| Website | https://mattsimpson.ca |
| GitHub | https://github.com/mattsimpson |
⚡ THREAT INTEL: New GreatXML Exploit Bypasses Windows BitLocker via Recovery
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender.
Source: https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html
#ThreatIntel #CyberSecurity #InfoSec
Last year, more than 10,000 people in 🇨🇦 spoke out against #BillC2 - and we stopped it.
#BillC22 is even worse; and so far, only 7,000 people have spoken up. If you live in 🇨🇦 and value your privacy, please activate your network against #BillC22 today.
https://www.openmedia.org/StopC22-mast
6/6
🚨 Bill C-22 forces every Canadian internet provider, messaging app & cloud service to build surveillance backdoors and store a year of your data. Foreign state hackers exploited similar legislation in the US. Shut the backdoor: https://openmedia.org/StopC22 #BillC22
I don't mean to brag but I already did this
Researchers teach brain cells to play 'Doom'
"It's about ____ time" doesn't seem fully appropriate, but: Victory! End-to-End Encrypted RCS [coming soon] to Apple and Android Chats
Apple released iOS 26.5, an update that supports end-to-end encryption for Rich Communication Services (RCS), meaning conversations between Android and iPhone will soon be encrypted in the default chat apps. This has been a long time coming, and is a welcome delivery on a promise both Google and Apple made.
https://www.eff.org/deeplinks/2026/05/victory-end-end-encrypted-rcs-comes-apple-and-android-chats
GitHub confirms breach of ~3,800 repositories after one of its employees installed a malicious VS Code extension; TeamPCP claimed responsibility for the hack (Sergiu Gatlan/BleepingComputer)
https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/
http://www.techmeme.com/260520/p14#a260520p14
It's live! New single on Bandcamp
https://frontalot.bandcamp.com/track/common-loot-feat-mcgwire
With playable music video RPG:
https://frontalot.com/loot
BREAKING: Signal, the #1 privacy protecting messaging app many of us rely on, is saying they will pull out of 🇨🇦 ENTIRELY if they're scoped into #BillC22 without large changes.
This should be our final alarm bell: we can have digital privacy or we can have legislation this broad and broken, not both!
"Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare" Canadians deserve better, so stop with it already.
Awesome HN comment from Embarrassed help:
Both the mandatory data retention and encryption backdoor requirements will cause encrypted messaging services like Signal, WhatsApp, iMessage, Matrix, and others to block both Canadians and Canadian businesses from their services.
If you live in Canada or are impacted by this legislation, then you need to tell both your MP and the Minister of Public Safety of Canada to reject this legislation.
The Canadian Civil Liberties Association (CCLA) published information about Bill C-22 here just over a week ago:
https://ccla.org/privacy/coalition-to-mps-scrap-unprecedented-surveillance-measures/
The blanket metadata retention and encryption backdoor requirements of Bill C-22 are illegal in the European Union.
Multiple groups have made easy to use tools for sending your MP and (other members of government) an email about rejecting this terrible legislation in its current form:
* The Internet Society's tool:
https://www.internetsociety.org/our-work/internet-policy/keep-canada-protected/
* OpenMedia's messaging tool: https://action.openmedia.org/page/188754/action/1
* ICLM's messaging tool:
https://iclmg.ca/stop-c-22/
I would also recommend emailing the Minister of Public Safety of Canada (Gary Anandasangaree: [email protected]) and the Minister of Justice (Sean Fraser: [email protected]).
Last year, the Canadian government pushed Bill C-2, which would erode Canadian digital rights in the name of “border security.” The bill was so bad it didn’t even make it to committee because of the backlash from the privacy community. Now, the spring’s worst sequel, Bill C-22, aka The Lawful Access Act, is trying it again.
The Milky Way photo contest is your annual reminder that the universe is big and beautiful 💫
https://www.thisiscolossal.com/2026/05/milky-way-photographer-of-the-year-contest-2026/
New, from me: Canvas Breach Disrupts Schools and Colleges Nationwide
"An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions."
"Canvas parent firm Instructure responded to today's defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students."
Lots more here:
https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/
CyberSecurityNewsDaily
OpenMedia
Benna Radacanu
Techmeme
MC Frontalot
Colossal
BrianKrebs