Fara-7B is our first agentic small language model for computer use. This experimental model includes robust safety measures to aid responsible deployment. Despite its size, Fara-7B holds its own against larger, more resource-intensive agentic systems: https://t.co/lT9m0uH4gQ

I made a human-readable CSV lookup file that maps coordinates to their country code. This one has an accuracy of 30km

The *full* Python Documentary will be released this Thursday (Aug 28) at 10am PDT / 19:00 CET. More at https://t.co/ifkBoVOkxX Don't miss the online release party / chat! @TECHDOCU

A new attack on Linux is challenging everything we thought we knew. We found malware hidden not in the content, but in the filename itself. Read the full analysis. https://t.co/rBNo97GRSM

Finally, with @hw16, we managed to bypass the @Cloudflare mTLS protection after around 5 days of work. I'd like to share a few golden tips for bug bounty hunters who might face something similar in the future. But first, here's a quick summary: The target was a banking app with

Good read : Exploring Javascript events & Bypassing WAFs via character normalization

Today, we're announcing our first hosted infrastructure product: pyx, a Python-native package registry. We think of pyx as an optimized backend for uv: it’s a package registry, but it also solves problems that go beyond the scope of a traditional "package registry".

Still my favorite set of redirects. So many "hackers" probe these basic wordpress routes. Always nice to give them a pleasant distraction 😄

You didn’t click, but your password challenge is leaked. I’m excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. https://t.co/ssA9YdBE6J

we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) + chat history + future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA @tamirishaysh

We (+@ronenshh) hacked NVIDIA's Triton AI server by abusing a single error message🚨 The result is unauthenticated RCE allowing attackers to compromise the server and steal proprietary AI models🤯 For more details & mitigations check out our blog @wiz_io https://t.co/v5kpI1eedL

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: https://t.co/fxAIXNXsEr

Je sais que la procédure civile, c'est pas sexy, ça n'intéresse personne hormis les professionnels et la presse spécialisée. Sachez juste que le gouvernement va permettre, dans tous les litiges civils à partir du 1er septembre, …

We found a new container escape affecting all container runtimes using @NVIDIA GPUs. The crazy part? The exploit is just three lines long 🤯 This is the story of #NVIDIAScape 🧵👇

Nuxt 4.0 is here at last … and it's all about DX ✨ 🗂️ app/ directory for better organisation 🔄 smarter data fetching ⚡️ a faster CLI with socket communication 🔧 improved TypeScript integration ... and a smooth upgrade experience. 💚 https://t.co/Jvf5DOGzE9

Google has just used AI and threat intel to foil a zeroday before it could launch. Working from artifacts gathered by GTIG, Big Sleep was used to identify a vuln before actors could ramp up exploitation. It doesn’t get much better than this in intel.

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

some guy at Mastercard prompt injected a job posting and just days later it tricked somebody’s ai 😂

How Anthropic built its multi-agents system. Interesting read.

>changes their EULA to allow spyware >makes their best game free on steam >people realize its spyware and review bomb it Masterful gambit Mr. Gearbox and Take Two