10 repositorios de GitHub para clonar cualquier voz con IA
Guárdalos. Cada uno copia una voz a partir de unos segundos de audio y la hace decir lo que tú escribas. Lo que ElevenLabs te cobra cada mes, aquí lo tienes gratis y abierto.
Iran cut 99% of its internet for 88 days straight.
Every VPN. Every proxy. Every tool.. died.
But one open-source project survived it all.
it's called MasterDnsVPN. It smuggles your entire internet through port 53.
It hides your traffic inside DNS queries, the one packet type no firewall on earth can block without breaking the internet itself.
when 99% of international bandwidth was physically severed, this kept users connected to the global web by disguising traffic as normal DNS queries.
this is what open-source was built for.
Claude Code is vibecoded and full of spyware, it's possible Anthropic doesn't even know what's in there. After reading this report, we are banning it from our systems and strongly encourage other enterprises to do the same. It is an unacceptable security risk.
Claude Code v2.1.196 modifies the default system prompt to silently encode and upload information about whether if you are located in China to Anthropic.
‼️ BREAKING: Anthropic has embedded hidden spyware-like code in Claude Code that covertly targets Chinese users. It then sends information regarding every user by injecting it into their prompt message.
Claude Code is sending info like timezone, proxy and possible AI Lab connections into the system prompt in ways Chinese users can't notice.
A coding agent with repo and command permissions should not silently hide routing metadata inside prompts. This is a serious breach of user trust.
🚨 CVE-2026-55200 now has public PoC code.
The libssh2 flaw lets a malicious SSH server trigger memory corruption in a connecting client.
> No credentials
> No user interaction
> Affected through libssh2 1.11.1
The real cleanup problem is finding bundled and static copies in curl, Git, PHP, and appliances.
Learn more ➝ https://t.co/yAzGSfzm1H
UN DESARROLLADOR ACABA DE HACER LO QUE GOOGLE LLEVA AÑOS IGNORANDO
Creo un navegador en Rust pensado especificamente para automatizar tareas, web scraping y agentes de IA
> Consume 30MB de RAM
> Las paginas cargan en 85ms
> Bloquea +3.500 trackers automaticamente
> Evita anuncios, analitica y scripts de tracking
Se llama Obscura
Y tiene algo que Chrome jamas va a tener
Cada sesion genera una huella digital diferente. GPU, canvas, audio, bateria... todo randomizado
Los detectores no pueden atraparlo porque se comporta exactamente como Chrome real
Es un reemplazo directo de Puppeteer y Playwright
Sin Nodejs. Sin dependencias. Un solo binario
Tiene +16k estrellas en GitHub. 100% open source. Gratis
Guardalo para no perderlo 👇
🚨 SOMEONE JUST BUILT TORLINK — A SLEEK TERMINAL-NATIVE TORRENT CLIENT THAT SEARCHES EVERY TRUSTED SOURCE AT ONCE AND DOWNLOADS STRAIGHT TO YOUR DISK.
Tired of sketchy torrent sites packed with fake buttons, popups, and dead links? torlink fixes that.
Type a query (or paste a magnet), and it hits a curated list of trusted sources in parallel — FitGirl (games), YTS, 1337x, EZTV, Nyaa, SubsPlease & more. Results stream in live with sizes and seed counts. Arrow + d to download.
Highlights:
• One command: npx torlnk (just needs Node)
• Background queuing + resume support
• Auto-seeds by default (easy toggle)
• Clean keyboard TUI — nothing leaves your machine except torrent traffic
Perfect for grabbing games, movies, TV, or anime without the usual headache. MIT open source, zero setup, and stupidly simple.
This is the terminal tool power users have been waiting for.
Who’s trying this on their next download? 🔥
Since V8 had heap sandbox, Chrome renderer RCE usually means chaining 2 bugs
Today we bring the Spear of Longinus
1 bug, 100% success, no heap spray, found in 40+ major versions, arbitrary renderer read/write + V8 sandbox escape
Our CVE-2026-6307 writeup https://t.co/zPnCJ4y0R3
LLMs can now autonomously generate fully functional Mythic C2 agents from a single prompt. Built, tested, and deployed in under 2 hours. No human in the loop.
SpecterOps built a framework called Oracle that takes a prompt, generates the agent code, compiles it, deploys it to a Mythic server, tests every command against a live Windows target, runs QA validation, and ships a release build.
Tested across Python, Go, Zig, C#, and Rust. Every generated agent is unique and disposable.
If every engagement gets a fresh LLM-generated agent, static signatures and YARA rules are fundamentally unable to keep up. Defenders need to rethink detection around behaviour, not artifacts.
https://t.co/pDxFso5wtk
Author: @_xpn_@SpecterOps
#RedTeam #ThreatIntel #InfoSec
Burp Suite Pro harganya $475 setahun. Gila kan.
Nemu alternatif gratis, namanya Hetty. Open-source HTTP toolkit buat pentesting dan bug bounty.
Lo bisa intercept HTTP/HTTPS real-time, modify resend request, replay traffic, sampe manage multiple project. Semua lewat interface web.
Yang bikin enak, gak ada license atau paywall. Satu binary file, langsung jalan di Windows, Linux, macOS. Gak ribet.
Buat yang lagi belajar web security atau mulai bug bounty, worth banget dicoba. Lo fokus nyari vuln, bukan mikirin langganan tools.
Google told a security researcher his bug was a 'nice catch', lined up his payout, then eleven days later called it harmless and refused to pay.
The bug, which the researcher named ConfigConfusion, is an unpatched flaw in Google Config Connector that he says lets anyone with basic Kubernetes access grant themselves owner rights over an entire Google Cloud organization. Google's stated reason for the reversal was that the tool works as designed, and it declined to assign a CVE.
Months on, there is still no patch. Google's own docs recommend running Config Connector with organization-level permissions, so plenty of teams are exposed.
4 days ago we launched Jailbroken, a PRIVATE Discord community to learn AI red teaming and safety.
Since then:
- Over 250 security researchers joined
- Top resources have been collected
- People shared countless techniques and discoveries
Today, we've secured over 100B in FREE AI tokens for all the members.
If you want to join, drop a comment.
ŞU ANDA EN ETKİLİ BECERİLERDEN BİRİ TERSİNE MÜHENDİSLİK
Bir yazılımın kaynak koduna ihtiyacın yok.
Binary'yi alıyorsun.
Assembly'ye çeviriyorsun.
Fonksiyon fonksiyon okuyorsun.
İçindeki mantığı çıkarıyorsun.
Buna tersine mühendislik deniyor.
Bu yöntemle:
• 4 milyar dolarlık siber saldırı durduruldu
• NSA'nın gizli silah deposu ifşa edildi
• 3 milyon otel kilidi kırıldı
• Ülkeler birbirinin savaş uçağını kopyaladı
Teknik tarafı, araçları ve gerçek örnekleri anlatayım.