zk

👀 📝 9848c1a1…

👀 Cake Wallet has announced the integration of Bitcoin’s Lightning Network into its advanced privacy wallet.

👀 📝 6ed32e15…

Malicious Google Chrome extensions have stolen large language model (LLM) conversations and browser data from hundreds of thousands of users. Application security vendor Ox Security detailed a campaign in a recent research blog involving malicious Google Chrome extensions posing as legitimate extensions from a company called AItopia that adds a sidebar on websites that enables chats with popular LLMs like ChatGPT and DeepSeek. Ox researchers found that two extensions were copying the functionality of the legitimate app while also exfiltrating user conversation and browsing data to a command-and-control (C2) server. One, titled "ChatGPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI," had more than 600,000 users and a Google Chrome "Featured" badge, while the other, "AI Sidebar with Deepseek, ChatGPT, Claude and more," had over 300,000. Stay alert, the extensions according to 0x Security have been already removed, I would not be surprised if new ones are already in the store...

👀 📝 a70ab229…

"You'd have to be braindead to believe WhatsApp is secure in 2026. When we analyzed how WhatsApp implemented its "encryption," we found multiple attack vectors" -- Pavel Durov, co-founder of the Telegram messenger. #WhatsApp

Make this viral! 📝 ea685c19…

4 in 5 small businesses had cyberscams last year, almost half were AI powered... https://databreaches.net/2026/01/18/4-in-5-small-business…

Stay alert! https://thehackernews.com/2026/01/five-malicious-chrome-e…

Time to move your residence out of France... 📝 83108bdc…

ℹ️ For those that reside outside of USA and think thausing Amazon, Google and Microsoft cloud services or any USA cloud service is secure and private for them: . The US CLOUD Act from 2018, allows the US Government (and therefore their partners) data access regardless of storage location. . Be smart, self host your data, and if you insist in doing it wrong, encrypt your data before you upload anywhere. https://www.justice.gov/criminal/cloud-act-resources?ref=…

Season Messenger is listening to its users, read on, PFS will be back and quantum resistent cryptography is being implemented among other features. https://getsession.org/blog/session-protocol-v2 #session #privacy #messenger

True story, but soon, that won't be an issue, LLMs are going to replace most of us in many areas and FOSS developers will probably be in the early list. I'll give it 5 years tops. https://itsfoss.com/news/open-source-developers-are-exhau…

Not that most of you give two cents about it since most don't care about privacy, but if you are one of those rare special individuals, stay away from ChatGTP #ChatGTP In yet another "Your chatbot may be leaking" moment, researchers have uncovered multiple weaknesses in OpenAI's ChatGPT that could allow an attacker to exfiltrate private information from a user's chat history and stored memories.

LOL! You can't make this shit up 📝 6e98bbf1…

A small number of samples can poison LLMs of any size https://www.anthropic.com/research/small-samples-poison

Nice move, hopefully Elon Musk will be next to let the public know the names of the politicians pushing to remove our free speech. And the cherry of the pie, the rules do not apply to politicians... The irony, their affairs should be public, yet they do want privacy to cover their corruption.

🚨 Harden your Windows systems using free, trusted open-source tools that cover audit, configuration, and monitoring. You don't need enterprise tools to raise your defense baseline — just a few solid steps. Quick Actions (Under 30 Minutes): • Run Hardentools — disable unsafe defaults instantly. • Use CIS-CAT Lite — identify missing patches, open RDP, or weak policies. • Check Local Admins — remove unused accounts, deploy LAPS for password rotation. • Turn On Logging — enable PowerShell, Windows Defender, and Audit Policy logs. • Run WinAudit — export a report and compare it weekly for unauthorized changes. • Scan with Wazuh or OpenVAS — look for outdated software or exposed services. Key Risks to Watch: 🔑 Reused or shared admin passwords 🌐 Open RDP/SMB without firewall or NLA ⚙️ Old PowerShell versions without logging 🧩 Users running with local admin rights 🪟 Missing Defender Attack Surface Reduction (ASR) rules 📦 Unpatched or unsigned software from third-party repos

🚨 Mobile Apps Leak Data — New findings from Zimperium have revealed that one in three Android apps and more than half of iOS apps leak sensitive data. Nearly half of mobile apps contain hard-coded secrets such as API keys Keep your mobile clean, remove all apps not really needed and be mindful of the ones you install and keep.