Oneironaut

@Oneironaut@infosec.exchange
13 Followers
95 Following
1.4K Posts
GRC advocate. Cyber adjacent. Celine Dion fan
Oneironaut13h ago
Tuta19h ago

⚠️ In four days Gemini wants to scan your phone ⚠️

Stop #Google now: 👉 https://tuta.com/blog/how-to-disable-gemini-on-android

#GeminiAI #Google #Android #PrivacyMatters

Oneironaut1d ago
cR0w 1d ago

Unit42 published a pretty decent write-up on malicious lnk files. It includes IOCs for the specific lnk files referenced in the post, but the concepts themselves are more important than the IOCs.

https://unit42.paloaltonetworks.com/lnk-malware/

Windows Shortcut (LNK) Malware Strategies

Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery. Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery.

Unit 42
Oneironaut2d ago
JWcph, Radicalized By Decency2d ago

"These are terrible numbers, but also, these are some genuinely impressive accounting gimmicks...." - you can say that again, @pluralistic; I think anyone with an iota of common sense would agree that this bullshit should be illegal.

We cannot allow "By the authority vested in me by being rich I declare that I am now even richer!" randos to control the common, even global #economy.

It's fucking bonkers.

https://mamot.fr/@pluralistic/114776534107792989

#AI #tech #business #resist

Oneironaut2d ago
BrianKrebs2d ago

We say "fucking" to keep Google's AI from fscking up search results with AI. And now we can say "gravy" to throw off the AI scrapers?

Fucking gravy.

Thank you @aj for cluing me in.

https://bsky.app/profile/did:plc:n2okvbdq33c32ekbv6hfzdg2/post/3lsvh7cupqk2z

AJ Sadauskas (@ajsadauskas.bsky.social)

For anyone wondering why #gravy has been trending: AI hucksters are trawling through your social media posts for training data and trends. And you know what can gum up the gears of an automated sentence generator? Posts that use the word gravy out of context. #auspol #ChatGPT #AI #LLM

Bluesky Social
Oneironaut3d ago
Show threadDr. Cat Hicks5d ago

If I have to see this goddamn "spatial ability" argument one more time. Get more specific. What type of spatial ability you absolute clowns. Exactly what task, and explain how you address the spatial ability conflation with gender problems. Explain why and how these diffs vanish when you include all the spatial tasks THAT RESEARCHERS REMOVED BECAUSE GIRLS WERE GOOD AT THEM

https://link.springer.com/article/10.1007/s10648-023-09728-2

Gender Differences in Spatial Ability: a Critical Review - Educational Psychology Review

Spatial ability has long been regarded as important in STEM, and mental rotation, a subcategory of spatial ability, is widely accepted as the cognitive ability with the largest gender difference in favor of men. Multiple meta-analyses of various tests of spatial ability have found large gender differences in outcomes of the mental rotation test (MRT). In this paper, we argue that more recent literature suggests that the MRT is not a valid measure of mental rotation ability. More importantly, we argue that the construct of “spatial ability” itself has been co-constructed with gender, and thus has not been devised in a neutral way, but in a manner that is influenced by gender beliefs. We discuss that though spatial thinking is also required in feminized fields, past research has cast spatial ability as only necessary in masculinized STEM fields. Due to a prevailing belief that spatial ability was an inherently male ability, researchers “selectively bred” some spatial assessment instruments to maximize gender differences, rather than to precisely measure a spatial construct. We argue that such instruments, of which the MRT is one, cannot validly assess between-group differences, and ideas about biological or evolutionary causes of sex differences in spatial ability lack empirical evidence. Instead, the co-construction of gender and spatial ability better explains observed patterns. We also provide recommendations for spatial researchers moving forward.

SpringerLink
Oneironaut4d ago
Catalin Cimpanu4d ago

Microsoft will launch next month a private preview of a new Windows technology that will allow antivirus and security tools to run without kernel access (because of the CrowdStrike incident)

Several EDR vendors are working with Microsoft to test the new technology

https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/

The Windows Resiliency Initiative: Building resilience for a future-ready enterprise

Resilience isn’t optional—it’s a strategic imperative. In today’s threat landscape, organizations can’t afford to treat resilience as a reactive measure. It must be built into the foundation of how systems are designed, secured and managed

Windows Experience Blog
Oneironaut4d ago
Show threadKevin Beaumont6d ago
Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
Oneironaut5d ago
BeyondMachines 5d ago

Critical Citrix Netscaler "Citrix Bleed 2" flaw actively exploited

A critical vulnerability in Citrix NetScaler devices, dubbed "Citrix Bleed 2" (CVE-2025-5777), is now being actively exploited by threat actors according to ReliaQuest, raising concerns of a repeat of the devastating 2023 "Citrix Bleed" campaign that affected major companies like Boeing and Comcast's 36 million customers.

**This is now important and URGENT. Your Citrix NetScaler ADC or Gateway, exposed on the internet, they are actively attacked and exploited. After patching, you must terminate all active ICA and PCoIP sessions since they may already be compromised by attackers.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-citrix-netscaler-citrix-bleed-2-flaw-actively-exploited-4-y-j-i-q/gD2P6Ple2L

Critical Citrix Netscaler "Citrix Bleed 2" flaw actively exploited

A critical vulnerability in Citrix NetScaler devices, dubbed "Citrix Bleed 2" (CVE-2025-5777), is now being actively exploited by threat actors according to ReliaQuest, raising concerns of a repeat of the devastating 2023 "Citrix Bleed" campaign that affected major companies like Boeing and Comcast's 36 million customers.

BeyondMachines
Oneironaut5d ago
theOmegabit5d ago

The T in IoT is for trash

#cybersecurity

https://iank.org/posts/loftie-rce/

Placeholder- IoT vulnerability

While looking for an API to use with Home Assistant, I found a vulnerability in a popular WiFi-connected alarm clock.

OneironautJun 26
Jan SchaumannJun 26

Ugh, here we go. People in the U.S. will get sicker more often, overall health and average life expectancy (US currently ranks 48th or so) will further decline. But because that impact will individually be subtle and compound only over years, the idiot population won’t make the connection.

Next on the chopping block: MMR vaccines. So yeah, young kids and infants are actually going to die. USA, USA.

https://www.nytimes.com/2025/06/26/health/rfk-jr-vaccines-acip-cdc.html

RFK Jr.’s New Advisers Rescind Recommendations for Some Flu Vaccines

Critics saw in the move the beginnings of a more restrictive approach to providing vaccines to Americans.

The New York Times
×
Show threadBaillehache PascalJun 26
@Natasha_Jay
I don't know who did this but someone else has suggested very suspicious names right now...