Microsoft have dropped a bollock, there’s various Copilot vulns which return Copilot’s internal details on policy for how they spot CSAM etc as they disclose the MS system prompts - they’ve ruled it out of scope as it isn’t covered by the OWASP top ten 🤷‍♀️

https://medium.com/@d_f4u1t/indirect-prompt-injection-using-delimiter-and-json-payload-enables-system-prompt-disclosure-in-996a7b15dc01

https://medium.com/@d_f4u1t/direct-prompt-injection-enables-system-prompt-disclosure-in-copilot-feeefddeac97

New, by me: The Kimwolf Botnet is Stalking Your Local Network

Today's story is a long overdue series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.

https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/

Happy tenth anniversary to the greatest picture ever taken, down near my old Co-op office.

All kicking off in the UK.

#AI / #LLM propaganda is so insidiously effective even for laypeople.

I’ve had multiple conversations with family members who: don’t speak English, don’t own computers (only mobile phones), and barely spend time online.

I told them that I am no longer working with most tech company clients because I don’t like AI and don’t want to support it (“AI” here = gen AI, LLMs).

And yet these people all reacted the same way: concern, shock, and comments like “but this is inevitable”, “this is the future”, “you’ll have to accept it eventually”, “won’t refusing it ruin your career prospects?”

These are people who know nothing about technology. They usually wouldn’t even know what “AI” meant. And yet here they are, utterly convinced of AI company talking points.

Twitter’s Grok AI is now being used by people to undress women, as verified by the BBC. Twitter refused to reply, simply saying “legacy media lies”. It isn’t a lie.

In the UK it is illegal to create or share non-consensual intimate images, including via AI. The UK gov say they are investigating.

https://www.bbc.co.uk/news/articles/c98p1r4e6m8o

🧵 My sense of justice was triggered by #Palantir corporate gaslighting two Swiss investigative journalists on LinkedIn.

This is something most people won’t even see, but I was angry, so I looked while my kid was still asleep.

Here’s what it looks like when tech bros attack journalists while you and I have too much food over Christmas.

Two Swiss journalists spent a year filing 59 #FOIA requests to document Palantir’s 7-year campaign to sell surveillance software to Swiss authorities (army and health services in particular).

📄: https://www.republik.ch/2025/12/09/warum-palantir-zum-risiko-fuer-die-schweiz-wird

The Swiss army’s internal report concluded they couldn’t rule out US intelligence accessing data through Palantir systems, despite reassurances.

Their story hit The Guardian, and #UK MPs are now questioning £825M in Palantir contracts.

📄: https://www.theguardian.com/technology/2025/dec/22/mps-question-uk-palantir-contracts-security-concerns-investigation

The journalists were rejoicing on LinkedIn. It’s a big deal to have your story picked up by mainstream UK media, especially after a year of hard work.

This is where it gets ugly.

I had a Tesco delivery this afternoon, the driver said, " I've got a couple of substitutions for you, here's your rosemary and haddock".
I said, "this is neither the thyme or the plaice".

hoooo boy. this shit should be illegal. posting the screen shots for when it gets taken down. https://www.reddit.com/r/confession/comments/1q1mzej/im_a_developer_for_a_major_food_delivery_app_the/