zk
zk_@nsec.app
npub1mm8q...gtfj
> π https://zkwallet.unstoppable
Balanced, I am enjoying the articles of this magazine, better than expected π
View quoted note β
π
View quoted note β
"You'd have to be braindead to believe WhatsApp is secure in 2026. When we analyzed how WhatsApp implemented its "encryption," we found multiple attack vectors"
-- Pavel Durov, co-founder of the Telegram messenger.
#WhatsApp
Make this viral!
View quoted note β
4 in 5 small businesses had cyberscams last year, almost half were AI powered...
https://databreaches.net/2026/01/18/4-in-5-small-businesses-had-cyberscams-last-year-almost-half-were-ai-powered/?pk_campaign=feed&pk_kwd=4-in-5-small-businesses-had-cyberscams-last-year-almost-half-were-ai-powered
Time to move your residence out of France...
View quoted note β
βΉοΈ For those that reside outside of USA and think thausing Amazon, Google and Microsoft cloud services or any USA cloud service is secure and private for them:
. The US CLOUD Act from 2018, allows the US Government (and therefore their partners) data access regardless of storage location.
. Be smart, self host your data, and if you insist in doing it wrong, encrypt your data before you upload anywhere.
CLOUD Act Resources
True story, but soon, that won't be an issue, LLMs are going to replace most of us in many areas and FOSS developers will probably be in the early list. I'll give it 5 years tops.
It's FOSS
Open Source Developers Are Exhausted, Unpaid, and Ready to Walk Away
The foundation of modern software is cracking under the weight of burnout.
Not that most of you give two cents about it since most don't care about privacy, but if you are one of those rare special individuals, stay away from ChatGTP
#ChatGTP
In yet another "Your chatbot may be leaking" moment, researchers have uncovered multiple weaknesses in OpenAI's ChatGPT that could allow an attacker to exfiltrate private information from a user's chat history and stored memories.
A small number of samples can poison LLMs of any size
A small number of samples can poison LLMs of any size
Anthropic research on data-poisoning attacks in large language models
π¨ Mobile Apps Leak Data β New findings from Zimperium have revealed that one in three Android apps and more than half of iOS apps leak sensitive data. Nearly half of mobile apps contain hard-coded secrets such as API keys
Keep your mobile clean, remove all apps not really needed and be mindful of the ones you install and keep.
π¨ A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid
And just like that billions invested in HW security gone, back to the drawing table for Intel and AMD, and those researchers... making this public before a solution is deployed, not cool.
π¨ Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.
Take time and educate your elders.
π¨ Chinese censorship sprang a major leak on September 11, when researchers confirmed that more than 500GB of internal documents, source code, work logs, and internal communications from the so called Great Firewall were dumped online, including packaging repos and operational runbooks used to build and maintain Chinaβs national traffic filtering system.
This is hailed as a "game changer" for circumvention tools (e.g., VPNs) and research into GFW vulnerabilities.
VPN providers will learn from these documents probably a lot about DPI and how to circumvent it.
π¨ A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.