Me, 1996: No, "Goodtimes" is a hoax, an email can't run computer code or give you a virus

Me, 2000, miserable: Microsoft did something weird and now emails can give you a virus. Bubbleboy is real

---

Me, 2010: No, the "Enhance" bit from CSI is not real. There aren't algorithms that can add information to an image.

Me, 2025, miserable: Microsoft did something weird and now the "Enhance" button is real, but the details are fake. Law enforcement IS using it and innocent people will go to prison

If you need a worksafe version of "Come Sail the CVEs", I posted that over the the ET community site:

Part 1: https://community.emergingthreats.net/t/come-sail-the-cves-part-1-data-acquisition/2750

Part 2: https://community.emergingthreats.net/t/come-sail-the-cves-part-2-turning-data-into-rules/2751

very brief synopsis:

Come learn how to build a MASSIVE rss feed full of relevant data for threat research and detection engineering (Part 1)

once you've done that, learn how to turn blog posts into network detection rules as we work through three scenarios from three separate blog posts pulled from my RSS feeds. (Part 2)

Hawk tuah and spit on those containers.

https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

https://nvd.nist.gov/vuln/detail/CVE-2025-47290

A rant on why I think we need realistic Solarpunk, plus some other things 1/2 ☀️

Felt compelled to make this. It will finally stop floating around in my head 🎉

Podcast over here if you're interested: https://podcast.tomasino.org/@SolarpunkPrompts

#solarPunk #hopePunk #art #myArt #comics #sustainability

Today I discovered Safari's "Distraction Control" feature, which lets you hide distracting items. This will be handy for removing elements that cover the content and elements with looping animations.

Most importantly, it's fun to dissolve them out of existence. Poof!

https://support.apple.com/en-la/120682

#reduceMotion #Safari

oops, I'm a few days late, but MS finally released a patch for the issue I reported last year - CVE-2025-26684
Defender for Linux can be tricked into executing arbitrary code as root. Writeup: https://astr.al/notes/2024-11-28_mdatp_privesc

some reboosts would be much appreciated <3

#microsoft

Time to update microcode on your Intel processors (gen >9)...

New speculative prediction bug lets you capture /etc/shadow with 99% reliability. They didn't make anything like it work on AMD or ARM... yet...

https://comsec.ethz.ch/research/microarch/branch-privilege-injection/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512

In 2010, #AaronSwartz downloaded 70 GB of articles from JSTOR. He faced a $1 million fine and 35 years in prison
➡️ Aaron took his own life in 2013.

#Meta illegally downloaded over 80 terabytes of books from LibGen, Anna's Archive, and Z-library to train its #AI models
➡️ facing no consequences.

Information is power, knowledge is power.

Beware and fight against those who want to keep you ignorant, unaware, and misinformed.

#digitalrights #openknowledge #opendata #privacy