Socialk@s

While the Linux Kernel is quickly becoming “Vibe Coded”, many other Open Source projects are outright banning all AI / LLM contributions. QEMU - “Policy is to DECLINE any contributions which are believed to include or derive from AI generated content.” NetBSD - AI generated code is “presumed to be tainted code, and must not be committed.” Zig - Total ban on using AI in any way. “No LLM-generated content”, “No LLMs for translation.”, “No LLMs for finding bugs.”, “No talking about use of chatbot/LLM services.” OBS Studio - “Code must be human written.”

Creator of C++, Bjarne Stroustrup: AI-generated code isn't ready — it generates more bugs, more bloat, more security holes, and is nearly impossible to validate "senior developers are already retiring rather than deal with it" The problem is that even a small prompt change can shift the entire codebase in unpredictable ways

working in cybersecurity nowadays: > wake up > read "new critical vuln just dropped" > summon dev and SRE in the incident channel > patch, scan, rotate secrets, redeploy > check logs to make sure you are not already cooked > take a deep breath and go to sleep > wake up > read "new critical vuln just dropped"... WELCOME TO THE AI ERA

‼️🚨 One of the world's largest Certificate Authorities, DigiCert, was compromised by a malicious screensaver file sent through a customer support chat. Their antivirus blocked the malware four times. The agent kept clicking. The fifth try got through. 27 code signing certificates were stolen and used to sign malware. DigiCert ultimately revoked 60 certificates. Per DigiCert's incident report, filed in Mozilla's CA compliance tracker as Bug 2033170, here is how it unfolded: April 2: an attacker contacted a DigiCert helpdesk agent through the company's customer support chat channel, posing as a customer. The lure was a zip file pitched as a screenshot. Inside the zip was a .scr file. On Windows, .scr files are executables, and this one carried a malicious payload. Opening a file a customer sent through the official support channel is what an agent is supposed to do. Support staff are the one role designed to accept files from strangers. DigiCert's endpoint security blocked four infection attempts. On the fifth, the support analyst's machine was infected. DigiCert detected the infection, ran an investigation, and concluded the incident was contained. Eleven days later, an external researcher tipped DigiCert off about misuse of DigiCert-issued code signing certificates in the wild. That tip led to the discovery of a second compromised machine, belonging to a different support analyst, infected through the same vector. The EDR on that machine had not been functioning correctly, so the original investigation missed it. The second machine gave the attacker access to DigiCert's internal support portal. That portal lets support staff reach limited views of customer accounts, including initialization codes for ordered but not-yet-issued code signing certificates. Combining a stolen initialization code with an approved order let the attacker pull a real, validly issued code signing certificate. They did this 27 times. DigiCert's own list of what went wrong: - File-type filtering on the customer support chat channel did not catch the .scr - EDR coverage was inconsistent and incomplete, creating a blind spot - Initialization codes for code signing certificates were not adequately protected DigiCert says it got lucky. An outside researcher found the malware abuse before DigiCert did. Without that tip, the second machine and the active certificate theft might still be running today.

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: https://t.co/f5G6KnEv35 Write-up: https://t.co/W86Pz2PC6C GitHub: https://t.co/zAMTC6nTRk It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

RFID hacking community in 2026: * Still cloning employee badges in 0.8 seconds * Companies still using 125kHz like it’s 2005 * Me, explaining to security teams that their $40k access control is worth about tree fiddy We’re not the villains, we’re the unpaid penetration testers. Change my mind. #RFID #Hacking #CyberSec

The latest Proxmark3 release is called BREAKMEIFYOUCAN! Not a random name. That is the actual 3DES factory default key NXP burned into every MIFARE Ultralight C they shipped since 2008. Somebody finally broke it properly. The paper drops the keyspace from 2^112 down to 2^28. Counterfeit cards fall in under 60 seconds from a single card interaction. The tooling is merged: https://t.co/2CYKrRdv22 #Proxmark3 #RFID #NFC #MifareUltralightC #NXP #OpenSource

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread