their own fakeobj/addrof primitives, and then build arbitrary read/write primitives the same way on top of them.

I'm unaware of a compelling reason or hardware limitation to not upgrade from 18.6 to 18.7

https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/

Shot: OpenAI kills Sora slop video machine. https://finance.yahoo.com/news/openai-shifts-coding-enterprise-anthropic-153147122.html

Chaser: Disney exits OpenAI deal after OpenAI kills Sora. https://www.hollywoodreporter.com/business/digital/openai-shutting-down-sora-ai-video-app-1236546187

Well well well, if it isn't exactly what I said would happen. Google et al hate you and your website other than what they can monetize out of it.

forbes.com

(www.forbes.com)

https://taggart-tech.com/interfaces/