TechnoTenshi 🏳️⚧️
@technotenshi.bsky.social
Polyglot coder, proud trans girl 🏳️⚧️. Passionate about infosec, privacy, trans rights. Sharing transition journey, tech insights. Into distributed systems, Final Fantasy. Enjoys J-pop, girl K-pop, J-metal. Collects anime figures, cosplays.
Pinned
I need to disconnect for a bit. The news is too much right now, and my mental health's taking a hit. I’ll be muting some stuff and stepping back. Dealing with GAD, PAD, and MDD—I just can’t today.
Reposted by TechnoTenshi 🏳️⚧️
Reposted by TechnoTenshi 🏳️⚧️
American Archive of Public Broadcasting fixes bug exposing restricted media
American Archive of Public Broadcasting fixes bug exposing restricted media
A vulnerability in the American Archive of Public Broadcasting's website allowed downloading of protected and private media for years, with the flaw quietly patched this month.
www.bleepingcomputer.com
September 22, 2025 at 8:39 PM
American Archive of Public Broadcasting fixes bug exposing restricted media
Security alert: Malicious versions of the nx build tool compromised GitHub accounts, stealing wallets, API keys, and credentials. Impacted users may see a "s1ngularity-repository" created in their org. Update nx, check repos, and rotate secrets.
#SupplyChainSecurity #AppSec #Malware #GitHub
#SupplyChainSecurity #AppSec #Malware #GitHub
Security Alert | NX Compromised to Steal Wallets and Credentials
What is s1ngularity-repository? Nx is compromised and the malware steals wallets and API keys using Claude CLI or Gemini.
semgrep.dev
August 27, 2025 at 4:32 PM
Security alert: Malicious versions of the nx build tool compromised GitHub accounts, stealing wallets, API keys, and credentials. Impacted users may see a "s1ngularity-repository" created in their org. Update nx, check repos, and rotate secrets.
#SupplyChainSecurity #AppSec #Malware #GitHub
#SupplyChainSecurity #AppSec #Malware #GitHub
Reposted by TechnoTenshi 🏳️⚧️
Orlando wasn’t having what DeSantis did. They recolored the Pulse Memorial crosswalk.
August 22, 2025 at 12:04 AM
Orlando wasn’t having what DeSantis did. They recolored the Pulse Memorial crosswalk.
Investigation finds 35 registered California data brokers hid opt-out or deletion pages from search engines, making it harder for consumers to remove personal data. Several companies removed the code after being contacted.
#privacy #databrokers #infosec #ccpa
#privacy #databrokers #infosec #ccpa
We caught companies making it harder to delete your personal data online – The Markup
Dozens of companies are hiding how you can delete your personal data, The Markup and CalMatters found. After our reporters reached out for comment, multiple companies have stopped the practice.
themarkup.org
August 13, 2025 at 4:24 PM
Investigation finds 35 registered California data brokers hid opt-out or deletion pages from search engines, making it harder for consumers to remove personal data. Several companies removed the code after being contacted.
#privacy #databrokers #infosec #ccpa
#privacy #databrokers #infosec #ccpa
NGINX releases preview of native ACME protocol support via new Rust-based module, enabling direct SSL/TLS certificate issuance and renewal from configuration without external tools like Certbot, aiming to simplify management and improve security.
#nginx #acme #ssl #infosec
#nginx #acme #ssl #infosec
NGINX Introduces Native Support for ACME Protocol – NGINX Community Blog
blog.nginx.org
August 13, 2025 at 4:22 PM
DEF CON faces backlash over deepening ties with U.S. military, defense contractors, and planned expansions into Bahrain and Singapore, sparking protests from hacktivists and renewed debate over its counterculture image.
#cybersecurity #infosec #hackers #privacy
#cybersecurity #infosec #hackers #privacy
When counterculture and empire merge
DEF CON has alienated many hackers by officially aligning its geopolitics with those of the U.S. military and announcing partnerships with the authoritarian countries of Bahrain and Singapore.
jackpoulson.substack.com
August 13, 2025 at 4:20 PM
DEF CON faces backlash over deepening ties with U.S. military, defense contractors, and planned expansions into Bahrain and Singapore, sparking protests from hacktivists and renewed debate over its counterculture image.
#cybersecurity #infosec #hackers #privacy
#cybersecurity #infosec #hackers #privacy
Tea app breach worsens: second exposed database includes 1.1M private messages, including sensitive personal conversations. 59GB of user data including selfies, IDs, and chat images now circulating on hacking forums.
