For a long while I have believed that in every generation there are a few souls, call them lucky or cursed, who are simply born not belonging, who come into the world semi-detached, if you like, without strong affiliation to family or location or nation or race;
this fever makes me wish that pluribus season 2 is here. i think the combination between faithful manousos and smart ass carol is epic. they literally pick complex characters to build with and this is how story become masterpiece
One of the most shocking discoveries in computer architecture wasn't a CPU bug, it was that repeatedly accessing memory could corrupt other memory.
That vulnerability became known as RowHammer.
For decades, DRAM was assumed to be reliable as long as software interacted with it through the standard memory interface.
Then, in 2014, researchers showed that simply repeatedly activating ("hammering") the same DRAM row could induce bit flips in physically adjacent rows.
Why?
Each DRAM bit is stored as electrical charge in a tiny capacitor. As DRAM cells became smaller and more densely packed, repeatedly opening and closing one row introduced enough electrical disturbance that neighboring rows could lose charge faster than expected.
If a neighboring cell lost sufficient charge before it was refreshed, its stored value could flip from 0→1 or 1→0.
This wasn't caused by defective RAM or buggy software.
It was a hardware disturbance effect emerging from the physics of modern DRAM scaling.
What made RowHammer revolutionary was that researchers realized these bit flips weren't just reliability issues, they could become security vulnerabilities.
Subsequent work demonstrated attacks that could:
• Escalate privileges
• Break isolation between applications and virtual machines
• Corrupt sensitive data structures
• Trigger bit flips from environments as restricted as JavaScript (on vulnerable systems and browsers at the time)
The industry responded with several mitigations:
• Increased refresh rates (with performance and power costs)
• Target Row Refresh (TRR) in newer DRAM devices
• ECC memory, which improves reliability but is not a complete defense against sophisticated RowHammer attacks
Even today, RowHammer remains an active area of research. New attack techniques such as TRRespass, Blacksmith, Half-Double, and more recent work continue to demonstrate that some mitigation strategies can be bypassed under certain conditions.
The lasting impact of RowHammer wasn't just exposing a vulnerability.
It fundamentally changed how computer architects viewed DRAM.
Memory was no longer considered a perfectly reliable storage medium. Its analog electrical behavior could directly affect system correctness, reliability, and security.
Sometimes the most critical security vulnerability isn't hidden in millions of lines of software.
It's hidden in the physics of the hardware itself.
I ran Ornith (9b 8Q) on my laptop (AMD Ryzen 5 7530U - 16GB DD4 memory). No harness or tools, just a straight prompt. It made a single mistake, which I caught immediately and reported back...it fixed it!
This is proof. Open weight models are going to be good enough very soon, even on average hardware. For some of us, it is all we need (just being honest, if a model can write GoL, it is as smart as I need it to be)...
every jewish or israeli founder in crypto has to contend with conspiracy theories about being "deeply tied to israeli interests"
this only happens in crypto and i'm sick of pretending it's not a thing
if you're a spanish founder no one would accuse you of being a co-conspirator of the spanish government but if you're jewish then your project is definitely a mossad op
polymarket has been accused of this, zcash has been accused of this, pumpfun has been accused of this, heck even i am routinely being accused of this and i just sell wizard jpegs
you guys are welcome to keep wasting your time making up stories if you want. have fun. sam altman and dario are jewish too, the conspiracy runs deep. even zuck
keep hating jews losers, and the jews will keep winning
We tracked a threat actor running 5 concurrent spear-phishing campaigns against European defense and UAV supply chain targets and the most interesting part was not the LNKs.
Every payload in every campaign, whether C#, Python, or HTA, used the same trick to avoid hardcoded AWS credentials: AWS Cognito Unauthenticated Identity Pools.
Two POST requests to cognito-identity[.]amazonaws[.]com at runtime:
GetId → IdentityId
GetCredentialsForIdentity → fresh AccessKeyId + SecretKey + SessionToken (15min TTL)
No static keys in the binary. No credentials to burn. The only thing embedded is the pool ID, which is not a secret. Revoke one set of STS credentials and the implant just requests new ones on the next run.
We confirmed a single AWS Account (624012998337) operating 12 S3 buckets across 4 regions under IAM role Cognito_VibrPoolUnauth_Role. One Cognito pool. Five campaigns. All exfil lands in S3 signed with SigV4 HMAC-SHA256 generated natively in C# and Python, no SDK, no dependencies.
The Python payload copies itself to %LOCALAPPDATA%\Microsoft\Windows\AdobeUpdater.exe, schedules an hourly task called "Adobe Updater", then uploads everything from Desktop, Downloads, and all drives A through Z to the attacker S3 bucket. If direct AWS connectivity fails it falls back to a SOCKS5 proxy at 91.147.119.182:9050 with hardcoded credentials. Progress is tracked in %APPDATA%\s3up_progress.json so interrupted uploads resume automatically.
Payload locations:
tmpdrop[.]s3[.]eu-west-3[.]amazonaws[.]com/pdf%20file/payload.dll
tmpdrop[.]s3[.]eu-west-3[.]amazonaws[.]com/pdf%20file/stage.hta
vibrbucket[.]s3[.]eu-west-3[.]amazonaws[.]com/pdf%20file/s3-uploader.exe
proposaldocs-eu[.]s3[.]eu-west-3[.]amazonaws[.]com/pdf%20file/s3-uploader.exe
inteldocs[.]s3[.]eu-central-1[.]amazonaws[.]com/pdf%20file/stage3.hta
IOCs:
https://t.co/z7vUFNTq52
https://t.co/4DANgiS6bb
THOR already catches the LNK delivery layer across multiple rules:
https://t.co/qF6v2Lak4v
https://t.co/hI3TcsJEab
https://t.co/0AyjnLMw7r
https://t.co/vnDi8ustKd
https://t.co/htKAJ9hcdU
https://t.co/yuRFKZFvjO
https://t.co/MRn2oVoQrV
https://t.co/3aqsWIpXge
https://t.co/x3uLNJM97i