Sensitive content
Dakota Pink in Metart View on Loforo »
サークル「AliceFlag(https://www.pixiv.net/users/338245)」の ブルーアーカイブ -Blue Archive-美少女イラスト合同誌 【 Girls Archfreng (pixiv)
Rage Against the Machine – The Ghost of Tom Joad
Watch| The staff of the Health and Environment Department in Hebron Municipality bid their final farewell to their colleague, Ziyad Naim Jabara Abu Dawood, who was killed by Israeli occupation gunfire last night. #Israeltiktokgenocide.com
I wonder though.
How slippery are those stones after a longer period of high tide?
Was just thinking of the boat ramp.
I made sure not to get the rear tiers wheat, in case the concrete under water would be slippery.
It all went well. Then wearing boots, I went down, curious of how slippery it might be? Lord in heaven, I was so close to falling, and I just put one foot there.
Gematsu just posted:
Dragon Quest VII Reimagined character trailer – protagonist
Square Enix has released the first in a series of character trailers for Dragon Quest …
gematsu.com/2025/12/dragon-que…
Square Enix has released the first in a series of character trailers for Dragon Quest VII Reimagined, introducing the game’s player-named protagonist.Sal Romano (Gematsu)
So apparently I'm an otrovert.
ladbible.com/news/science/psyc…
Most of us tend to categorise ourselves into either introvert or extrovert, but did you know there's now another personality type called 'otrovert'?Lucy Devine (LADbible)
"All Cats Are Beautiful" (EN: English)
Source: instagram:@le_felin.noir
Original: gateway.ipfs.anarchiststickers…
Permalink: anarchiststickersarchive.org/s…
This project on its surface is as simple as it sounds: it's an archive, of stickers, from the anarchists' scenes around the world. That's it.anarchiststickersarchive.org
Anarchist Library: **Anonymous - The Tyranny of the Group Chat**
theanarchistlibrary.org/librar…
Author: AnonymousTitle: The Tyranny of the Group ChatSubtitle: Signal Fails 2.0 & for telephone desertionDate: November 2025Notes: From Rumoer MagazineSource: Retrived on 12/05/25 from rumoer.noblogs.org
"In these times, nearly everyone in our surroundings is constantly carrying a mobile phone (whether“smart” or not). Phones
Anonymous The Tyranny of the Group Chat Signal Fails 2.0 & for telephone desertion November 2025 From Rumoer MagazineThe Anarchist Library
According to the Palestinian Ministry of Health in Gaza, six Palestinians were killed and seventeen others injured in the past 24 hours, bringing the total since the ceasefire took effect on 11 October 2025, to 373, with 970 injuries and 624 bodies recovered.
Overall, since the beginning of the war on 7 October 2023, Gaza has recorded 70,360 deaths and 171,047 injuries.
t.me/QudsNen/200039
#CeasefireViolations #gaza #ceasefire #IsraelTerroristState #warcrimes #genocide
According to the Palestinian Ministry of Health in Gaza, six Palestinians were killed and seventeen others injured in the past 24 hours, bringing the total since the ceasefire took effect on 11 October 2025, to 373, with 970 injuries and 624 bodies r…Telegram
Speech of KFA UK Chairman Dr Dermot Hudson to the KFA UK Picket of the BBC 06.12.2025
The opening speech of KFA UK Chairman Dr Dermot Hudson to the KFA UK picket of the British Brainwashing Corporation on the 6th of December 2025SONGUN007 (YouTube)
As sea drones force Russia to retreat, Ukraine examines ways to launch more complex attacks
https://apnews.com/article/ukraine-russia-war-sea-drones-black-sea-7bacd2a43ad8c66efb76d6a16018b225?utm_source=flipboard&utm_medium=activitypub
Posted into Technology @technology-AssociatedPress
over the past few days i was exploring how terminal apps work (yes it's as bad as they say) to realize an idea i've had a while ago: a terminal ui for plitki, my vsrg engine. likely not the first term vsrg, but nevertheless my own.
how bad would it be, quantized to the terminal grid? surprisingly, with the right block characters, not too bad.
ofc being plitki, there's full support for all kinds of SV
4K SV: youtu.be/GzLHJjB-zAU
7K LN: youtu.be/dFpWJRPD5ZA
DualShockers just posted:
Elden Ring Nightreign: How to Beat Dreglord (Traitorous Straghess)
Having trouble beating the final boss of the Forsaken Hollows in Elden Ring Nightreign? Learn how to beat the Dreglord with this guide.
One of the fucking rad legalized squats who hosted us on our tour is trying to buy their building before the shitty real estate company that owns it can sell it out from under them.
