Instagram decided to roll out a new “Muse AI” feature, that lets users create AI images based on people’s Instagram photos.
Then they opted in EVERYONE with a public account
To opt out:
Click your profile picture
3 bars in the top right
scroll down to "Sharing and reuse"
Toggle off for both Posts and for Reels
Claude Desktop is now available on Linux (Ubuntu and Debian) in beta.
Alongside the browser and terminal, you now get a first-class desktop experience with Claude Code, Claude Cowork, and chat on all paid plans.
Before Fable got released (and pulled) @mozilla was quietly testing Claude Mythos against Firefox's 10M line codebase.
The result? Over 400 security bugs fixes, including ones that had been hiding in the codebase for over a decade.
@bgrins, distinguished engineer at Mozilla, walked me through the agentic bug-finding harness behind the model. His take? It was 50% mythos / 50% setup.
In this ep, Brian walks through:
- why you can't just point a model at 10M lines of code
- how to write a good goal/loop pattern
- killing false positives with a verifier
- why it's good to "lie to the agent"
And guess what? This isn't magic - you can write your own similar harness in less than an afternoon.
Watch now on YT: https://t.co/pBQJZHIM6D
https://t.co/64V8Yki23Z
Our researchers spent several weeks developing a full Chrome exploit chain and wondered about the current state-of-the-art in this area.
For the benefit of the community, we invited the GOAT of browser exploitation, @5aelo, to share his perspectives on modern browser security and exploitation.
This event will be live-streamed on YouTube and open to everyone.
Submit your questions: https://t.co/OfBzuTV72z
Add to Google Calendar: https://t.co/CX82X9MyO9
Add to Outlook Calendar: https://t.co/mvrKJ7I5HS
My team EDG at NCC Group is looking for an experienced vuln researcher/exploit developer! RT's welcome!
This is a full time R&D role, primarily contributing to the developing of capabilities for consultants, showcasing knowledge, collab with other teams etc. We work across many disciplines in security research. Interested in AI applied to VR/exploit dev too.
We can recruit in UK/Spain (remote or hybrid).
https://t.co/kNTDcH4Imb
The future of compute for LLM workflows is definitely running on affordable hardware at home. Privacy over handing identity over because of a use case seems over compensating.
https://t.co/BPOYtcsOXp - updated this week.
the watchers: how openai, the US government, and persona have been secretly running an identity surveillance system since nov 2023.
https://t.co/Zz04WDF8Lz
researched by @vmfunc, @MDLcsgo, @DziurwaF
Bug trackers are some of the most informative and content rich platforms to learn about certain bug classes and how developers focus on fixes. It is always worth reading to learn and apply to your research.
While everyone was on Holiday we scanned the Internet for #BadHost (CVE-2026-48710): zero auth required, affecting FastAPI, vLLM, LiteLLM, and many more - basically the whole AI infra stack!
What we found is: clinical trial databases, email mailboxes, MCP server for SSH industrial IoT via bastion servers, and live PII APIs wide open. The FastAPI/MCP ecosystem is sitting exposed - patch to Starlette 1.0.1 NOW and check your exposure at https://t.co/GS6Y0wBLQm
@daveaitel Agreed! I've heard so many people use "step changes" and they can't articulate what it means. Usually they are just regurgitating what they see from marketing or "influencers".
“So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?”
Agreed you should add some real value. Submit a patch and tests, other wise it's just a report that wastes time.