#DataBreach #Privacy #CyberSecurity #Infosec
#DataBreach #Privacy #CyberSecurity #Infosec
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exch...
www.bleepingcomputer.com
July 29, 2025 at 12:49 AM
Tea app breach worsens: second exposed database includes 1.1M private messages, including sensitive personal conversations. 59GB of user data including selfies, IDs, and chat images now circulating on hacking forums.
#DataBreach #Privacy #CyberSecurity #Infosec
#DataBreach #Privacy #CyberSecurity #Infosec
Compromised `num2words` v0.5.15 hit PyPI without a GitHub tag, linked to "Scavenger" threat actor. Quickly removed, but some projects may have auto-updated. Check and downgrade.
#SupplyChainSecurity
#SupplyChainSecurity
Supply Chain Security Alert: num2words PyPI Package Shows Signs of Compromise - StepSecurity
Popular Python Package num2words v0.5.15 Published Without Repository Tag, Linked to Known Threat Actor
www.stepsecurity.io
July 28, 2025 at 11:44 PM
Compromised `num2words` v0.5.15 hit PyPI without a GitHub tag, linked to "Scavenger" threat actor. Quickly removed, but some projects may have auto-updated. Check and downgrade.
#SupplyChainSecurity
#SupplyChainSecurity
WhoFi is a new system that identifies people using only Wi-Fi signals instead of cameras. It uses a Transformer model to analyze signal changes caused by someone walking. On the NTU-Fi dataset, it got 95.5% top accuracy.
#machinelearning #wifi #biometrics #cybersecurity
#machinelearning #wifi #biometrics #cybersecurity
WhoFi: Deep Person Re-Identification via Wi-Fi Channel Signal Encoding
arxiv.org
July 25, 2025 at 6:49 PM
WhoFi is a new system that identifies people using only Wi-Fi signals instead of cameras. It uses a Transformer model to analyze signal changes caused by someone walking. On the NTU-Fi dataset, it got 95.5% top accuracy.
#machinelearning #wifi #biometrics #cybersecurity
#machinelearning #wifi #biometrics #cybersecurity
A Firebase misconfiguration exposed 72,000 images including selfies and IDs from women's safety app Tea. Data was posted on 4chan before being locked down. Breach also included some DMs, per company. Incident tied to 2023 data.
#infosec #databreach #privacy #firebase
#infosec #databreach #privacy #firebase
archive.ph
July 25, 2025 at 6:46 PM
A Firebase misconfiguration exposed 72,000 images including selfies and IDs from women's safety app Tea. Data was posted on 4chan before being locked down. Breach also included some DMs, per company. Incident tied to 2023 data.
#infosec #databreach #privacy #firebase
#infosec #databreach #privacy #firebase
A new proof shows quantum cryptography can be built on problems even harder than NP, offering security beyond classical encryption. Researchers introduced "one-way puzzles" to replace traditional cryptographic foundations.
#QuantumComputing #Cryptography #Infosec #PostQuantum
#QuantumComputing #Cryptography #Infosec #PostQuantum
Quantum Scientists Have Built a New Math of Cryptography | Quanta Magazine
In theory, quantum physics can bypass the hard mathematical problems at the root of modern encryption. A new proof shows how.
www.quantamagazine.org
July 25, 2025 at 5:48 PM
A new proof shows quantum cryptography can be built on problems even harder than NP, offering security beyond classical encryption. Researchers introduced "one-way puzzles" to replace traditional cryptographic foundations.
#QuantumComputing #Cryptography #Infosec #PostQuantum
#QuantumComputing #Cryptography #Infosec #PostQuantum
The Internet Archive has been designated a federal depository library, expanding its role in preserving and providing digital access to U.S. government documents amid ongoing legal battles over copyright.
#DigitalPreservation #InternetArchive #OpenAccess #LibraryNews
#DigitalPreservation #InternetArchive #OpenAccess #LibraryNews
SF-Based Internet Archive Is Now a Federal Depository Library. What Does That Mean? | KQED
The Internet Archive, thanks to its designation by California Sen. Alex Padilla, joins a network of over 1,100 libraries that make government documents accessible to the public.
www.kqed.org
July 25, 2025 at 5:47 PM
The Internet Archive has been designated a federal depository library, expanding its role in preserving and providing digital access to U.S. government documents amid ongoing legal battles over copyright.
