@cR0w

@algernon @cR0w hey, it seems browsers have a text2speech api built-in these days:

https://codepen.io/matt-west/pen/DpmMgE

this actually seems easier than I thought!

@molly0xfff also, this reply captures the X vibe perfectly:

This "analysis" by Wallarm - claiming active exploitation of CVE-2025-24813 Tomcat RCE - is wrong in multiple ways (maybe LLM slop?):

https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/

There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:

https://github.com/iSee857/CVE-2025-24813-PoC/

This PoC will raise the EPSS score too.

Edit: Wallarm published an update showing that exploit traffic was detected before a PoC was public. Problem is my writeup&PoC was published well before their detection :P

Neat :)

The only reasonable reaction to this is to unfollow ofc

(De)Merit Badges

https://tested-store.com/collections/demerit-badges

I need something like these for the next #failnight!

@lcamtuf What if they try to implant sleeping agents to spread communist ideology among cat owners?

@Viss

I used the Mastodon client hosted at brutaldon.org to connect to infosec.exchange with the elinks browser - the UI is...not great, but I guess it's just my terminal vs the default elinks configs :D

Anyway, you can ditch your uncool, sellout browsers and experience the Fediverse truly freely!

RIP Michelle Trachtenberg, thanks for all the laughs :(

I'm not slacking off...

https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/-pfn

I think I should display this somewhere in a frame

https://youtu.be/My_13FXODdU?si=5l_PiCdfXbY3ohSx&t=540

@404mediaco The description is pretty vague and I don't have a supscription so I looked at the traffic: it seems the /api/offices/[id] endpoint is serving the "extra" messages. My educated guess is they forgot to restrict POST/PUT (which is actually pretty lame)...

I'm still looking for that brain activity sensor that someone used to make a propeller hat that spins faster when you think harder.

OK I think this (via @cR0w) deserves some more attention ( #CrowdStrike CVE-2025-1146):

https://www.crowdstrike.com/security-advisories/cve-2025-1146/

In short, Crowd Strike agents on Linux can be MitM'd when they connect to their mothership (CS cloud).

My first Q is: what exactly is delivered to Falcon sensors from the CS cloud?

I present my second Q as a meme for higher reach:

@krypt3ia The broccoli head generation is finally taking over