Posts
2504
Following
650
Followers
1469
"I'm interested in all kinds of astronomy."
repeated

Project Zero Bot

New Project Zero issue:

Linux: hugetlb page table sharing races with VMA splitting, leading to page table UAF

https://project-zero.issues.chromium.org/issues/420715744

CVE-2025-38084, CVE-2025-38085
0
6
2
repeated
repeated

"we observe that in most ecosystems, the average vulnerability lifespan has increased in recent years. The average lifespan of vulnerabilities across all platforms has grown from 1,056 days to 1,956 days - an increase of approximately 85%." (from 2017 to 2024)

https://www.semanticscholar.org/paper/Open-Source%2C-Open-Threats-Investigating-Security-in-Akhavani-Ousat/5d4450085cce995b38dfd97dc8d668a9221e1477

2
2
0
repeated
Edited 12 hours ago

I found this great samsung spyware (I assume), I present to you : Samsung news!!
https://galaxystore.samsung.com/detail/com.samsung.android.app.spage?cId=000006738177

For an app that's just supposed to tell you the news :
- It comes bundled with the phone
- It auto connects you to your samsung account
- You can't uninstall it, or even disable it (usually only critical system apps that break your phone if disabled do this)
- In the app info the only permission it shows is notification
- However looking at the app package's info shows it also has permissions to see all installed apps, read and edit settings, run on phone startup and start stuff in the background
- Uninstalled it with root, my phone works flawlessly

Well, that's just 1 app I took a look at. There can be many more simillar ones! I really should install a custom OS
@soatok @xanthe @sebsauvage

0
4
0
repeated

To me programming is more than an important practical art. It is also a gigantic undertaking in the foundations of knowledge.

— Grace Hopper

0
1
0
repeated

💻Have you read our recent publication?

A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering a double-free error with high stability. This can then be leveraged to achieve local privilege escalation: https://ssd-disclosure.com/ssd-advisory-linux-kernel-pipapo-set-double-free-lpe/

0
2
0
@joxean you didn't have to own a crystall ball to predict they will say stg like this, independently from the details of the deal...
1
0
1
repeated

"ZFS snapshots as poor man's ransomware recovery"

It holds up. Better than you'd think.

Ransomware hits a server? I roll back to a snapshot taken 10 minutes ago. Immutable, local, instant.

No restore wizard. No cloud latency. No vendor lock-in.

Just:

zfs rollback pool/dataset@safe

Gone. Like it never happened.

You want real ransomware defense?

🧊 Immutable local snapshots

📦 Offsite ZFS send/mirror

🔐 Key-based SSH, no password logins

🎯 Restore script you actually test

ZFS isn’t "enterprise." It’s survival-grade.

6
4
0
repeated

So, this is a funny thread about a gag Tom Lehrer left in an old NSA internal publications, and it’s funny, but I have to tell you that I find the idea of sixty year old math papers staying classified is somehow alarming.

https://bsky.app/profile/opalescentopal.bsky.social/post/3luxxx27nos23

1
4
0
[RSS] Modern (Kernel) Low Fragmentation Heap Exploitation

https://r0keb.github.io/posts/Modern-(Kernel)-Low-Fragmentation-Heap-Exploitation/
0
2
3
[RSS] Getting a Shell on the LAU-G150-C Optical Network Terminal

https://spaceraccoon.dev/getting-shell-lau-g150-c-optical-network-terminal/
0
0
1
[RSS] Getting a Shell on the LAU-G150-C Optical Network Terminal

https://spaceraccoon.dev/getting-shell-lau-g150-c-optical-network-terminal/
0
4
4
repeated

bert hubert 🇺🇦🇪🇺🇺🇦

Alarming as it is, the article below is still not alarming enough! Microsoft France here claims they've never seen a CLOUD ACT request for French government data. Perhaps true. However, under the FISA section 702 & EO 12333, Microsoft is still mandated to deliver such data to the NSA, and Europeans will never learn of that request. US spies do not need to ask Europeans for permission to spy on European governments! https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/

2
3
0
repeated

The European union is developing an age verification app for EU citizens which relies on Google for verifying the integrity of the app.

This means users who run a custom ROM (e.g , ) won't access some EU resources.

Read the complete explanation on Reddit: https://www.reddit.com/r/BuyFromEU/s/yO3njXfX1x

0
3
0
repeated
Edited 17 hours ago

Neat game glitch explanation: Why signed integers lead to flirting with dogs

https://www.youtube.com/watch?v=ADenqrgMUgA

0
4
0
repeated

Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers.

Data is not oil. It's risk.

16
12
0
repeated

Expel has walked back its research on the FIDO bypass/downgrade attack

https://expel.com/blog/an-important-update-and-apology-on-our-poisonseed-blog/

0
2
0
repeated
Show older