#DigitalPreservation #InternetArchive #OpenAccess #LibraryNews
#DigitalPreservation #InternetArchive #OpenAccess #LibraryNews
Attackers spoofed Google using a DKIM replay exploit and a Google Sites phishing page to deliver fake subpoena emails that passed SPF, DKIM, and DMARC checks. Trusted infrastructure used to bypass user skepticism.
#EmailSecurity #Phishing #DKIM #DMARC
#EmailSecurity #Phishing #DKIM #DMARC
Google Spoofed Via DKIM Replay Attack: A Technical Breakdown
Learn how a Google spoof used a DKIM replay attack to bypass email security and trick users with a fake subpoena in this real-world phishing case.
easydmarc.com
July 25, 2025 at 5:45 PM
Attackers spoofed Google using a DKIM replay exploit and a Google Sites phishing page to deliver fake subpoena emails that passed SPF, DKIM, and DMARC checks. Trusted infrastructure used to bypass user skepticism.
#EmailSecurity #Phishing #DKIM #DMARC
#EmailSecurity #Phishing #DKIM #DMARC
SecretSpec offers a new declarative approach to secrets management, enabling one spec to work across local dev, CI/CD, and production with different providers, all without changing app code. Not a paid promotion or endorsement.
#DevSecOps #SecretsManagement #OpenSource #Infosec
#DevSecOps #SecretsManagement #OpenSource #Infosec
Announcing SecretSpec: Declarative Secrets Management - devenv
Fast, Declarative, Reproducible, and Composable Developer Environments using Nix
devenv.sh
July 21, 2025 at 6:43 PM
SecretSpec offers a new declarative approach to secrets management, enabling one spec to work across local dev, CI/CD, and production with different providers, all without changing app code. Not a paid promotion or endorsement.
#DevSecOps #SecretsManagement #OpenSource #Infosec
#DevSecOps #SecretsManagement #OpenSource #Infosec
The UK may retreat from forcing Apple to break end-to-end encryption after US pressure, fearing damage to tech deals and privacy agreement violations. Apple and WhatsApp are challenging the order in court.
#Encryption #Privacy #UKTechPolicy #Infosec
#Encryption #Privacy #UKTechPolicy #Infosec
UK backing down on Apple encryption backdoor after pressure from US
UK officials fear their insistence on backdoor endangers tech deals with US.
arstechnica.com
July 21, 2025 at 6:41 PM
The UK may retreat from forcing Apple to break end-to-end encryption after US pressure, fearing damage to tech deals and privacy agreement violations. Apple and WhatsApp are challenging the order in court.
#Encryption #Privacy #UKTechPolicy #Infosec
#Encryption #Privacy #UKTechPolicy #Infosec
A new method shows how to encode up to 45 characters of text in a shuffled 52-card deck using Lehmer codes and the factorial number system. With 225 bits of data capacity, it's a subtle way to hide messages in plain sight.
#Infosec #Steganography #Privacy #Crypto
#Infosec #Steganography #Privacy #Crypto
Asher Falcon
Asher Falcon's personal website - Software engineer and student
asherfalcon.com
July 21, 2025 at 6:40 PM
A new method shows how to encode up to 45 characters of text in a shuffled 52-card deck using Lehmer codes and the factorial number system. With 225 bits of data capacity, it's a subtle way to hide messages in plain sight.
#Infosec #Steganography #Privacy #Crypto
#Infosec #Steganography #Privacy #Crypto
A US citizen deleted their entire social media history before traveling, fearing border scrutiny. In 2025, social media feels less like self-expression and more like self-incrimination. The shift reflects growing concerns over digital permanence and surveillance.
#Privacy #Surveillance #SocialMedia
#Privacy #Surveillance #SocialMedia
Deleting social media presence before visiting the US
Column: In 2025, social media has moved from self-expression to self-entrapment
www.theregister.com
July 21, 2025 at 6:38 PM
A US citizen deleted their entire social media history before traveling, fearing border scrutiny. In 2025, social media feels less like self-expression and more like self-incrimination. The shift reflects growing concerns over digital permanence and surveillance.
#Privacy #Surveillance #SocialMedia
#Privacy #Surveillance #SocialMedia
Cloudflare's 1.1.1.1 DNS Resolver was globally unavailable for over an hour on July 14 due to a legacy config error triggered during a DLS service update. DoH remained mostly unaffected. Incident caused major disruption.
#dns #cloudflare #networking #outage
#dns #cloudflare #networking #outage
Cloudflare 1.1.1.1 Incident on July 14, 2025
On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Re...
blog.cloudflare.com
July 16, 2025 at 4:28 PM
Cloudflare's 1.1.1.1 DNS Resolver was globally unavailable for over an hour on July 14 due to a legacy config error triggered during a DLS service update. DoH remained mostly unaffected. Incident caused major disruption.