This space is precious to Nijmegen, consider donating or even extending a low interest solidarity loan here!
De Grote Broek is een voormalig kraakpand in het centrum van Nijmegen; het biedt woonruimte aan 19 bewoners. Daarnaast biedt het ruimte aan kroeg/concertpodi...De Grote Broek (YouTube)
Remains of World War II pilot to return home decades after determined ‘not recoverable’
youtube.com/watch?v=ZJUIqYejcM…
FOX Carolina's Myra Ruiz has the details. For more Local News from WHNS: https://www.foxcarolina.com/ For more YouTube Content: https://www.youtube.com/ch...FOX Carolina News (YouTube)
Quincy Williams arrives in Joker makeup for Jets' Gotham City game against Dolphins
https://apnews.com/article/jets-dolphins-joker-gotham-3a41a8cdbc0983be858a59eb1962913e?utm_source=flipboard&utm_medium=activitypub
Posted into Sports @sports-AssociatedPress
Scala 3 slowed us down?
Link: kmaliszewski9.github.io/scala/…
Discussion: news.ycombinator.com/item?id=4…
Is this clickbait? Not really. Is this the fault of the language or the compiler? Definitely not. Rather, it was part of a rushed migration. Sharing the lessons learned in the process.kmaliszewski
Hebron – Bab al-Zawiya: Ziad Abu Dawoud, 53, was martyred after Israeli occupation forces opened random fire while he was working as a street cleaner.tiktokgenocide.com
Hamas official says the group ready to discuss 'freezing or storing' its weapons
https://apnews.com/article/israel-hamas-gaza-ceasefire-trump-290b57fb5ae4bec39995129415aba706?utm_source=flipboard&utm_medium=activitypub
Posted into International News @international-news-AssociatedPress
I have a shell script that is in /etc/cron.weekly that as a part of the script its supposed to reboot the server.
Just yesterday, I discovered my server has been up for half a year, 180ish days.
this is the script in question: gist.github.com/da667/5f03ce60…
snort3 updater script. GitHub Gist: instantly share code, notes, and snippets.Gist
like this
I'm glad to see that the NoAuthority Social server is back up and running.
I guess the hardware gets a pretty good workout, on a daily basis. That takes its toll, after so many months and years.
Congratulations, on a fine job.
Bad reviews didn’t scare off the ‘Five Nights at Freddy’s 2’ audience. It even broke a record
https://apnews.com/article/five-nights-at-freddys-box-office-ffe62c4f0692ccf426f2681d398683f3?utm_source=flipboard&utm_medium=activitypub
Posted into Entertainment @entertainment-AssociatedPress
$10 Teacher Created Resources Clouds Calming Covers Ceiling Light Filters (TCR20140)
Set of four 2x4 foot fabric light covers to make it look like puffy clouds on a blue sky. Can fit over std drop ceiling light fixtures or whatever you can tack it over.
sellout.woot.com/offers/teache…
Good for da kids rooms, home office, hippie dens...
#deal #delete #lightfixtures #lightfilters
@DuhLaurien @marykateultra @viking @ryno @phoneboy @Boolysteed @dame_jennifer
Grumbleshroom reshared this.
KFA Germany Report Back from the KFA International Meeting (English language )
KFA Germany under its Chairman Jeremy Bieringer held a meeting on the 30th of November to report back from the KFA International meeting in Spain . Here is ...SONGUN007 (YouTube)
Immerse yourself in the warmth of the holiday season with Groovy Christmas Blues, a smooth blend of groovy jazz swing, soulful blues expressions, and cozy Ch...Meow Jazz Cat (YouTube)
UPDATE: Ticket ist vergeben. Danke fürs Teilen ❤️
Moin #Kiel - wir haben eine Karte für #JetztWohin für heute Abend, 20 Uhr im Studiokino übrig. Für den Kassenpreis von 25€ würde ich euch gerne die Karte überlassen.
Heute werden auch Robert Habeck und Regisseur Lars Jessen dabei sein.
Die Vorstellung ist ausverkauft.
JETZT. WOHIN. - Meine Reise mit Robert Habeck: STUDIO Filmtheater Kiel
studio-filmtheater.de/movie/je…
~ ~
India backtracks after requiring citizens to install mandatory phone app
BBC News ($): We start this week in India following a week of controversy after the Modi government withdrew a mandate requiring all phone manufacturers to install a state-owned "cyber" app called Sanchar Saathi on all new devices, amid fears of government snooping. The app was launched ostensibly for tracking second-hand phone sales and preventing scams, but faced heavy pushback that the government could gain unprecedented access to tracking people's phones. India's telecoms minister said: "You can decide what stays on your device," giving users a pass to install or delete the app freely. Apple had notably balked at the idea of allowing the Indian government to install this app on iPhones and iPads by default over concerns of security flaws and privacy concerns. Let's not forget this is the same Indian government that's had numerous data leaks and spills over the years, including reams of citizens' tax data.
