The Bone Collector

@[email protected]
14 Followers
93 Following
108 Posts

[HEAVY BREATHING INTENSIFIES]

#nobot #noai

The Bone Collector4d ago
VissJun 16
ooof
The Bone CollectorJun 6
Brian McFaddenJun 5
"Be stupid" is an easier motto to live by than "Don't be evil." https://patreon.com/BrianMcFadden
The Bone CollectorJun 3
Steven MurdochJun 2
For 19 years, GPS satellites have secretly broadcast a “numbers station” in their public signals. We decoded 12M messages: a 2011 flash where 31 of 32 satellites flipped in hours, “ghost” substrings repeating years apart, and a “TEXT” prefix spreading now. https://lsc-pagepro.mydigitalpublication.com/publication/?i=865273&p=62&view=issueViewer
The Bone CollectorMay 30
Laura May 29
#Meme #Humour
The Bone CollectorMay 22
VissMay 20

https://oddguan.com/blog/second-time-same-sandbox-anthropic-claude-code-network-allowlist-bypass-data-exfiltration/

if you use claude code
anywhere
for anything

do not run it where there are secrets or sensitive files. if claude code has access to things, this is just another way it can ruin your day/week/month/year

Second Time, Same Sandbox: Another Anthropic Claude Code Network Sandbox Bypass Enables Data Exfiltration

For the second time in five months, Anthropic Claude Code's network sandbox lets a process inside reach hosts the user's policy says to block, and exfiltrate any data the process touches. Every Claude Code release from 2.0.24 (sandbox GA on 2025-10-20) through 2.1.89 was vulnerable to a SOCKS5 hostname null-byte injection. About 5.5 months and ~130 versions, including the release that silently fixed the first sandbox bypass. Both findings ended in a silent fix and no Claude Code security advisory.

Aonan Guan
The Bone CollectorMay 14
Show threadJonathan DoughtyMay 13
@jik I wonder if it is related to https://infosec.exchange/@moopsy/116557352491390721 seen yesterday, though I’ve seen no other related news yet. Glad I never trusted mine to access from the network via quickconnect
The Bone Collector (@[email protected])

Anyone else seeing a torrent of auth attempts via quickconnect[.]to their #synology NAS. Looks kinda brute-forcey Maybe check your logs, and make sure MFA is enabled. cc: @ifin #threatintel

Infosec Exchange
The Bone CollectorMay 11

Anyone else seeing a torrent of auth attempts via quickconnect[.]to their #synology NAS. Looks kinda brute-forcey

Maybe check your logs, and make sure MFA is enabled.

cc: @ifin

#threatintel

The Bone CollectorMay 9
VissMay 9
i still think it was a crime that lower decks got cancelled
The Bone CollectorMay 3
J.R. OrciMay 2
With Nethack's 5.0.0 release, it has now been running longer than The Simpsons.  
https://www.nethack.org/common/index.html
NetHack 5.0.0: Main Page

The Bone CollectorApr 27
@cR0w has been chilling with me, enjoying the lovely day, for a solid 15 minutes.