CIRCLE WITH A DOT

@Xavier Hopefully I remember to look this toot up in a few years ;-).

@Gnuxie Along with Tigerbeetle, was one of the flagship Zig projects

@mttaggart @catsalad Drones + thermite.

OH, and FWIW the White House runs WordPress on nginx and likely has a plugin running that causes the weak nginx rewrite rule to be needed.

Mac Neo by the (fascinating) numbers: https://www.jdhodges.com/blog/macbook-neo-benchmarks-analysis/

@mttaggart Yep. Also last two weeks is: patch faster (to keep baddies exploiting just published X), patch slower with cooldowns (to prevent supply-chain shit hitting your environment) or patching doesn't really matter (as marketing-driven AI is finding new vulns all the time). I think I'll just keep preparing to run any nasty code in my env...

@gerrymcgovern A state governed by white Republicans with deregulation as a religion. Not surprised. When their electric bills quadruple, they will blame Obama.

It would be an order of magnitude increase from existing data centre energy consumption: about 13,140 terawatt hours annually, just for these programs Assuming lower energy, around 17% of world energy consumption. Fewer calls? 7% I don't think the sheer inefficiency of thesesystems is well known.

This new Nginx vuln is worth some scrutiny. A heap buffer overflow that can lead to service restart and, on systems with ASLR, code execution. Patches available.https://discourse.ifin.network/t/cve-2026-42945-heap-buffer-overflow-in-nginx/441

We are tracking the new Nightmare Eclipse exploits, and we even have some listed IoCs from the code/repo files for you.https://discourse.ifin.network/t/chaotic-eclipse-nightmare-eclipse-drops-two-windows-0days/437#ThreatIntel #ThreatIntelligence #IFIN

The most exciting thing for me is that I can finally get back to making #Obsidian plugins. I too was daunted by waiting in the review queue Now you can get a plugin into Obsidian within 24 hours.https://obsidian.md/blog/future-of-plugins/

https://github.com/Nightmare-Eclipse/YellowKeyNow why would I say this is a backdoor ? The component that is responsible for this bug is not present anywhere (even in the internet) except inside WinRE image and what makes it raise suspicions is the fact that the exact same component is also present with the exact same name in a normal windows installation but without the functionalities that trigger the bitlocker bypass issue. Why ? I just can't come up with an explanation beside the fact that this was intentional. Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.

If you or someone you know has received Instructure #Canvas-themed phishing messages, we want to hear about it! Samples welcome, but also any other circumstances.Something seems phishy about the claim that no data is out in the open.

@ifin @misp No worries! That's what I figured it was

#Holos is available on #FDroid https://f-droid.org/packages/social.holos.app/A huge thank you to the F-Droid team for their invaluable help!#HolosSocial

RE: https://infosec.exchange/@ifin/116558531955700753This has evolved to impact 170 packages, including those from Mistral and OpenSearch.

RE: https://infosec.exchange/@ifin/116558531955700753Here we go again

TanStack, a popular web UI framework has had its NPM packages compromised by another installment of Mini Shai-Hulud.https://discourse.ifin.network/t/mini-shai-hulud-strikes-again-tanstack-npm-packages-compromised/428#ThreatIntel #ThreatIntelligence #IFIN

This thing has spread to UiPath packages.... that's a major business automation company and this thing just went nuclear just because all the sensitive places where UiPath is used