zk

ℹ️ For those that reside outside of USA and think thausing Amazon, Google and Microsoft cloud services or any USA cloud service is secure and private for them: . The US CLOUD Act from 2018, allows the US Government (and therefore their partners) data access regardless of storage location. . Be smart, self host your data, and if you insist in doing it wrong, encrypt your data before you upload anywhere. https://www.justice.gov/criminal/cloud-act-resources?ref=itsfoss.com

Season Messenger is listening to its users, read on, PFS will be back and quantum resistent cryptography is being implemented among other features. https://getsession.org/blog/session-protocol-v2 #session #privacy #messenger

True story, but soon, that won't be an issue, LLMs are going to replace most of us in many areas and FOSS developers will probably be in the early list. I'll give it 5 years tops. https://itsfoss.com/news/open-source-developers-are-exhausted/

Not that most of you give two cents about it since most don't care about privacy, but if you are one of those rare special individuals, stay away from ChatGTP #ChatGTP In yet another "Your chatbot may be leaking" moment, researchers have uncovered multiple weaknesses in OpenAI's ChatGPT that could allow an attacker to exfiltrate private information from a user's chat history and stored memories.

LOL! You can't make this shit up nostr:nevent1qqsxax9m79fnwpc4e4h44p5pq44egk9298gevlrh6q8ypz0tllnwyyspzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyrm2pulz7rd7dyustyds0hw8h6hlul0gg40zpn9t4sf70exlnn8ykqcyqqqqqqgnd49cd

A small number of samples can poison LLMs of any size https://www.anthropic.com/research/small-samples-poison

Nice move, hopefully Elon Musk will be next to let the public know the names of the politicians pushing to remove our free speech. And the cherry of the pie, the rules do not apply to politicians... The irony, their affairs should be public, yet they do want privacy to cover their corruption.

🚨 Harden your Windows systems using free, trusted open-source tools that cover audit, configuration, and monitoring. You don't need enterprise tools to raise your defense baseline — just a few solid steps. Quick Actions (Under 30 Minutes): • Run Hardentools — disable unsafe defaults instantly. • Use CIS-CAT Lite — identify missing patches, open RDP, or weak policies. • Check Local Admins — remove unused accounts, deploy LAPS for password rotation. • Turn On Logging — enable PowerShell, Windows Defender, and Audit Policy logs. • Run WinAudit — export a report and compare it weekly for unauthorized changes. • Scan with Wazuh or OpenVAS — look for outdated software or exposed services. Key Risks to Watch: 🔑 Reused or shared admin passwords 🌐 Open RDP/SMB without firewall or NLA ⚙️ Old PowerShell versions without logging 🧩 Users running with local admin rights 🪟 Missing Defender Attack Surface Reduction (ASR) rules 📦 Unpatched or unsigned software from third-party repos

🚨 Mobile Apps Leak Data — New findings from Zimperium have revealed that one in three Android apps and more than half of iOS apps leak sensitive data. Nearly half of mobile apps contain hard-coded secrets such as API keys Keep your mobile clean, remove all apps not really needed and be mindful of the ones you install and keep.

🚨 A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid And just like that billions invested in HW security gone, back to the drawing table for Intel and AMD, and those researchers... making this public before a solution is deployed, not cool.

🚨 Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Take time and educate your elders.

🚨 Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. #vulnerability

🚨 Chinese censorship sprang a major leak on September 11, when researchers confirmed that more than 500GB of internal documents, source code, work logs, and internal communications from the so called Great Firewall were dumped online, including packaging repos and operational runbooks used to build and maintain China’s national traffic filtering system. This is hailed as a "game changer" for circumvention tools (e.g., VPNs) and research into GFW vulnerabilities. VPN providers will learn from these documents probably a lot about DPI and how to circumvent it.

🚨 A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.