Yuri Gbur
@yukonsec.bsky.social
Senior Security Consultant, Red Teamer and Security Researcher
Reposted by Yuri Gbur
Can we define the word "GenSplaining" as the issue that a GenAI will always explain everything in waaay too much detail if I do not spend additional effort to limit the output by extending the prompt? Why are precise and short answers not the default?
July 3, 2025 at 11:03 AM
Can we define the word "GenSplaining" as the issue that a GenAI will always explain everything in waaay too much detail if I do not spend additional effort to limit the output by extending the prompt? Why are precise and short answers not the default?
Reposted by Yuri Gbur
1. LLM-generated code tries to run code from online software packages. Which is normal but
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
LLMs hallucinating nonexistent software packages with plausible names leads to a new malware vulnerability: "slopsquatting."
LLMs can't stop making up software dependencies and sabotaging everything
: Hallucinated package names fuel 'slopsquatting'
www.theregister.com
April 12, 2025 at 11:43 PM
1. LLM-generated code tries to run code from online software packages. Which is normal but
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
2. The packages don’t exist. Which would normally cause an error but
3. Nefarious people have made malware under the package names that LLMs make up most often. So
4. Now the LLM code points to malware.
Reposted by Yuri Gbur
35 Jahre nach der Wiedervereinigung und trotzdem haben die Deutschen noch eine Mauer im Stammhirn. Nur scheint die ehemalige Grenze nicht mehr zwischen Ost und West sondern zwischen rechts und noch weiter rechts zu verlaufen...
February 24, 2025 at 7:24 AM
35 Jahre nach der Wiedervereinigung und trotzdem haben die Deutschen noch eine Mauer im Stammhirn. Nur scheint die ehemalige Grenze nicht mehr zwischen Ost und West sondern zwischen rechts und noch weiter rechts zu verlaufen...
If you value your sanity online now is the time to switch to something like Firefox.
February 20, 2025 at 8:23 AM
If you value your sanity online now is the time to switch to something like Firefox.
Reposted by Yuri Gbur
A teen DOGE staffer recently given access to government systems worked at a startup known for hiring convicted hackers. Someone using a Telegram handle associated with him also solicited a cyberattack-for-hire service in 2022. All raising questions about his vetting. www.wired.com/story/edward...
DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
www.wired.com
February 6, 2025 at 7:43 AM
A teen DOGE staffer recently given access to government systems worked at a startup known for hiring convicted hackers. Someone using a Telegram handle associated with him also solicited a cyberattack-for-hire service in 2022. All raising questions about his vetting. www.wired.com/story/edward...
This
I hate CVSS scores!
February 3, 2025 at 9:20 PM
This
Reposted by Yuri Gbur
It is beyond parody that Boeing is essentially saying to regulators "trust me bro."
Doubly so that the trust involves software to avoid stalling. Triply so being on a 737 MAX. I'm just speechless.
simpleflying.com/boeing-faa-e...
Doubly so that the trust involves software to avoid stalling. Triply so being on a 737 MAX. I'm just speechless.
simpleflying.com/boeing-faa-e...
Boeing Asks FAA For Stall-Management Exemption To Certify The 737 MAX 7 & 10
Boeing argued that the exemption would enable quicker certification and delivery of the 737 MAX 7 and 737 MAX 10 aircraft.
simpleflying.com
January 26, 2025 at 8:32 PM
It is beyond parody that Boeing is essentially saying to regulators "trust me bro."
Doubly so that the trust involves software to avoid stalling. Triply so being on a 737 MAX. I'm just speechless.
simpleflying.com/boeing-faa-e...
Doubly so that the trust involves software to avoid stalling. Triply so being on a 737 MAX. I'm just speechless.
simpleflying.com/boeing-faa-e...
Reposted by Yuri Gbur
Can’t argue with facts 🤣
January 26, 2025 at 3:06 PM
Can’t argue with facts 🤣
What's wrong with car makers IT systems... First VW Group (see 38c3) and now Subaru
New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United State...
samcurry.net
January 25, 2025 at 8:14 AM
What's wrong with car makers IT systems... First VW Group (see 38c3) and now Subaru
Reposted by Yuri Gbur
Reposted by Yuri Gbur
Live scenes this morning leaving the apartment for first day of work this year.
a polar bear cub is laying in a pile of hay in a hole .
Alt: A very scruffy looking polar bear leaving a cave in a zoo after hibernation.
Even if they could understand the concept of time, they would have no idea what year it was.
media.tenor.com
January 6, 2025 at 3:08 PM
Live scenes this morning leaving the apartment for first day of work this year.
Reposted by Yuri Gbur
Stop Forcing A.I. into Fucking EVERYTHING!
December 24, 2024 at 3:11 AM
Stop Forcing A.I. into Fucking EVERYTHING!
Reposted by Yuri Gbur
if you're sick of windows 11 nonsense, install linux - you WILL regret it!
January 3, 2025 at 9:59 PM
if you're sick of windows 11 nonsense, install linux - you WILL regret it!
Welcome to 2025
Someone on Reddit searched for (the non-existent) John Wick 5, and Google spared no expense to lie to them.
January 3, 2025 at 3:45 PM
Welcome to 2025
Can definitely recommend watching. It was obvious that there is no free money but I wasn't aware of how disgusting their business model is...
This video on Honey is absolutely wild and worth a watch
Exposing the Honey Influencer Scam
YouTube video by MegaLag
youtu.be
December 23, 2024 at 3:00 PM
Can definitely recommend watching. It was obvious that there is no free money but I wasn't aware of how disgusting their business model is...
Reposted by Yuri Gbur
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
December 12, 2024 at 3:59 PM
Want to run roadrecon, but a device compliance policy is getting in your way? You can use the Intune Company Portal client ID, which is a hardcoded and undocumented exclusion in CA for device compliance. It has user_impersonation rights on the AAD Graph 😃
Reposted by Yuri Gbur
Oh great.
Claude's ability to use your computer also means it can solve CAPTCHAS...
Claude's ability to use your computer also means it can solve CAPTCHAS...
November 29, 2024 at 4:23 AM
Oh great.
Claude's ability to use your computer also means it can solve CAPTCHAS...
Claude's ability to use your computer also means it can solve CAPTCHAS...
Reposted by Yuri Gbur
OH: RDP stands for Ransomware Delivery Protocol
November 23, 2024 at 6:38 PM
OH: RDP stands for Ransomware Delivery Protocol
Reposted by Yuri Gbur
I was skeptical of the “X is slowly cooking your brain” discourse because I don’t think my ideological worldview has shifted much, but having now experienced both Bluesky and X I think the big difference is I got used to fighting/provocation as the standard “tone” of posting without realizing it.
November 23, 2024 at 12:25 PM
I was skeptical of the “X is slowly cooking your brain” discourse because I don’t think my ideological worldview has shifted much, but having now experienced both Bluesky and X I think the big difference is I got used to fighting/provocation as the standard “tone” of posting without realizing it.
Reposted by Yuri Gbur
If you are in cybersecurity repost this so we can all follow each other 😬
November 15, 2024 at 4:53 PM
If you are in cybersecurity repost this so we can all follow each other 😬