Security geek, packet abuser
Research Eng at
@runZeroInc
http://LinkedIn.com/in/tomsellers
http://fadedlab.wordpress.com he/him/they/goofball
| GitHub | https://github.com/TomSellers |
| Blog | https://fadedcode.net/ |
"Help me," the duke said. "My physicians can't say what ails me, but I've lost all pleasure in what I used to enjoy."
The witch examined him, and paused over his hand.
"Nice ring. It is new?"
"A recent gift from the king. Why? Is it cursed?"
It was made to dampen cruelty.
"No," said the witch.
"I grant you one wish," the magic fish said.
"To eat my mother's pancakes again, just like when I was a child."
"Are you sure?"
"You think it frivolous?"
"No. But to grant it I must send you back to the child you were, with no adult memories."
"Would my life change?"
"You ask that every time."
Last week, half of all new scanning IPs observed by GreyNoise geolocated to Hong Kong.
A quarter-million of them never completed a TCP handshake.
The ones that did were scanning MySQL, SSH, SMB, and RDP across 20+ countries.
One of these is the signal. The other is noise.
π https://www.greynoise.io/blog/ghost-fleet-half-new-scanning-ips-geolocated-to-hong-kong
Weβre kicking off #runZero Day at 9:45 AM PT!
Weβll be live in San Francisco, next door to #RSAC, with our hosts Tod Beardsley and Rob King.
The schedule includes expert insights from leading voices across the industry.
Donβt miss a minute as we discuss the shifting cybersecurity landscape and the trends defining our industry!
Watch it live: https://www.runzero.com/rsac-live-2026/
US Administration: We're having great and productive talks with the Iranian leadership.
Iranian leadership: lol, wut?
The common response to this is that one or both parties are lying.
My personal headcannon is that the US Admin got taken in by a 419 (Nigerian prince) scam.
"Hello Glorious President,
I a diplomat of the current Iranian regime. We would like to bow to your magnificence, surrender completely, and provide you with complete control of the Iran and billions of US dollers. Unfortunately to do this we will have to file a small "surrender" fee of 100 million US dollars. ....."
π NEW SECURITY CONTENT π
π» macOS Tahoe 26.4 - 77 bugs fixed
https://support.apple.com/en-us/126794
π» macOS Sequoia 15.7.5 - 60 bugs fixed
https://support.apple.com/en-us/126795
π» macOS Sonoma 14.8.5 - 54 bugs fixed
https://support.apple.com/en-us/126796
π± iOS and iPadOS 26.4 - 38 bugs fixed
https://support.apple.com/en-us/126792
π₯½ visionOS 26.4 - 29 bugs fixed
https://support.apple.com/en-us/126799
π± iOS and iPadOS 18.7.7 - 25 bugs fixed
https://support.apple.com/en-us/126793
β watchOS 26.4 - 22 bugs fixed
https://support.apple.com/en-us/126798
πΊ tvOS 26.4 - 17 bugs fixed
https://support.apple.com/en-us/126797
β watchOS 8.8.2 - no CVE entries
β watchOS 5.3.10 - no CVE entries
Annnnd, the docs are immediately published.
It looks like iOS/iPadOS 26.4 fixes ~ 38 CVEs. I don't see comments about any being exploited in the wild.
Apple appears to have released version 26.4 of iOS, iPadOS, etm. I don't see any docs yet so I'm not sure what, if any, security fixes are included.
The docs will be here when they are published:
https://support.apple.com/en-us/100100
Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.
Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.
Micro SF/F by O. Westin
Ars Technica
GreyNoise
runZero, Inc
ApplSec
Dan Goodin