As Russia is cracking down on the use of Telegram, Whatsapp, and VPNs, citizens are moving to other apps that have an IM and calling feature included, such as KokoaTalk, Duolingo, or dating apps

https://www.kommersant.ru/doc/8533515

In some cases, even smart cat feeders: https://gubdaily.ru/news/ne-dumala-chto-eto-uvidyat-milliony-rossiyane-sozvanivayutsya-cherez-kormushku-kota/

Q&A with Simon Willison on the November release of GPT-5.1 and Opus 4.5 as the inflection point for coding, exhaustion due to managing coding agents, and more (Lenny Rachitsky/Lenny's Newsletter)

https://www.lennysnewsletter.com/p/an-ai-state-of-the-union
http://www.techmeme.com/260404/p6#a260404p6

(zsec.uk) Autonomous LLM-Driven Vulnerability Hunting at Scale: Architecture, Methodology, and Discovered Zero-Days

New research details an autonomous LLM-driven vulnerability hunting system using Claude Code and Model Context Protocol (MCP), uncovering multiple zero-days including critical Go standard library flaws and a four-stage OEM exploit chain.

In brief - A security researcher built an end-to-end autonomous system integrating 300+ tools across five VMs, discovering confirmed CVEs (CVE-2026-33809, CVE-2026-33812) and a complex OEM service exploit chain achieving SYSTEM execution. The system eliminates false positives through a rigorous multi-gate validation pipeline.

Technically - The architecture leverages FastMCP-based Python servers for SSH/WinRM, Proxmox VM orchestration, Ghidra/radare2/Frida RE, grammar-based fuzzing (WinAFL, Jackalope, DynamoRIO), and FAISS-backed RAG. Key findings: CVE-2026-33809 (Go TIFF parsing OOM via unchecked IFD offset), CVE-2026-33812 (Go SFNT font parsing OOM via unchecked uint16 class count), and an OEM exploit chain combining WCF named pipe auth bypass, SSRF, catalog injection, and BYOVD for SYSTEM execution. Validation requires PoC compilation, clean-VM crash reproduction, and exploitability confirmation.

Source: https://blog.zsec.uk/bullyingllms/

#Cybersecurity

RE: https://mastodon.social/@pojntfx/116345677794218793

This is not acceptable, plain and simple.

(pushsecurity.com) Device Code Phishing Enters Mainstream Adoption: 10 Active Kits, PhaaS Proliferation, and the Bypass of All Authentication Controls

Device code phishing has surged 37.5x, becoming a mainstream criminal attack vector—bypassing MFA, passkeys, and all authentication controls via OAuth 2.0 Device Authorization Grant abuse.

In brief - Ten phishing kits, including the PhaaS EvilTokens, now weaponize this technique. Russia-linked Storm-2372 and Scattered Lapsus$ Hunters are actively targeting Microsoft 365 and Salesforce. Block device code flows via Conditional Access and monitor for anomalous token grants.

Technically - Attackers initiate an unauthenticated POST to the device authorization endpoint, phish victims to enter the user_code on a legitimate page, then poll for tokens. Kits like EvilTokens (Railway/Cloudflare Workers) abuse first-party Microsoft apps (FOCI-enabled) to harvest Primary Refresh Tokens. Mitigate by pre-creating service principals, enforcing user assignment, and deploying browser-level detection for device_code polling loops.

Source: https://pushsecurity.com/blog/device-code-phishing/

#Cybersecurity #ThreatIntel

🚨 New Investigation: Attackers are hunting the maintainers behind Lodash, Fastify, buffer, Pino, mocha, Express, and #Nodejs core, because compromising one of them means write access to packages downloaded billions of times a week.

Multiple high-impact maintainers have all confirmed they were targeted in the same coordinated social engineering campaign that compromised Axios.

https://socket.dev/blog/attackers-hunting-high-impact-nodejs-maintainers