More: Reuters ($) | TechCrunch ($) | BBC News ($) | The Record | Daring Fireball
Data breach at retail giant Coupang rocks South Korea
Korea JoongAng Daily: Heading over now to South Korea and we're dealing with a monumental breach of data after Coupang, akin to the country's Amazon, spilled personal information on at least half of the population, some 33 million people. Coupang said the breached data includes customer names, email and shipping addresses, including phone numbers, and order information during its months long-breach. But — plot twist — local media reported a customer received an email in November from someone claiming to have hacked Coupang, which also included people's delivery instructions, such as where to leave packages. The customer reported the email to the company — at which point Coupang did… nothing, by the looks of it. The company is facing major heat from South Korean lawmakers, who are about as pissed off as you'd expect. Coupang could be on the hook for billions of dollars in damages — or more — as lawmakers consider stronger penalties.
More: Bloomberg ($) | Korea Times | Korea Herald | CSO Today
Fintech firm Marquis alerts U.S. banks and credit unions to data breach after ransomware attack
TechCrunch ($): News of an August ransomware attack on Marquis, a company that allows banks and credit unions to collect and visualize all of their customer data in one place, is coming to light after the company notified dozens of financial institutions that their customers' data was stolen. Marquis hasn't disclosed the total number of individuals affected, but it's at least hundreds of thousands of people — per data breach notices I've read this week — and the number is likely to rise as more disclosures come in. (Disclosure alert: I wrote this story!) The notices say customers' personal and financial information were taken, including Social Security numbers. Marquis said the hackers got in by way of an earlier SonicWall vulnerability, so we can probably surmise this may have been the Akira gang. Marquis refused to talk, or say if it paid a ransom.
More: WGME | Bleeping Computer | Maine Attorney General
React Server, Next.js bug allows unauthenticated remote code execution
Bleeping Computer: A newly discovered critical bug discovered in the React Server Components protocol called "Flight" allows hackers to remotely run malicious code on a server running React and Next.js applications, no passwords needed. It's a big deal because that covers a large swath of the web, and the bug is easy to exploit — and is already being used in hacking campaigns. The bug means pretty much anyone whose code relies on an affected React Server package needs to patch ASAP. Cloudflare did, but hiccuped, taking down a big slice of the web during Friday morning. If you don't use the affected server components, you're not affected. Act, don't React. (ba-dum-tsssk.)
More: Vercel | Google Cloud | GAYINT | @weld | @cR0w | @GossiTheDog
~ ~
Half the U.S. under age check laws, as Australia is set to begin
404 Media ($): Missouri's age verification law went into effect last week, meaning that more than half of the United States now live in states where they have to upload their government-issued ID to access websites that are considered adult (like some messaging apps), despite privacy concerns and risks that the data can be stolen. Meanwhile on December 10, Australia will flip the switch on its blanket social media ban for under-16s, which kids are (understandably) fighting tooth and nail by claiming the ban is unconstitutional under Australian law. Once again, these are governments choosing the lazyoption rather than holding the social media giants to account for their harmful actions.
Breach at analytics giant Mixpanel spreads to CoinTracker, SwissBorg
TechCrunch ($): I wrote more about the knowns and unknowns about Mixpanel's data breach (Disclosure alert!) following from last week's newsletter since it looks like OpenAI isn't the only company affected. CoinTracker said some of its users' analytics data was taken. I've also heard that SwissBorg customers had data taken, with the breach said to be affecting their onboarding questions. Mixpanel CEO Jen Taylor ignored several emails from TechCrunch with questions about the breach.
Spyware maker Intellexa allegedly had direct access to espionage targets
Amnesty International: Incredible stuff from the folks at Amnesty and reporters with Inside Story,Haaretz andWAV Research Collective, which found that sanctioned spyware maker Intellexa had remote access(!) to its customers' Predator spyware systems, and therefore had access to the stolen personal data of government espionage targets. So what was this remote backdoor? Surely it was some kind of super secure syste… wait, TeamViewer?! Recorded Future also found that Intellexa's Predator spyware was found deployed in Iraq. Google also dropped a bunch of indicators of compromise for Predator infections, so potential victims can determine if they are affected. Apple and Google also notified a new round of victims that they've been targeted, per Reuters ($).
