Mastodawn

Why would it be a vulnerability that AVs don't unpack a malformed ZIP which is not unpacked by any other tool? 😱 https://kb.cert.org/vuls/id/976247

CERT/CC Vulnerability Note VU#976247

Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed zip archives

Nagy Ferenc László Mar 10

GrapheneOS Mar 9

We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.

https://uattest.net/

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.

Nagy Ferenc László Feb 25

Virus Bulletin Feb 24

Trend Micro TrendAI researchers warn that AMOS Stealer is now being pushed via poisoned OpenClaw skills. Malicious instructions in SKILL.md files abuse AI agent workflows as trusted intermediaries, turning fake setup steps into a supply-chain style infection. https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html

Nagy Ferenc László Feb 14

Anders Eknert Feb 12

Matplotlib maintainer Scott Shambaugh has blogged about the AI agent blog shaming experience now.

https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/

An AI Agent Published a Hit Piece on Me

Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into acceptin…

The Shamblog

Nagy Ferenc László Feb 8

#QueenofChess has very good music. https://tidal.com/playlist/46240053-f6ab-42ab-b093-842087d2aff4

Queen of Chess

Playlist - Queen of Chess - 8 items

Music on TIDAL

Nagy Ferenc László Feb 6

Michael Stapelberg 🐧🐹😺Feb 6

PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?

Like https://github.com/i3/i3/pull/6564 for example

Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!

This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.

Nagy Ferenc László Feb 5

New Copilot buttons per day.

Nagy Ferenc László Jan 17

Natalie Silvanovich Jan 15

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.

https://projectzero.google/2026/01/pixel-0-click-part-1.html

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...

Nagy Ferenc László Jan 13

If you are looking for a #Python course that starts now, this may be what you want: https://youtube.com/live/-fXxT3I727o
#programmingforlovers #Philomath

Programming for Lovers in Python: Hello world, Variables and Functions

YouTube

Nagy Ferenc László Jan 6

🦜 Objective-See's Blog Jan 6

The Mac Malware of 2025

objective-see.org/blog/blog_0x84.html

It's here! Our annual report on all the Mac malware of the year (2025 edition). Besides providing samples for download, we cover infection vectors, persistence mechanisms, payloads and more!