Amen to that — expensive and typically mediocre

OMG, Spotify Wrapped is so unhinged

Anyone else been getting these #M365 #Copilot phishing/social engineering notifications?

It looks like, based on these criteria, I'm in an abusive relationship with my own government.

The UK Home Office confirms they’ve been hacked. And the UK government thinks Digital ID is a good idea? They can’t even protect their own systems, as seen time and time again. Maybe focus on basic cybersecurity before asking for the keys to your citizens entire lives.

Excited to announce that I haven’t done anything in 2 weeks

🎁 A New Year’s gift to the geospatial community: a brand-new QGIS plugin that unlocks access to 80+ petabytes of satellite imagery and geospatial datasets with zero coding required. In my first video of 2026, I’m excited to share what might be one of the most powerful QGIS

This Microslop meme is now ready for 2026 😂

Article Summary: How to fix your entire life in 1 day

Unsafe Active Directory permissions I commonly find during internal pentests and how to find them yourself. 🧵 A quick rundown, starting with my favorite...

We fine-tuned an 8B model to pop a GOAD domain…using only synthetic training data. No real networks. No frontier model distillation. Just a world model that simulates AD environments and generates realistic pentesting trajectories. See how shane and Max Harley did it:

Kali just published a guide on piping pentesting tools through Claude's API and didn't mention data security once. You're sending scan results, target info, and potentially sensitive findings to a third party LLM. "The Most Advanced Penetration Testing Distribution" should

Not a week passes that I don't find more evidence that Copilot was a rush job from Microsoft and has serious limitations for enterprises. learn.microsoft.com/en-us/purview/…

I used to get upset at testing EDRs, thinking that we were just burning high-end tradecraft forever, but ironically corporate greed has ensured that a lot of orgs can't afford to get those bespoke detections even though they could just be purple teamed for free using Graylog.

I see some weird things but this takes the biscuit. A vulnerability in the Companies House website, that let anyone view the private dashboard of any one of the five million registered companies, see directors' personal details. And modify them.

they rewrote CS2 in Rust

Companies House has put out a statement confirming that, for five months, every company in the UK was vulnerable to the simple exploit we identified on Friday. It enabled anyone in the world to view and change their company details.

The UK's censorship agency, Ofcom, issued 4chan with a giant fine today. We responded to Ofcom with a giant hamster today.