SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
LightNews LightNews
techbytom.bsky.social
SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
@techbytom.bsky.social
180 followers 340 following 180 posts
Privacy, motorcycle, and craft beer geek. Adversarial thinker. Blue team your blue team for better red teaming.
Posts Replies Media Videos
techbytom.bsky.social
This tool is an especially powerful and widely applicable one. Don’t get caught up in saying no, infosec.
kostastsale.bsky.social Kostas @kostastsale.bsky.social · 9h
Claude set a strong bar for structured, workflow-driven AI usage, and it’s no surprise we’re now seeing similar ideas across other platforms like OpenAI.

I’ve built DFIR and quick triage workflows that save me hours every time! The time savings really add up, and it’s completely changed how I work.
Agent Skills
Give Codex new capabilities and expertise
developers.openai.com
December 27, 2025 at 12:33 AM
techbytom.bsky.social
ORLY?
December 20, 2025 at 4:47 AM
techbytom.bsky.social
0nrnicrosoft[.]com was registered last night
December 19, 2025 at 2:57 PM
techbytom.bsky.social
When 2040 me can’t give someone a dirty look without it being captured, catalogued, and sold to the surveillance state - this is one of the ways we got there.
December 19, 2025 at 2:18 PM
techbytom.bsky.social
THIS would be an awesome base concept for a team of developers to build as a learning exercise for implementing LLMs that are customer facing.
www.wsj.com/tech/ai/anth...
We Let AI Run Our Office Vending Machine. It Lost Hundreds of Dollars.
An AI agent ran a snack operation in the WSJ newsroom. It gave away a free PlayStation, ordered a live fish—and taught us lessons about the future of AI.
www.wsj.com
December 19, 2025 at 1:21 AM
techbytom.bsky.social
Hey @wiz_io BurbSec really appreciates the CVS sized receipt!
A receipt of drinks from the floor to at least (probably lol) 8’ high
December 18, 2025 at 3:16 AM
techbytom.bsky.social
Not a fan of this company, but I LOVE the 2FA explainer. Very well executed.
December 17, 2025 at 2:46 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
raphaelmudge.bsky.social
Interesting project. Reimplements TCG example loaders in Rust and demonstrates Rust patterns for TCG and Crystal Palace.

One note: my scope, dev, tests, and unit tests are limited to MinGW.

Binary transforms act on patterns gcc generates and moving away from that, you're gonna hit gaps faster.
laachy.bsky.social laachy.bsky.social @laachy.bsky.social · 18d
Implementing PICOs and allowing for easy development in rust github.com/laachy/trade...
@raphaelmudge.bsky.social
github.com
December 9, 2025 at 2:44 AM
techbytom.bsky.social
You know what would make for an epic third party compromise? xterm.js
December 8, 2025 at 10:21 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
eff.org
Fed up with this dystopian nightmare? We are too. That's why we're pushing back against surveillance tech and government censorship, both in the courts and on the streets. Help us today: eff.org/power-up
Double Your Impact on Privacy & Free Speech
Right now, your donation to EFF gets an automatic 2X match! Don't let tyrants co-opt tech.
supporters.eff.org
December 3, 2025 at 9:03 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
lookitup.baby
A perfect CVSS 10 🧑🏻‍🍳💋

CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components

The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack

Upgrade immediately!
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
react.dev
December 3, 2025 at 4:23 PM
techbytom.bsky.social
Hey everyone. It's currently 2025 (and almost 2026). If you're scraping sites and not running javascript, you probably aren't going to render most of the content ;)
December 3, 2025 at 10:36 PM
techbytom.bsky.social
DeepSeek kills it again. If you haven’t read the white paper (huggingface.co/deepseek-ai/...) you should.

