Signal feed
Latest notes
Lots of CVEs for Google Chrome were published last night and they link here:
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html
Which currently doesn't show anything for me. But if you are on Chrome <149.0.7827.53 maybe update that shit.
Can someone make sure this works before I use it to protect my blog?
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
I know people here probably don't want to rehash the disclosure discussion for the 683,547,329th time, but fuck Microsoft and this passive aggressive bullshit trying to frame their own interests as "best practices" in a vuln mitigation publication. Your shit is getting torn apart. Act like you've been there before because we all know you have.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
@feld @Bumblefish Well that makes sense. 
Randomly thinking about the person on here who said they have a cheese drawer. Like a whole drawer dedicated to cheese. It makes me want to reevaluate my priorities.
@Bumblefish I've not heard it called that. TIL.
@feld Aww, that's no fun.
RE: https://swecyb.com/@orlysec/116534940626646604
I'm too tired to troll the whole "FreeBSD had a vuln ZOMG" thing so maybe some of you would rather do it today.
@feld It's all in your GETs. IDK if they do anything with those web logs but they're there if they wanted to. Which is probably fine for most people, just not something people seem to discuss.
Reminder: To run CyberChef locally, you don't need to do any fancy installation. You can download the latest version ( currently v11.0.0 as of this morning ), unzip it somewhere locally, and save CyberChef_v11.0.0.html to your bookmarks. Easy peasy. And you stop sending them all your data and recipes.
https://github.com/gchq/CyberChef/releases/download/v11.0.0/CyberChef_v11.0.0.zip
I assumed this was a 1 April publication but nope, it appears to be real. My favorite part is how it basically pretends IPv6 doesn't exist except for a couple mentions of basically "no one likes v6."
@munin CVEs go 📈 to justify moar shiny security things
"AI is giving attackers a huge advantage!"
"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."
@reverseics Quick stab.
That's some Magic Quadrant leadership right there.
RE: https://mastodon.social/@threatlandscapemonitoring/115884714685497019
live
AI copilot
threat intelligence
$99 / month
Maybe consider blocking threatlandscape.io and threatlandscape.ai and donate that money to @jerry and his platform instead. I assume they're mostly just scraping fedi for their "intel" anyway.
We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect