🚨 BREAKING: Chat Control BLOCKED in EU! 🎉 Germany just refused to back the EU's mass surveillance "Chat Control" regulation after public pressure! This blocks the required majority in the EU Council and derails next week's planned vote. NICE JOB EVERYONE! 💪

Recently I was fortunate to visit the beautiful Berlin Cathedral in Germany. While walking the steps to the overlook of a church built in 1894, I found… loss.

crowdstrike.com/en-us/security… fully agree with Kevin

The annoying thing about finding a vulnerability in Azure is that you pretty much HAVE to disclose it. Even though it’s not my job, and there’s no guarantee of payment or acknowledgment, if I *don’t* submit it there’s a real chance an adversary will use it against our society.

New on Hacking the Cloud! Shoutout to Taylor for adding an article on Google Apps Script persistence! hackingthe.cloud/gcp/avoid-dete…

“Stunt on them hoes” - SwiftOnSecurity, 2025

🚨 Apple's Bounty Program just got a massive upgrade: top awards increasing BIGLY (now up to $2M for zero-click exploits), new "Target Flags" system pays researchers immediately upon verification, and now pays out $1K for low-impact finds Coming November 9to5mac.com/2025/10/10/app…

A personal update... after nearly 20 years at Google, today is my last day! I'm going to be working on independent research for the foreseeable future, then who knows! I've worked with so many talented people, made so many friends and seen incredible research over the years 🫡

The end of an era. If you don’t know what Tavis (and the P0) has contributed to and changed the vulnerability research community, let me give you just an example: if not because of Tavis and P0, we’d be still waiting 6 or 12 months to get a Windows or Office bug patched.

"Do you plan to report the attacks to the vendor before your presentation?" Me:

SSRF is just asking the person outside the gas station to buy you beer before you're 21

🚀 New Jellyfin release: 10.11! ⚠️ NOTE: There is a big migration in this release. See the blog for details! jellyfin.org/posts/jellyfin… Updates are available at your preferred download method and repo.jellyfin.org.

It is weird that AWS published this ominous security bulletin 2 weeks ago and we still haven't seen any research published related to it. aws.amazon.com/security/secur…

😈 Copilot Studio agents are great for users... and attackers! Check out our deep-dive on why you should be careful to trust unknown agents, plus background on upcoming app consent changes that will help prevent our demo scenario. securitylabs.datadoghq.com/articles/cophi…

Filming ICE activities and arrests is the most American thing you could possibly do. The pinnacle of First Amendment protected action.

Today in homebuyer’s remorse: water intrusion in the basement. Yay!

Side note: Thermal cameras are worth the cost. Maybe the most useful thing I’ve bought.

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. Microsoft told BleepingComputer they plan on fixing it in a future update. bleepingcomputer.com/news/security/…

Look y'all! Katie Knowles is in the news again 🤩

cemaxecuter Lμke Swi☨zer 🅅 Seed studio ESP32 S3 with SX1262 LORA in a kit that looks made for drones. $12 USD