LightNews LightNews
adedommelin.bsky.social
@adedommelin.bsky.social
18 followers 78 following 0 posts
Posts Replies Media Videos
Reposted
renniepak.nl
Added a small feature to cspbypass.com to warn the user if unsafe-inline is detected, in which case you typically don’t need to waste time hunting for 3rd-party whitelisted CSP bypasses and go straight to inline scripts / event handlers.
February 7, 2026 at 6:50 PM
Reposted
mattdpearce.com
I don’t want to seem out of touch but I don’t actually understand the economy anymore.
A LinkedIn ad showing Jensen Huang shaking hands with some vague fashion executive: L'OREAL 6,204,444 followers Promoted We're thrilled to announce a collaboration with NVIDIA to supercharge beauty with next-gen Al. WELCOME TO NVIDIA L'ORÉAL GROUPE
November 18, 2025 at 3:23 AM
Reposted
nature.com
Researchers have been sneaking secret messages into their papers in an effort to trick AI tools into giving them a positive peer-review report

Read the full story: www.nature.com/articles/d41...
July 15, 2025 at 1:48 PM
Reposted
keithamus.social
Your regular reminder being laid off is not a condemnation of you or (likely) your manager, but instead a signal of incompetence from upper management. Their job is to keep the business sustainable and they failed, and you get to pay the price.

www.theverge.com/news/693535/...
Microsoft is laying off as many as 9,000 employees
Xbox will end or decrease work ‘in certain areas’
www.theverge.com
July 2, 2025 at 5:28 PM
Reposted
gergely.pragmaticengineer.com
Now THIS is what a customer-centric app is.

Most banks keep sending out warning emails about impersonation and scams.

Any app can implement this capability with a little coding + backend work (assuming their BE sensible enough): and yet Monzo is the first one I’ve heard do it.
June 4, 2025 at 8:10 AM
Reposted
thoughtrise.bsky.social
unfollowing everyone on linkedin except this guy
linkedin post screenshot: Ken Cheng - I want to connect with you, emotionally) Al will never be able to write like me. Why? Because | am now inserting random sentences into every post to throw off their language learning models. Any Al emulating me will radiator freak yellow horse spout nonsense. 1 wiite all my emails, That's Not My Baby and reports like this to protect my data waffle iron 40% off. 1 suggest all writers and artists do the same Strawberry mango Forklift. The robot nerds will never get the better of Ken Hey can | have whipped cream please? Cheng. We can tuna fish tango foxtrot defeat Al. We just have to talk like this. All. The. Time. Piss on carpet
April 23, 2025 at 6:35 AM
Reposted
taggart-tech.com
If you have a once-public, now-private (or deleted) repo on GitHub, no matter what Microsoft says, it could very well be exposed via Copilot.

www.lasso.security/b...
Lasso Research: Fortune 500 Companies found Exposed in Microsoft Copilot via Bing Cache. Read Now.
Fortune 500 companies’ sensitive data was exposed through Microsoft Copilot via Bing Cache, raising serious privacy and security concerns. Discover how this happened and what it means for enterprise security. Read the full research now.
www.lasso.security
March 3, 2025 at 6:51 AM
Reposted
malwarejake.bsky.social
Not all heroes wear capes.
jenmsft.bsky.social Jen Gentleman @jenmsft.bsky.social · Feb 27
Fun fact - on Windows, if you press WIN + Period(.), it includes ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯ to make it easy if you want to put it in a message, and I'm the one that added it
scalzi.com John Scalzi @scalzi.com · Feb 26
RESOLVED: ¯\_(ツ)_/¯ is so much more expressive and therefore preferable than 🤷

Discuss
February 27, 2025 at 12:22 PM
Reposted
malwarejake.bsky.social
Science is supported by facts and evidence.

Conspiracy is supported by the lack of them.
January 26, 2025 at 10:50 AM
Reposted
daniel.haxx.se
CVSS is dead to us daniel.haxx.se/blog/2025/01... #curl
CVSS is dead to us
CVSS is short for Common Vulnerability Scoring System and is according to Wikipedia a technical standard for assessing the severity of vulnerabilities in computing systems. Typically you use an online...
daniel.haxx.se
January 23, 2025 at 10:50 AM
Reposted
cert-fr.bsky.social
⚠️Alerte CERT-FR⚠️

CERTFR-2025-ALE-002 : La vulnérabilité CVE-2024-55591 affecte les équipements Fortinet et permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.
Elle est activement exploitée.
www.cert.ssi.gouv.fr/alerte/CERTF...
Vulnérabilité dans les produits Fortinet - CERT-FR
www.cert.ssi.gouv.fr
January 14, 2025 at 5:07 PM
Reposted
taggart-tech.com
Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:

"If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed."

securityonline.info/...
CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers
Find out about the Next.js vulnerability CVE-2024-51479 that could have exposed sensitive data. Take necessary measures to secure your Next.js application.
securityonline.info
December 20, 2024 at 4:52 AM
Reposted
camw.ing
In 2025 (less than 30 days away), PayPal will start selling your transaction history for targeted advertising.

I very highly recommend logging into your account and going to Settings > Data & Privacy > Personalized Shopping.

If you're reading this, turn that off RIGHT NOW before you forget.
A screenshot of PayPal's terms of service. Big wall of legalese text, which I will be pasting in below. You don't need to read it, here's the important part: "The key update to the Privacy Statement explains how we will share information with merchants to personalize your shopping experience and recommend our services to you. Personal information we disclose includes, for example, products, preferences, sizes, and styles we think you’ll like. Information gathered about you after the effective date of our updated Privacy Statement, November 27, 2024, will be shared with participating stores where you shop." Here's the whole paragraph: We are updating our Privacy Statement to explain how, starting early Summer 2025, we will share information to help improve your shopping experience and make it more personalized for you. The key update to the Privacy Statement explains how we will share information with merchants to personalize your shopping experience and recommend our services to you. Personal information we disclose includes, for example, products, preferences, sizes, and styles we think you’ll like. Information gathered about you after the effective date of our updated Privacy Statement, November 27, 2024, will be shared with participating stores where you shop, unless you live in California, North Dakota, or Vermont. For PayPal customers in California, North Dakota, or Vermont, we’ll only share your information with those merchants if you tell us to do so. No matter where you live, you’ll always be able to exercise your right to opt out of this data sharing by updating your preference settings in your account under “Data and Privacy.”
December 5, 2024 at 9:12 PM
Reposted
akacki.net
HO HO HOLY FUCKING SHIT
fenrisgames.com ian.fenrisgames @fenrisgames.com · Dec 1
Finished the new decorations *just* in time for December.
Prop from "The Rock" - several strings of glass balls filled with lurid green gel, hanging from brass and wire clips and a cast endcap.
December 1, 2024 at 4:03 PM
Reposted
agarri.fr
Like TweetDeck, but for Bluesky 🤩 (highly useful if you manage more than one account) deck.blue
Screenshot showing DeckBlue with two accounts
November 15, 2024 at 11:52 AM
Reposted
jay.bsky.team
Bluesky now has over 20M people!! 🎉

We've been adding over a million users per day for the last few days. To celebrate, here are 20 fun facts about Bluesky:
November 19, 2024 at 6:51 PM