We've been testing a pretty sweet new feat for RAPTOR with the exploitability validation pipeline, which sits between vulnerability discovery & exploit generation.

Before, we be like:

scan → analyse → exploit

now, we is:

scan → validate exploitability → analyse → exploit

Typical flow now becomes:

1. Static or dynamic analysis identifies candidate vulnerabilities
2. Exploitability validation stage runs
3. Only validated findings proceed to exploit generation
4. Exploit proof of concept or patch generation follows

For us on the team, this is significant because it:

1. Reduces false positives that lead to meaningless exploit generation and token wastage (gotta be cost aware)
2. Forces the agent to reason about realistic attacker capabilities
3. Enables prioritisation based on real impact

RAPTOR now standardises human readable exploitability statuses, namely:

Exploitable
Confirmed
Proven
Disproven
Ruled Out

It's a big step forward and hopefully gives all insight into what we are working on moving forward.

Remember kids, Gobbles were amazing. Love you all

https://github.com/gadievron/raptor

Totes not a fan of digital watches, but the SQFMI Watchy kinda appealed to me in a hacker/tinkererer sense.

https://watchy.sqfmi.com/

It had been 5 years since I made my first watch face, so this weekend me the the kids made a new one for 2026, Bauhaus inspired

Kids actually enjoyed working out where to put the boxes, compiling the firmware and pushing it to the watch and seeing what worked and what didnt.

Based off an esp32 and with PlatformIO helping, this is a good fun exercise for kids I feel (and adults too)

https://github.com/danielcuthbert/watchy-marina

Err, hmmm, I, just….

“It works by taking static screenshots that are constantly sent back to the API in real-time”

Said most malware writers who use multi-stage payloads to exfiltrate data out or an AI giant announcing their new feature

It’s hard to tell these days

If you are going to own a high-profile target, maybe OPSEC should be a level above "skid"

#justsayin

The sheer ferocity and pace of everyone and their dog trying to throw copious amounts of data at models in the hope they produce something useful, is exhausting.

For every company that goes public with this, there’s many more silently feeding your data and mine into massive data lakes for models to consume and just like with the LinkedIn news (AI training turned on by default), it’s clear we need better stronger legislation to make the public aware this is happening

Then, if you did well in the cryptowars or are an active ransomware actor, this might be affordable for you

A rare Heimsoeth und Rinke three-rotor Enigma 1 cipher machine

https://www.bonhams.com/auction/29857/lot/31/a-rare-heimsoeth-und-rinke-three-rotor-enigma-1-cipher-machine-german-circa-1937/

It's truly gorgeous and such an important piece of history