#dns #cloudflare #networking #outage
#dns #cloudflare #networking #outage
Ukrainian hackers, with military intel support, wiped 47TB of data from Russian drone maker Gaskar Integration, halting operations and exposing links with China. Systems and backups destroyed, production paralyzed.
#cybersecurity #infosec #Ukraine #cyberwar
#cybersecurity #infosec #Ukraine #cyberwar
Українські хакери знищили IT-інфраструктуру російського виробника дронів: що відомо
Українські кіберактивісти у співпраці з військовою розвідкою успішно паралізували діяльність одного з найбільших російських виробників безпілотників — компанії "Гаскар Інтеграция". Внаслідок атаки зни...
prm.ua
July 16, 2025 at 4:27 PM
Ukrainian hackers, with military intel support, wiped 47TB of data from Russian drone maker Gaskar Integration, halting operations and exposing links with China. Systems and backups destroyed, production paralyzed.
#cybersecurity #infosec #Ukraine #cyberwar
#cybersecurity #infosec #Ukraine #cyberwar
Typage 0.2.3 adds support for encrypting files with passkeys via WebAuthn PRF, enabling phishing-resistant, hardware-bound symmetric encryption in browser and CLI with age-plugin-fido2prf.
#WebAuthn #Passkeys #Encryption #FIDO2
#WebAuthn #Passkeys #Encryption #FIDO2
Encrypting Files with Passkeys and age
Encrypting files with passkeys, using the WebAuthn prf extension and the TypeScript age implementation.
words.filippo.io
July 15, 2025 at 8:27 PM
Typage 0.2.3 adds support for encrypting files with passkeys via WebAuthn PRF, enabling phishing-resistant, hardware-bound symmetric encryption in browser and CLI with age-plugin-fido2prf.
#WebAuthn #Passkeys #Encryption #FIDO2
#WebAuthn #Passkeys #Encryption #FIDO2
PCA Cyber Security uncovered critical BlueSDK Bluetooth flaws enabling the "PerfektBlue" attack to remotely execute code on car infotainment systems and potentially control vehicle functions.
#CyberSecurity #CarHacking #BluetoothVulnerability #InfotainmentSecurity
#CyberSecurity #CarHacking #BluetoothVulnerability #InfotainmentSecurity
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack
Critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems.
www.securityweek.com
July 10, 2025 at 6:51 PM
PCA Cyber Security uncovered critical BlueSDK Bluetooth flaws enabling the "PerfektBlue" attack to remotely execute code on car infotainment systems and potentially control vehicle functions.
#CyberSecurity #CarHacking #BluetoothVulnerability #InfotainmentSecurity
#CyberSecurity #CarHacking #BluetoothVulnerability #InfotainmentSecurity
FOKS launches as a federated, end-to-end post-quantum encrypted Git and KV hosting tool, with support for YubiKeys, team management, and privacy-preserving metadata. Fully open-source and bootstrapped.
#Encryption #PostQuantum #OpenSource #DevSecOps
#Encryption #PostQuantum #OpenSource #DevSecOps
Federated Open Key Service (FOKS)
foks.pub
July 10, 2025 at 5:11 PM
FOKS launches as a federated, end-to-end post-quantum encrypted Git and KV hosting tool, with support for YubiKeys, team management, and privacy-preserving metadata. Fully open-source and bootstrapped.
#Encryption #PostQuantum #OpenSource #DevSecOps
#Encryption #PostQuantum #OpenSource #DevSecOps
Netflix: "That hot new anime you’ve all been waiting for? Kaoru Hana wa Rin to Saku? Yeah, it's airing in Japan... but the rest of you? Wait until September..."
Me: "Aye aye, Captain... found it already!" 🏴☠️🦜
#netflix #netflixjail #kaouruhana
Me: "Aye aye, Captain... found it already!" 🏴☠️🦜
#netflix #netflixjail #kaouruhana
July 8, 2025 at 4:52 AM
Netflix: "That hot new anime you’ve all been waiting for? Kaoru Hana wa Rin to Saku? Yeah, it's airing in Japan... but the rest of you? Wait until September..."
Me: "Aye aye, Captain... found it already!" 🏴☠️🦜
#netflix #netflixjail #kaouruhana
Me: "Aye aye, Captain... found it already!" 🏴☠️🦜
#netflix #netflixjail #kaouruhana