1/5th of the GPU time for large contexts in a single generation. The approach just makes sense too - your LLM doesn’t need to constantly re-evaluate the entirety of the prompt and response.
huggingface.co
December 2, 2025 at 3:00 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
bsides312.org
Something extra to be thankful for this week: our CFP and CFV are officially OPEN for #BSides312! 🎤🙌
Got something you want to share on May 16, 2026? Or want to volunteer?
Forms are live on our website—see you in May!
#BSides
bsides312.org
BSides312 - Chicago's Hacking Conference
BSides312 is Chicago's biggest little non-profit hacking & information security conference.
bsides312.org
November 27, 2025 at 8:30 PM
techbytom.bsky.social
Ooof
ellisor.net Lance Ellisor @ellisor.net · Nov 18
when cloudflare is down and downdetector’s captcha runs on cloudflare
November 18, 2025 at 3:25 PM
techbytom.bsky.social
Our modern dystopia. Sometimes it’s hard to believe this can be rolled back.
josephcox.bsky.social Joseph Cox @josephcox.bsky.social · Nov 17
New: this app lets ICE track vehicles and owners across the country. ICE uses phone to scan license plates, add to a database of billions of records. Thomson Reuters then enriches that with marriage, voter, other info. Can predict where a car will be in the future
www.404media.co/this-app-let...
This App Lets ICE Track Vehicles and Owners Across the Country
Material viewed by 404 Media shows data giant Thomson Reuters enriches license plate data with marriage, voter, and ownership records. The tool can predict where a car may be in the future.
www.404media.co
November 17, 2025 at 3:02 PM
techbytom.bsky.social
If you’re involved in any form of protest organization or center/left leaning politics, go enable Lockdown Mode NOW. ssd.eff.org/module/how-t...
November 8, 2025 at 12:29 AM
techbytom.bsky.social
What do I win?
Image showing that he was included in the Synthient Credential Stuffing Threat Data dump
November 7, 2025 at 5:59 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
eff.org
“We should have banned government use of face recognition when we had the chance because it is dangerous, invasive, and an inherent threat to civil liberties,” EFF’s @MGuariglia.bsky.social told @404Media.co. www.404media.co/ice-and-cbp...
ICE and CBP Agents Are Scanning Peoples’ Faces on the Street To Verify Citizenship
Videos on social media show officers from ICE and CBP using facial recognition technology on people in the field. One expert described the practice as “pure dystopian creep.”
www.404media.co
October 29, 2025 at 8:03 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
raphaelmudge.bsky.social
As new projects, blog posts, and other efforts around TCG show up, I'm listing them here:

tradecraftgarden.org/references.h...

I've put together a Friends of the Tradecraft Garden list on BlueSky too:

bsky.app/profile/did:...

Thank you for building, exploring, & teaching w/ this young project 🪴
October 30, 2025 at 4:24 AM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
j0hnnyxm4s.johnnyxmas.net
I fixed the MCP server from the Kali repo so it's no longer openly hosting an authentication-free instance of Kali for everyone on your network to freely enjoy like your favorite PornHub category

github.com/johnnyxmas/M...
GitHub - johnnyxmas/MCP-Kali-Server: MCP configuration to connect AI agent to a Linux machine.
MCP configuration to connect AI agent to a Linux machine. - johnnyxmas/MCP-Kali-Server
github.com
October 26, 2025 at 8:29 PM
Reposted by SecByT̷͔̼̯̖̟͔͎͑̽o̶͚̠̰͚̩̻̝̰͂̿̔̄̊́͘m̷̡̟̍́̏̔
calz0n3.bsky.social
LibCPLTest: A shared library for Crystal Palace that allows you to unit test your PICOs. It's nothing too fancy, just a few helper functions and a macro, but it's helped me to create a consistent framework for testing my PIC capabilities.

github.com/ofasgard/Lib...
GitHub - ofasgard/LibCPLTest: A shared library for Crystal Palace that allows you to unit test your PICOs.
A shared library for Crystal Palace that allows you to unit test your PICOs. - ofasgard/LibCPLTest
github.com
October 21, 2025 at 4:06 PM
techbytom.bsky.social
Donate. Please, please support the @EFF! Our collective privacy has never been more important or more at risk.
eff.org Electronic Frontier Foundation @eff.org · Oct 17
Technology like Flock and Ring doesn’t make people safer, it just subjects them to a round-the-clock warrantless digital dragnet. “Privacy isn’t dangerous, but giving privacy up for a false sense of security is very dangerous,” EFF’s Jennifer Pinsof told @CNBC.com. www.cnbc.com/2025/10/16/...
October 17, 2025 at 12:12 AM
techbytom.bsky.social
HEY EVERY VENDOR. Remember all those times I was a HUGE PITA because you wanted a non-redacted copy of my ID? Yeah, this is why.
404media.co 404 Media @404media.co · Oct 9
BREAKING: A catastrophic breach has impacted Discord user data including selfies and identity documents uploaded as part of the app’s verification process, email addresses, phone numbers, approximately where the user lives, and much more.

🔗 www.404media.co/the-discord-...
The Discord Hack is Every Users’ Worst Nightmare
A hack impacting Discord’s age verification process shows in stark terms the risk of tech companies collecting users’ ID documents. Now the hackers are posting peoples’ IDs and other sensitive informa...
www.404media.co
October 10, 2025 at 1:31 AM
techbytom.bsky.social
This, your company shouldn’t store this in email, ticketing, or ANYWHERE for any amount of time, ever.
malwaretech.com Marcus Hutchins @malwaretech.com · Oct 3
According to their blog: "The unauthorized party also gained access to a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive."
October 4, 2025 at 2:39 PM