A small number of Notepad++ users reporting security issues
DoublePulsar ($): @GossiTheDog reports that a small number of Notepad++ users are reporting compromises that have allowed hackers to gain access to their devices. It's not clear exactly what's happening, but a bug fixed several weeks ago now forces users of Notepad++ to download official versions of the software from GitHub. If you use Notepad++, check to make sure you're running an official version and not a malicious knock-off app.
China's Brickstorm malware is targeting government and IT sectors
CISA: U.S. and Canadian cyber agencies are warning that the Chinese malware dubbed Brickstorm is targeting VMware vSphere systems across the government and IT sectors, with the aim of enabling "long-term access, disruption, and potential sabotage." In one case, CISA said the malware was used to backdoor a company for at least a year, ending in September 2025. There's a full PDF of guidance to peruse. More via Reuters ($).
~ ~
PLEASE SUPPORT THIS NEWSLETTER!
~this week in security~ is my weekly cybersecurity newsletter supported by readers like you. Please consider signing up for a paying subscription starting at $10/month for exclusive articles, analysis, and more.
Subscribe to support this newsletter
~ ~
NSA cuts 2,000 staffers: Top U.S. eavesdropper, the National Security Agency, has lost at least 2,000 staffers (out of about 34,000 staff) due to Trump administration cuts, per @ddimolfetta. The NSA, which still doesn't have senior brass in top positions, such as the directorship, may be subject to further downsizing. (via Nextgov)
This s**t isn't end-to-end encrypted! Earlier this year, Kohler launched a poop camera that can analyze your toilet bowl, which the company claimed was end-to-end encrypted. Just one major problem. It isn't end-to-end encrypted at all; it was just marketing guff. Worse, Kohler can analyze your poop to train its AI. Kohler later edited its website to remove the busted security claim. (via var/log/simon, @simon)
Signalgate put troops at risk: The sharing of highly sensitive war plans earlier this year by top U.S. government officials over a knock-off Signal app that archived every message on an insecure server and were accidentally shared with the editor-in-chief of The Atlantic did in fact endanger U.S. troops, according to a much-anticipated Pentagon watchdog report. The report's final recommendations were, effectively, asking U.S. officials to not do it again. (via DOD OIG, The Atlantic ($), Wired ($))
Get doxxed via Grok: Grok, the AI chatbox that lives on Elon Musk's X site, was caught doxxing people in the tweets by responding to people's posts containing the full text of other people's home addresses. Futurism found this wasn't a one-off, and was capable of spitting out the addresses of at least 10 non-public names out of more than 30. (via Futurism, @jonchristian)
British bobbies start face scans: Police on the U.K. transport network will trial facial recognition at transit hubs, like railway stations, under the guise of crime prevention. Face recognition tech has long been criticized for bias and inaccuracies that affect people of color. (via Biometric Update, The Register ($))
Plankey's CISA nomination scuppered: Sean Plankey is unlikely to be voted in as the next CISA director as his nomination was excluded from a crucial Senate vote on Thursday. Plankey's nomination was put on hold earlier this year after Sen. Ron Wyden blocked the vote until CISA would release a report into Chinese hacks targeting U.S. telcos. CISA said it would, but still hasn't actually released the report.Since then, Sen. Rick Scott also blocked Plankey's nomination. (via Cyberscoop, GovInfoSecurity)
~ ~
Ding dong! It's the happy corner gong. Let's get straight into the good stuff.
It's been some time but I'm so glad to announce the latest episode of What Will Doom Run On? And this week, it's a… pulse oximeter? This clip-on blood oxygen scanner successfully loads Doom…'s splash screen. OK… maybe this just counts as a half-episode?
Wired ($) has a deep-dive into a new cellular provider set up by Nicholas Merrill, a privacy legend. The cell provider called Phreeli lets customers sign up with nothing more than a ZIP postal code, a major privacy move for customers who typically have to hand over gobs of personal information before joining their cellular networks. Merrill is no stranger to the world of privacy; he challenged the secrecy and gag-order provisions of FBI-issued national security letters and eventually won, allowing him to publish these once-highly secret FBI demands for users' data.
If you haven't seen this week's xkcd cartoon, it perfectly captures just how annoying the internet has become.
If you needed yet another reason as to why the kids are alright, here's one. (Remember folks, using an ad-blocker is one of the best security and privacy defenses on the internet!)
