JParticle 🇨🇦🇺🇦

Mind-blowing breakthrough: Scientists just captured the first-ever image of an electron’s “orbit” inside a hydrogen atom!Peering into the absolute tiniest building blocks of matter has always been insanely difficult — not only because atoms are unimaginably small, but because the quantum world plays by bizarre rules. Electrons don’t zip around in neat little planetary paths like old textbooks suggested. Instead, they exist as fuzzy probability clouds governed by quantum physics.And then there’s the Heisenberg uncertainty principle: the very act of trying to observe something this small can change its https://t.co/TMjfixjVAF, thanks to a groundbreaking new “quantum microscope” technique called photoionization microscopy, researchers have done what was once thought impossible. They’ve visualized the nodal structure of an excited electron’s wave function in a hydrogen atom — essentially photographing the probability cloud where the electron is most likely to be found. The result? A stunning, direct look at one of nature’s most fundamental quantum states. This isn’t a classical photo of a single electron whizzing around — it’s a mapped interference pattern revealing the beautiful, probabilistic reality of the quantum realm. Reality is weirder (and more beautiful) than we ever imagined.

"Now, an investigation by ICIJ, with the help of cybersecurity analysts at Toronto University’s Citizen Lab, has found that the incident was part of a sophisticated offensive strategy against ICIJ and its network following the 2025 publication of China Targets." https://t.co/oiY0mFGqqA

Yeah, so pretty much this guy is releasing an exploit in solidarity with Nightmare Eclipse guy. He said he notified GitHub about the exploit 60 minutes before releasing this paper. I don't do web stuff, and I'm not a VSCode nerd, so I'm confused by the underlying technologies. If you're a stinky GitHub and VSCode nerd maybe you'll understand. tl;dr click github dev, github dev opens editor, in github dev editor have javascript, javascript does shortcuts automatically. github treats javascript shortcuts as real human input, or something. use javascript shortcut stuff to automatically install vscode extension. the vscode extension steals your data tl;dr tl;dr user clicks 1 link, 1 click steals all data from your github https://t.co/uh17usZeEH

John Costello, the Wirescreen analyst who wrote the report, said the data showed “directly and irrefutably” that U.S. technology was equipping the Chinese military. “What number of advanced Nvidia chips in P.L.A. hands does the company consider acceptable?” he asked. https://t.co/Ba25uSnp2R

The Chinese government is not just into surveilling their own populations and residents but also their administrative staff. Not just for traditional EDR but also for documents they request, store on their registered devices etc. We looked into one of the tools they use:'confidentiality management system'. Developed by the company Super Red Technologies. Read our investigation into how the software operates, how internal networks of the Chinese state are structured and how they are surprisingly transparent, being stripped of most baseline security like TLS, so traffic can be monitored. Worth a read... https://t.co/nYf2NEiYOf

"signalling logs, packet captures, routing data, and other telecommunications sources to trace the methods and origins of advanced surveillance activity. This analysis identified 4G infrastructure associated with operator networks based in Israel, the United Kingdom, and the Channel Islands." https://t.co/FjmagECZxh

Microsoft has identified an active supply chain attack using typosquatted npm packages to steal cloud and CI/CD secrets. On May 28, 2026, a single threat actor operating under newly created maintainer alias vpmdhaj published 14 malicious packages within a 4-hour window. https://t.co/jC3f2m6EBp The packages typosquat well-known OpenSearch, ElasticSearch, DevOps, and environment-configuration libraries, and several spoof the upstream OpenSearch project’s repository URL in their package.json to appear legitimate. Once installed, the packages harvest AWS credentials, HashiCorp Vault tokens, and CI/CD pipeline secrets from the host environment. Read the blog from the Microsoft Defender Research team to an in-depth analysis, as well as mitigation, detection, and hunting guidance.

‼️ After the MSRC blog post about Nightmare-Eclipse, researchers are coming forward with their own MSRC horror stories. The response from the security community isn't going Microsoft's way. As they’re not backing Microsoft. Gabriel Landau, a well-known Windows security researcher, says he reported a Device Guard bypass with a 90-day window. MSRC told him it met their bar and they'd fix it, then asked him to hold disclosure for extra months. He agreed on the condition they issue a CVE. They patched it silently, decided after the fact it "didn't meet the bar," and never issued the CVE. In his words: "MSRC strung me along for a few extra months to keep me quiet, then broke their word." Another researcher, rootsecdev, says he responsibly disclosed a legacy-auth flaw that allowed password spraying while avoiding smart lockout. Five months later, MSRC replied that it "doesn't meet the bar for servicing," silently fixed it, and closed the case. Microsoft's post was meant to defend their coordinated disclosure policy. Instead it became a thread of researchers explaining why they've stopped trusting their process.

🚨 Allianz allegedly targeted in ~500 internal Docker images leak A threat actor on an underground forum is claiming to release a full dump of roughly 500 Docker images, totaling around 40 GB, allegedly originating from Allianz internal infrastructure. The actor claims the images contain exposed configuration files, source code, credentials, and private keys. 𝗪𝗵𝗮𝘁'𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱: • Exposed configuration files with API keys, DB passwords, and service tokens • Internal microservices with source code • Hardcoded credentials for staging and prod environments • TLS private keys and internal CA certs 𝗗𝗲𝘁𝗮𝗶𝗹𝘀: 𝗧𝗮𝗿𝗴𝗲𝘁: Allianz 𝗦𝗲𝗰𝘁𝗼𝗿: Insurance / Financial Services 𝗔𝗰𝘁𝗼𝗿: hackformetome 𝗖𝗹𝗮𝗶𝗺: Full dump of internal Docker images 𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: ~500 Docker images (~40 GB) 𝗣𝗿𝗶𝗰𝗲: 10 Points 𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 28, 2026 💥 Stop guessing what's redacted. Paid subscribers see everything: https://t.co/281Qjc6p2J