Posts
4058
Following
730
Followers
1616
"I'm interested in all kinds of astronomy."
repeated

From prompt πŸ˜ƒto pwned 😒:
Implementing an LLM in your org? Useful.
Trusting its output? That's how a low-priv user became admin.

Ship the feature, don't extend it your trust.
https://blog.quarkslab.com/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin.html

0
2
0
@cR0w Please tell me this is fake!
1
0
1
@aleksi Thanks for your work! Keep in mind that it's OK to declare software finished - I'll complain when I find any bugs :)
0
0
0
repeated

This was a fun Linux kernel bug (though it only existed on >=6.10 and requires access to network namespaces): https://project-zero.issues.chromium.org/496923375

One of those rare bugs where, if you pass a kernel address in the right place, with the right setup, the kernel will just read from that kernel address as if it was userspace memory, and give you the data that was read.

0
2
0
repeated

Somebody released a PoC for Firefox CVE-2026-8389, and it works.

The PoC doesn't include a sandbox escape, and claims that poc-win-sbx.html includes the escape. This file was not shared in the repo.

The python server on localhost seems unnecessary, as the exploit web server can surely serve up primer.js the first time that payload.js is requested, and the actual payload.js the second time. πŸ€”

2
5
0
repeated

Ari, Starbird therian πŸ¦β€πŸ”₯ πŸ”œEF

Project Excalibur and Edward Teller might have burnt up tens of billions of dollars and prevented nuclear disarmament, but at least we got some hilariously unhinged sentences like that out of it

https://en.wikipedia.org/wiki/Project_Excalibur

1
4
1
repeated

Ari, Starbird therian πŸ¦β€πŸ”₯ πŸ”œEF

Edited yesterday

absolute gem of a Wikipedia image description

2
14
0
@joxean The brand is legendary, it's worth to listen to their other stuff too ;)

https://www.youtube.com/watch?v=UfUpgWG8bLk
0
0
0
repeated

Project Zero Bot

New Project Zero issue:

Linux >=6.10: io_uring: kernel memory read via unchecked address in ITER_UBUF/ITER_IOVEC iov_iter combined with non-checking nocache/flushcache accessors

https://project-zero.issues.chromium.org/issues/496923375

CVE-2026-43073
0
6
5
repeated

bert hubert πŸ‡ΊπŸ‡¦πŸ‡ͺπŸ‡ΊπŸ‡ΊπŸ‡¦

To save you 34 minutes, researchers had previously found 72 days on which there were second-long jamming events of GPS in most of Europe (as described in https://radionavlab.ae.utexas.edu/wp-content/uploads/Clements-space-interference-iongnss25.pdf ) Later they were able to record such an event & could locate the source of the disruption to a Russian military satellite. https://www.youtube.com/watch?v=tz23G_UXCGA

1
4
0
repeated
repeated

The idea of banning minors from using social media is at its heart an attempt to punish victims instead of going against the perpetrator. If minors are more easily victimized by the predatory practices of large tech corporations it's not their fault. The blame lies squarely on the corporations. They must stop using predatory practices. And that's doubly important because those practices hurt adults and minors alike.

4
8
1
repeated

proof per unit test

0
1
0
@techokami I just tested this: in teehee you press (i, ctrl+o) to enter hex-insert mode, then shift+insert pastes as hex.

not here to sell anything though, you do you!
1
0
1
repeated

@tpfto My first (good) manager told me, when questioned, that he had such rapid career progression because he had decided to be the adult in the room

I have since realized that a lot of corporate theater and suits are really just covering for the fact that the person in question isn't behaving like an adult.

You know how, in a healthy household, a kid knows their parents are going to pull out all the stops to make things okay again?

Almost everyone at a company won't do this for any reason.

0
2
0
repeated

It was extremely obvious from some questions that they're learning absolutely nothing, the faculty have totally phoned it in (they've actually had NO teaching staff for two weeks -- the lecturer quit mid-semester with no replacement), and it's all just a fucking disaster.

On the bright side, I guess my work is safe indefinitely.

3
1
0
repeated

Holy moly, one of my cousins (8 weeks into undergraduate computer science) asked me for help on a university assignment. I was surprised because he's very switched on.

It's a group assignment and it was extremely obvious that every other student has logged into a parent's corporate LLM and written all the code via prompt with no understanding.

When I asked how they're getting away with it, he said that the lecturers have just given up on all policing. (University is RMIT in Melbourne.)

1
3
0
#music #psytrance #hitech #tgif
Show content
0
0
1
Show older