See latest tweet

The guy writing the TeamPCP/CanisterWorm malware knows me by first name and is leaving little notes in his source code asking me to be nice💀 Somehow, he's finding time to read my ramblings between pushing new versions🙃

I'm amazed at Intel's ability to downplay the severity of published vulnerabilities. They described CVE-2018-3640 (Rogue System Register Read) as simply an ASLR bypass, but this vulnerability in fact allows the CPU internal CRBUS to be read (at least for Goldmont/Plus uarch)

If compliance auditors are too harsh, they’ll just lose business, and nobody will use them anymore, no? “They have a reputation to preserve” ah, the one they’ve built stroking ciso egos and not failing them We’ve built a profitable theater industry, and we are the performing

~150 S3 abandoned buckets. 8M+ requests. Two months. Software updates, binaries, VMs and more. This week, AWS rolled out namespaces for new S3 buckets - finally. This is why offensive security research is so important - to move the needle. https://t.co/PCuioOBL1K

Next month codebar will host the codebar Festival - 6 days of virtual deep-dive technical workshops, talks and panels on all things coding, career and well-being. Check it out here ➡️ https://t.co/48izQce74Q

Got my horse to water. Now for the easy part

Afroman wins legal battle over songs mocking US police

If you launch FreeBSD from the @awsmarketplace please be advised that I can now see your "Company name". I never used to be able to see this information, and have no intention of (ab)using it, but this is new. (And, of course, applies similarly with other Marketplace products.)

Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway

AWS Summit London next month anyone?

The new Canal+ trailer for the Japanese Grand Prix is so good #F1 #JapaneseGP

Kingfisher!

I see some weird things but this takes the biscuit. A vulnerability in the Companies House website, that let anyone view the private dashboard of any one of the five million registered companies, see directors' personal details. And modify them.

If we could just raise sea levels by 150 meters we get a backup Strait of Hormuz

i thought they already owned a social network for ai agents

Xint Code discovered a highly exploitable heap-buffer-overflow in PostgreSQL that existed for over 20 years. Our research team exploited this bug to claim $30,000 at ZeroDayCloud in December! Bug details are below

Disassemble Z80 instructions by changing the font https://t.co/PdWYMDz5U2

７／１９　結成十一周年記念LIVE 🇬🇧🌍 【LONDON降臨 -AG! 11th Anniversary Show-】2026 July 19 at Roundhouse, London #ATARASHIIGAKKO11thLONDON General tickets now on available 🔗 https://t.co/wJUQQqg3nJ

Honestly, this has been my go-to response for years. Whenever someone asks me "how can I get my developers to care about observability and look at production?", I say: ✨"Put them on call!"✨ I have softened in recent years, as I have come to understand that hand-me-down ops

🤯 Quarkslab spent five months trying to report vulns to security vendor Avira/Gen Digital but hit a deadlock because Gen Digital would only accept reports through their bug bounty platform (which required an NDA), so Quarkslab eventually just emailed the report and published