Paul

There's a hacking technique called Heaven's Gate. Here's how it works. Windows needs to run old 32-bit software on modern 64-bit systems. so it built a compatibility layer called WOW64. think of it as a translator sitting between old software and the new operating system. Most security tools monitor 32-bit processes. they look for suspicious API calls, unusual behaviour, malicious patterns. they're good at it. Heaven's Gate exploits the gap. malware arrives as a 32-bit process. looks harmless. security tools see it, scan it, flag nothing. then it quietly flips a switch in the processor, changing the CS register from 0x23 to 0x33 and suddenly it's executing 64-bit code. The security tool is still watching the 32-bit side. The malware is already operating on the 64-bit side. Ransomware groups use it. state-sponsored actors use it. It's been found in banking trojans, loaders, and remote access tools. Windows 10+ partially mitigated it with Control Flow Guard. partially. It has since been recreated on Linux. Named after the idea of ascending from a restricted environment to a less restricted one. The name actually fits.

🦔Meta shipped face-recognition code to over 50 million phones through its AI companion app while it publicly said the technology was still under consideration. WIRED found three AI models already on users' devices as early as January, months before Meta's April statement that it would proceed carefully before any rollout. The feature, called NameTag internally, identifies people through the smart glasses camera and alerts the wearer when it recognizes someone. The app crops unrecognized faces and saves them to a folder marked "pending." My Take Meta paid $650 million in Illinois, $1.4 billion in Texas, and $5 billion to the FTC over privacy violations tied to face recognition. It deleted over a billion faceprints and said it was done. Then it shipped the same technology again while it told the public it hadn't decided yet. Meta's own internal documents showed it planned the rollout for a "dynamic political environment" when its critics would be distracted. You don't time a launch around your critics unless you know they'd object. If $7 billion in settlements didn't stop them from building it again, I don't know what would. Hedgie🤗

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

BREAKING: Privacy/Security Alert Australian’s should be aware that their mobile devices have been updated through a forced software change to implement Australia’s new AusAlert function. The alert will be sent as a CRITICAL alert. Regardless of your phone being silenced, a LOUD audible alert will come from your phone on July 27th as part of the nationwide testing. This message is particularly important to consider if you have a second device for your personal safety and it remains on silent. The alert will come through regardless and may expose the presence of an additional phone on your possession. Instructions below on turning off non-critical alerts. SHARE to anyone who may need to know this, especially any vulnerable persons who carry a second phone for their personal safety.

Had a sit down with MSRC, while I can't say full details we had a constructive discussion on the state of things aimed at the following (and remember I'm just the messenger): MSRC handling vulnerability submissions and researcher communication GitHub removal of cybersecurity repros and the pivotal need for safe harbor for TTPs and 0days I won't be commenting on the recent 0day releases being dropped by a certain researcher because that is a unique case. I will be discussing the other topics tho: While GitHub is owned by Microsoft they are still acting independently, I was assured that the removal of researcher GitHub accounts and code was NOT being authorized or done by MSRC. They fully understand the need for 0days and code to be available for testing and cybersecurity defenses is as important as it is for offensive needs, they don't not want code to be fragmented and us going back to the days of milw0rm. MSRC is going to look into these, and I conveyed the need to do this since other places like YouTube and twitch are also cracking down on cybersecurity accounts. The email between MSRC and researchers discussing 0day talks at BH / Defcon and asking them to report what they are talking about is another topic I discussed. This was actually for Microsoft to help coordinate mitigations and tech review the talks that were in their pipeline (btw they have sent this email or it's equivalent for years, it's not new). We discussed ideas to improve these emails and how things could be misinterpreted from both sides. I think MSRC has their work cut out for themselves, but I can say that there are still lots of very passionate researchers there still trying to do good things. And I'm very thankful for them taking the time to sit down with me. I've always been lucky with MSRC interactions, and if you aren't and need a line thru to them for legitimate reasons, let me know, I'm happy to meditate when it is necessary.

Let’s face it: success doesn’t just fall into your lap. It takes time and effort. If you’re looking for a quick fix to grow your audience, you’re setting yourself up for disappointment. Instead, focus on building a solid content strategy that allows for gradual growth. It might not be flashy or fast, but it’s the path that leads to lasting results. Remember, as the saying goes: 'Slow and steady wins the race.' How are you planning to invest in your growth today?

“Elon Musk is a trillionaire.” As a securities law attorney, please allow me to explain how anyone who says this is basically lying to you: 1. The Securities and Exchange Commission has a myriad of laws that prevent founders and other large stockholders of publicly traded companies from dumping their shares. There are substantial holding period requirements, volume of sales limitations and public reporting obligations for stock sales. Basically, Elon holds largely illiquid shares, he is a “trillionaire” on paper only, and the best analogy is when people peg your net worth based on your home’s market price. That’s not money in your pocket, that’s the house you live in. 2. All that money raised in the IPO? That’s not going into Elon’s pocket like the lying socialist idiots want you to believe. It’s a capital influx that will be used to make more rockets and get more payloads into orbit. It’s a CAPITAL investment—that money is like a business loan, it’s not your money to keep, it’s your money to grow the business. 3. If it WERE legal for Elon to dump his shares, the share price would crash basically instantly and the company could very well fail. If you bought SpaceX shares in the IPO, congrats. You just bought a lottery ticket, just like Elon. May the odds ever be in your favor. So the next time someone screeches about how unfair it is that Elon Musk creates wealth that benefits all of humanity, throw the truth back in their faces.

The world just paid $2 trillion for a rocket company that lost $4.9 billion last year. And the rockets are not why it lost the money. They are the only part making any. SpaceX went public Friday, the largest IPO in history. Up 19%, a $2 trillion valuation, Elon Musk the first trillionaire. Then you open the filing. Three businesses sit inside it. Starlink, the satellites, brought in $11.4 billion, 61% of all revenue, and $4.4 billion in profit. It is the only piece that earns a dollar. The rockets that land themselves run a small loss reinvesting in Starship. And the AI arm, Grok plus the app once called Twitter, folded in this February, lost $6.4 billion in a single year on $12.7 billion of spending. Read that again. The satellites pay for everything. The AI loses more than the satellites make. And the AI is the part the market fell in love with. It gets bolder. The prospectus claims a total market of $28.5 trillion, the largest any company has ever put in a filing. Larger than the GDP of the United States. That is the number underwriting a $2 trillion price tag built on a division bleeding $6 billion a year. Now the structure. About 4% of the company trades. That sliver sets the price for all of it. Musk is locked up for 366 days and holds roughly 80% of the votes. The public bought a company they cannot steer, priced on the one segment losing the most. This is the whole year in one ticker. The profit is satellites. The story is AI. The market bought the story. The rockets were never the risk. The risk is a $2 trillion price resting on the one bet that has yet to make a cent.