~swapgs

@[email protected]
948 Followers
1.6K Following
2.5K Posts
zigzagging my way through cursed code and bugs
bloghttps://swap.gs
~swapgs1d ago
Caitlin Condon1d ago

It's a day ending in "y", which means I'm #hiring senior exploit developers around Cheltenham, UK. If you're based near Cheltenham and love RCE exploits, hit me up!

[Must be within reasonable distance of Cheltenham. No relocation, no sponsorship, sorry!]

https://job-boards.greenhouse.io/vulncheck/jobs/4009149009

~swapgs1d ago
CERT-EU1d ago

#CyberSecurity
#SupplyChain
#CERTEU

A compromised version of Trivy gave attackers access to the European Commission’s europa.eu platform hosted on AWS.

We have published our analysis – what happened, who is affected, and what to do – in full transparency and in agreement with the European Commission.

https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain

European Commission cloud breach: a supply-chain compromise

European Commission cloud breach: a supply-chain compromise

~swapgs2d ago
Joseph Cox2d ago
This is insane: TeleGuard, a 'secure' chat app downloaded more than a million times, uploads users' private keys, meaning the company can decrypt messages. And anyone can get anyone else's private key by just sending the user ID to the API. Possibly worst ever https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/
A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’

TeleGuard is an app downloaded more a million times that markets itself as a secure way to chat. The app uploads users’ private keys to the company’s server, and makes decryption of messages trivial.

404 Media
~swapgs2d ago
Binary Ninja3d ago

Sludge?! In Binary Ninja? Happy April 1st! (Yes, the plugin is real though)

https://github.com/CouleeApps/sludge_content_sidebar

Now available in the plugin manager.

~swapgs3d ago
Cure53 🏴‍☠️🏳️‍⚧️3d ago

Does anyone have a contact at pwn.ai?

We would kinda like to have a conversation with them...

~swapgs4d ago
Show threadGraham Sutherland / Polynomial5d ago

i blogged about the memcmp thing

https://blog.poly.nomial.co.uk/2026-03-31-watch-out-for-missed-warnings-on-vendor-cpp-toolchains.html

Watch out for missed warnings on vendor C++ toolchains - Graham Sutherland's Blog

~swapgs6d ago
SomaFM6d ago
Drone Zone Long Form Sunday continues with long-form tracks from: Max Wurden, Robert Rich, Peter Savage, Oophoi
http://somafm.com/dronezone/
Drone Zone from SomaFM

Served best chilled, safe with most medications. Atmospheric textures with minimal beats.

~swapgsMar 26
Show threadYifanMar 25
🫠
~swapgsMar 24
Show threadYifanMar 24
Lmao @Hacker0x01 told me the backdoor was known "through internal security assessments" and they're "closing this report as out of scope". But now are pissed I disclosed it. Nobody should use this joke of a platform who put the interests of companies over that of users.
~swapgsMar 23
ssticMar 23

Le programme du SSTIC 2026 a été publié: https://www.sstic.org/2026/programme/

#sstic #sstic2026

SSTIC2026 » Programme du 3 au 5 juin 2026