🚨 ElevenLabs charges $5 to $99/month for AI voice cloning. Their Business plan costs $1,320/month.
Someone open sourced a voice AI that clones any voice from a short clip. 30 languages. Studio quality. Free.
It's called VoxCPM2.
Give it a short clip of anyone's voice. It clones their accent, emotion, tone, and pacing. Then generates any speech you want in their exact voice. 48kHz studio quality.
Type "A young woman, gentle and sweet voice" and it creates that voice from scratch. No reference audio. No voice actor. No recording. You describe a voice in words. It builds it.
2 billion parameters. Trained on 2 million hours of speech. 30 languages.
One command to install: pip install voxcpm
Here's what VoxCPM2 does:
→ Voice Design: describe any voice in words. Gender, age, tone, emotion, pace. AI creates it from nothing. No reference audio needed.
→ Voice Cloning: upload a short audio clip. AI clones the voice perfectly. Timbre, accent, rhythm, pacing.
→ Controllable Cloning: clone a voice AND control the emotion. "Slightly faster, cheerful tone." Done.
→ Ultimate Cloning: provide audio + transcript. Every vocal nuance faithfully reproduced.
→ 30 languages. Arabic, Chinese, English, French, German, Hindi, Japanese, Korean, Spanish, and 21 more. No language tags needed.
→ Context-aware. It reads the text and adjusts emotion and rhythm automatically. News sounds like news. Stories sound like stories.
→ Real-time streaming. RTF as low as 0.13 on an RTX 4090. Faster than playback speed.
→ Runs on 8GB of VRAM.
→ Fine-tune with 5 to 10 minutes of your own audio using LoRA. Build a custom voice model.
→ 48kHz output. Studio quality. No external upsampler needed.
Here's the wildest part:
On the Minimax-MLS voice similarity benchmark:
→ English: VoxCPM2 scores 85.4%. ElevenLabs scores 61.3%.
→ Chinese: VoxCPM2 scores 82.5%. ElevenLabs scores 67.7%.
→ Arabic: VoxCPM2 scores 79.1%. ElevenLabs scores 70.6%.
A free, open source model is producing more realistic voice clones than a service that charges up to $1,320/month.
Professional voice actors charge $250 to $1,000+ per project. AI voice platforms charge $5 to $100/month. Recording studios charge $200/hour.
This runs on your GPU. Locally. No API costs. No per-character pricing. No subscription. Free forever.
Already hit #1 on GitHub Trending. Built by OpenBMB and Tsinghua University. 2 billion parameters. Apache 2.0 License. Free for commercial use.
100% Open Source.
Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0
Someone going by "wwwiesel" on GitHub picked up @securitymeta_’s tradition this year and dropped a full list of #BlackFriday deals in the #InfoSec space
Online Courses & Training
- 8kSec Academy
- AI Security Professional Course
- Altered Security
- Belkasoft
- Blu Raven Academy
- Career Hacking Quest
- CloudBreach
- Cyber Plumber's Lab
- CyberWarFare Labs
- DevSecOps Pro
- DNS for Developers
- Evilginx Mastery
- Hack The Box Pro Labs
- HackSmarter
- HackTricks Training
- Hexordia
- Invictus IR Academy
- Invictus CloudLabs
- LetsDefend
- Mobile Hacking Lab
- OffSec Learn One
- OPSWAT Academy
- Pluralsight
- Practical DevSecOps
- Practical TLS
- http://pwn[.]guide
- CyberNow (SOC Analyst)
- TCM Academy
- TheXero
- Vantage Point / Enciphers
- White Knight Labs
- WiFiChallenge Academy
- ZeroPoint Security
Exams
- The SecOps Group
Mini Courses
- SecDim
Books
- The CloudSec Engineer
Hardware
- Hak5
- KSEC Labs
Professional Services
- Wortell
Tools
- Burp Bounty Pro
- Burp Bounty Go
- FullStro
- Grammarly Pro
- PortDroid
- Proton Mail / VPN / Pass / Drive
- HTTP Toolkit
- http://SEOengine[.]ai
- SubtitleBee
- WebsiteVoice
Services
- Grayhat Warfare
- AirVPN
- CyberGhost VPN
- Proton (second listing in file)
- NordVPN
- Tuta Mail
- InMotion Hosting
- IPVanish VPN
Misc
- Neato Stickers
URL: https://t.co/MX7WkVjmPh
Today we are releasing our FREE educational course: "Intro to Exploit Dev"!
This course is perfect for those trying to start exploit dev and covers:
- Tooling
- Fuzzing
- Exploitation techniques
- And more!
You can take the course here: https://t.co/kejXkinsGR
Moonlock 2024 macOS Threat Report is here!
🧠AI-powered malware makes advanced attacks accessible to anyone.
💻 Malware-as-a-Service starts at $1,500/month.
📈 Stealer malware surges, targeting Keychain & crypto wallets.
Dive into the full report:
https://t.co/uBspnYBx2i
🚨 #DFIRtips 🚨
Today, during an investigation, I found a registry key that proved to be extremely useful in identifying the execution of a malicious executable: HeapLeakDetection!
You can find it in the Software hive, specifically at HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications.
This registry key is interesting because its subkeys refer to all the executables that have been detected by RADAR technology for real-time memory leak detection.
Each subkey has its own LastDetectionTime which tells us the last time a memory leak occurred and which executable was affected.
Even though it is not particularly well-known, this artifact could sometimes turn your investigation around, especially when the threat actor tries to erase their tracks by deleting the most common artifacts (Prefetch files, evtx logs, etc.)
[screenshots from my test machine]
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/7ygwWXY0pd
Highlights include:
⚡ Escaping from DocumentRoot to System Root
⚡ Bypassing built-in ACL/Auth with just a '?'
⚡ Turning XSS into RCE with legacy code from 1996
Great blog post by @ReynardSec_en on how to harden your #Docker platform. It's a step-by-step guide with a lot of useful tips and tricks. Check it out!
https://t.co/QWpUhb41JX
#infosec