AI
Cyberspike Villager – Cobalt Strike’s AI-native Successor
Straiker uncovers Villager, a Chinese-based pentesting framework that acts as an AI-powered framework in the style of Cobalt Strike, automating hacking and lowering the barrier for global attackers.
'Powerful but dangerous' full MCP support beta for ChatGPT arrives
OpenAI has added a beta of Developer mode to ChatGPT, enabling full read and write support for MCP (Model Context Protocol) tools, though the documentation describes the feature as dangerous. The feature could link ChatGPT to Stripe so that the AI can raise invoices and send them in response to a prompt. There is a Confirm button before an action is taken but this can be disabled.
Politics
Florida vaccine mandate rollback falters after Trump criticism
Cassidy calls on RFK Jr. to publicly support whooping cough vaccine amid outbreak
In 2024, six times the number of whooping cough — or pertussis — cases were recorded than the prior year.
Kaiser: Flu and COVID-19 Vaccine Locations
MAGA’s plan for a white Christian America is unfolding before our eyes
The glue that binds the NatCon coalition is their contempt for the proceduralism of the conservatism that preceded them, their conviction that Republicans’ old focus on small government and personal liberty amounted to nothing more than unilateral disarmament against the teeming hordes of the left. Seizing and wielding federal political power, not restraining it, is the mission.
The country belongs to the descendants of white Europeans who took the land from the violent Native Americans fair and square because they were just plain superior.
Elon Musk calls for dissolution of parliament at far-right rally in London
He was addressing the ‘unite the kingdom’ protest organised by Tommy Robinson via video link.
He railed against the “woke mind virus” and told the crowd that “violence is coming” and that “you either fight back or you die”. “Whether you choose violence or not, violence is coming to you. You either fight back or you die, that’s the truth, I think.” Musk also told the crowd “the left are the party of murder.”
Mastodon Rolls Out Features to Stop Nasty Online 'Dunks'
Users will receive a notification when their post is quote-shared and will be able to remove the original post from the other user’s post. Users will also be able to adjust their settings to stop a particular post from being quote-shared in the future.
Revealed: Apple is teaching its AI to adapt to the Trump era
Sensitive topics now include DEI policies, vaccines and elections, as well as artificial intelligence itself.
Your neighborhood could get seven-story buildings if it's near a train station
Americans don't think college is worth it. It is.
Infosec
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
Unlike the original Petya/NotPetya, HybridPetya can compromise modern UEFI-based systems by installing a malicious EFI application onto the EFI System Partition.
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
The code seems to be just a proof-of-concept. It exploits a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.
How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations
Because these services are designed to monitor for and detect threats, EDR systems monitor system activity. An attacker insstalled Huntress, so they published items from his browser history, showing the tools and AIs he used.
Huntress's 'hilarious' attacker surveillance splits infosec community
Huntress was criticized for failing to notify authorities, and for invasion of privacy.
Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework
It's a Phishing-as-a-Service (PhaaS) operation, targeting Microsoft and Google accounts. The service uses Adversary-in-the-Middle (AitM) techniques, capturing credentials, MFA codes and session tokens. It can bypass the protection of several common MFA methods, such as SMS codes and one-time passwords (OTP) from authenticator apps, but it doesn't work for Passkeys or Okta FastPass authentication.
Passkey Security: Phishing Resistance
Passkeys never present the credential to the wrong site, thus defeating the essence of phishing. For example, a user can be tricked into typing the password for company.com om the website for compannyy.com (which has some extra letters), but the system would never do this since it requires an exact match between the domain the passkey was issued to and the domain that the user is on.
'WhiteCobra' floods VSCode market with crypto-stealing extensions
In a public post, core Ethereum developer Zak Cole described how his wallet was drained after using a seemingly legitimate extension (contractshark.solidity-lang) for Cursor code editor. The extension featured all the signs of a benign product with professionally designed icon, a detailed description, and 54,000 downloads on OpenVSX, Cursor's official registry.
AI Podcast Start Up Plans 5,000 Shows, 3,000 Episode a Week
Human podcasters cost millions, so Inception Point AI plans to flood the zone with AI podcasts and become influencers across social media, literature and more.
“We believe that in the near future half the people on the planet will be AI, and we are the company that’s bringing those people to life.”
The Elephant in The Biz: outsourcing of critical IT and cybersecurity functions risks UK economic security
Recently, there’s been three major UK ransomware and/or extortion incidents at three big UK companies — Co-op Group, Marks and Spencer and Jaguar Land Rover. One thing connects them all: in the past 5 years, they all outsourced key IT and cybersecurity services to TCS, aka Tata Consultancy Services.
|