CHIRIBIQUETE — A historic expedition went underway this week, as a dedicated man began his search through the most remote reaches of the Amazon jungle to find an uncontacted tribe of natives so he could tell them that he does Crossfit.

U.S. — As the debate over the gender wage gap among professional basketball players raged on, people who were angry about low WNBA salaries proudly declared they were prepared to do anything necessary to bring about change except for watching WNBA games.

Hahahahahah pic.twitter.com/PGQiSWSTxf

— Enez Özen (@Enezator) March 13, 2024

WASHINGTON, D.C. — In a bold move aimed at tackling one of the most pressing issues facing the next generation, President Biden has unveiled his latest executive action: a plan to eliminate late fees for Blockbuster movie rentals.

This is a newly discovered email vulnerability:

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.

This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.

An attacker can use this to include elements in the email that appear or disappear depending on the context in which the email is viewed. Because they are usually invisible, only appear in certain circumstances, and can be used for all sorts of mischief, I’ll refer to these elements as kobold letters, after the elusive sprites of mythology.

I can certainly imagine the possibilities.