Admittedly, I laughed way more than I should've done at this:
And finally, this week and on a slightly personal note from me: I was absolutely thrilled to have been featured in a U.K. documentary about stalkerware, a kind of consumer-grade phone surveillance that I've been investigating for the past five years or so. The documentary for Channel 4 was really well done, and explores the risks and dangers of stalkerware, and why it's increasingly used by the under-30s to track and monitor their partners. In my latest blog post, I reflected back on what I've learned from my dozen-or-so stalkerware investigations, and why combating stalkerware is an uphill battle, but why I still have hope.
Got good news to share? Get in touch! this@weekinsecurity.com.
~ ~
'Tis the season! I have just three limited-edition cyber-cat themed mugs left before they run out for good.
If you love reading this newsletter and would like a chance to receive one of these rare cyber-cat mugs, sign up as an Astonishing admin for a year before the end of 2025 and your email address will be entered into a random draw for a New Year's parcel drop, shipped worldwide. As an Astonishing admin, you get full access to my exclusive blogs, analysis, and more. You'll be notified by email in the first week of January 2026 if you are one of the lucky three winners!
And since it's the season of giving, I will donate 10% of all new annual Astonishing admin memberships for the month of Decemberto a good cybersecurity cause. Details to come! (And feel free to send in your best suggestions!)
~ ~
This week's cyber cat is Bert, who can be seen here lounging on his human's keyboard after a very long and exhausting day hacking. If you need a prime suspect who's behind this latest Petco breach, look no further! Unlimited treat supply, here we go. Thanks so much to Suse for sending in!
🐈 Keep sending in your cyber cats! 🐈⬛ Got a cat or a non-feline friend? Send me an email with their photo and name and they will be featured in an upcoming newsletter!
~ ~
What a belter of an edition, thanks so much for reading all the way through! Join me again next week for your usual round-up of the week in cybersecurity and all of the news you need to know.
If you see something you really want me to cover on the blog or include in next week's newsletter, get in touch, I love hearing from you!
I hope you have a great rest of your weekend and an even better week.
Catch you next,
@zackwhittaker
a weekly cybersecurity newsletter by Zack Whittaker, plus analysis and blogs.
Subscribe
Email sent! Check your inbox to complete your signup.
No spam. Unsubscribe anytime.
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.Zack Whittaker (~this week in security~)
$17 Deluxe Products Portable #Cassette #Tape #Recorder. Record to Cassettes via Mic or Aux in.
Built-in Speaker to Listen to Cassettes.
Includes External Mic, Aux in Cable & AC Adapter
Vintage brick style Cassette Recorder!
Can also run on 4 C batts. Looks like it records in stereo via the Aux input. I bet the mic's still mono though. Real ones back in the day were all mono.
sellout.woot.com/offers/deluxe…
#deal #delete
@darrenoneill @thatlarryshow @spencer @viking @phoneboy @lavish @boobury
I am begining my show now. QC, Table Ex, and more! Tune in with my links below!
Station public page address: knamedia.net/public/lexi
Direct audio stream: c
knamedia.net/listen/lexi/radio…
This is my new secondary partner station, tune in hear!
66.103.221.181:5050/lexi
PCGamesN just posted:
I'm bothering the gods in Roman Empire city builder Nova Roma's new demo, and it might not be the best idea
The Nova Roma demo is out now on Steam, and the Roman Empire city builder is coming to PC Game Pass with its early access launch in January
pcgamesn.com/nova-roma/demo-st…
The Nova Roma demo is out now on Steam, and the Roman Empire city builder is coming to PC Game Pass with its early access launch in January.Ken Allsop (PCGamesN)
Our socials: libranet.de/display/0b6b25a8-1…
debo likes this.
According to the Palestinian Ministry of Health in Gaza, six Palestinians were killed and seventeen others injured in the past 24 hours, bringing the total since the ceasefire took effect on 11 October 2025, to 373, with 970 injuries and 624 bodies recovered.
Overall, since the beginning of the war on 7 October 2023, Gaza has recorded 70,360 deaths and 171,047 injuries.
Lis Wal likes this.
SUNDAY SCREENING | When telling the truth becomes a death sentence.FEATURED (21st Century Wire)
Thoughts?
"INSANE New Epstein Images Released"
rumble.com/v72li7o-12.4.25-c-b…
LIVE: Real Madrid vs Celta Vigo – La Liga
https://www.aljazeera.com/sports/liveblog/2025/12/7/live-real-madrid-vs-celta-vigo-la-liga?utm_source=flipboard&utm_medium=activitypub
Posted into Europe News @europe-news-AlJazeera
Follow the build-up, analysis and live text commentary of the game as Madrid host Celta Vigo at the Santiago Bernabeu.Patrick Keddie (Al Jazeera)
Delta Chat
in reply to Klaus Alexander Seistrup • • •Client Challenge
pypi.org