Posts
4222
Following
735
Followers
1628
"I'm interested in all kinds of astronomy."
repeated

𝔰π”₯π”¦π”Ÿπ” π”¬

So
after 14 months(?) of work
and a lot of frustration
barely knowing what i was doing
i think i made someting special (!)

presenting:

a Wine fork
for Ableton Live 12

on Linux

stable
pixel perfect
vst support
1st class gnome citizen
device hotwire support
low latency audio

tell ur friends πŸ₯ΉπŸ₯Ή

2
5
0
repeated

How ChatControl passed in the EU parliament.

1
15
0
[RSS] The other kind of control flow guard check: The combined validate and call

https://devblogs.microsoft.com/oldnewthing/20260708-00/?p=112510
0
0
0
[RSS] Reverse-engineering a Neopets shop with 48,000 inventory snapshots

https://danielmay.co.uk/posts/redistributing-billions-neopets/
0
0
1
repeated
Edited 4 hours ago
This is in fact

Foxit Foxit Reader Javascript checkbox CBF_Widget code execution vulnerability (CVE-2026-57256)

(Hope this is just a temporary problem with the bot and I don't have to touch the HTML parser :P)

RE: https://infosec.place/objects/48afd31c-35ab-4cfa-b28d-4a27e66c1259
0
0
1
repeated

Cursed circuits #6: reverse avalanche oscillator - https://lcamtuf.coredump.cx/blog/avalanche/

1
1
0
repeated

Project Zero Bot

New Project Zero issue:

Adobe DNG SDK: Heap memory disclosure via LZW-compressed semantic masks rendered through MaskedRGBTables

https://project-zero.issues.chromium.org/issues/514643907

CVE-2026-47963
0
1
0
repeated

Project Zero Bot

New Project Zero issue:

Adobe DNG SDK: Heap memory disclosure via uninitialized MCU buffer in Hasselblad 3FR lossless JPEG decode path

https://project-zero.issues.chromium.org/issues/514249399

CVE-2026-47934
0
1
0
repeated

Project Zero Bot

New Project Zero issue:

Adobe DNG SDK: Heap memory disclosure in ReorderSubTileBlocks due to truncated row block count for clipped strips

https://project-zero.issues.chromium.org/issues/514247216

CVE-2026-47927
0
1
0
repeated

Project Zero Bot

New Project Zero issue:

Adobe DNG SDK: heap buffer overflow in DecodeFPDelta due to missing pixel format validation and non-fatal error handling for semantic mask IFDs

https://project-zero.issues.chromium.org/issues/509923792

CVE-2026-47964
0
1
0
[RSS] Some interesting findings in Windows Defender

https://blog.projectnightcrawler.dev/posts/2026-07-09-some-interesting-findings-in-windows-defender/

Client-side DoS via ADS :)
0
1
0
repeated

Spent my childhood optimizing CONFIG.SYS and AUTOEXEC.BAT to fit everything into 640 KB.

Now one browser tab needs 2 GB of RAM so 17 analytics companies can find out I looked at socks.

11
41
1
repeated

Meta faces $1.4 trillion in damages for hooking kids on purpose. The company's market cap is $1.5 trillion. They're arguing the number is unprecedented in consumer protection history, which is technically true. It's also the first time anyone built a $1 trillion business on deliberately addicting children.

https://gizmodo.com/metas-teen-safety-case-just-became-a-1-4-trillion-existential-threat-2000782306

0
12
0
repeated

If you're just now hearing about GhostLock and looking to fix it, make sure you don't introduce two unpriv-reachable DoSes associated with its fixes. The fix the Linux CNA lists for CVE-2026-43499 introduces a NULL deref, which caused CVE-2026-53166 to be issued. Unfortunately...

1
1
0
repeated

https://kb.cert.org/vuls/id/213560

The web server binary /bin/httpd contains an undocumented backdoor authentication mechanism in the login() function. Initially, the function follows a normal authentication path using MD5-based password verification. However, if authentication fails, the function invokes GetValue("sys.rzadmin.password") to retrieve an alternate password value from the device configuration. It then performs a direct strcmp() comparison in plaintext between the user-supplied password and the configuration-stored value. A successful match grants role=2 admin-level access and creates a valid session.

The associated username is not validated, so any provided username will succeed when paired with the backdoor password. This backdoor authentication mechanism is not documented or visible through any administrative interface.

4
7
0
repeated

@nyanbinary @cR0w
OK, after a little digging, there are indeed some Tenda firmwares that contain the rzadmin backdoor account in httpd. The problem? Out of the firmware versions that CERT lists, none of them contain this backdoor. Oops. πŸ˜‚

For example if we look at the httpd from a Tenda G300, we can indeed see a login() function with a GetValue("sys.rzadmin.password") and a subsequent strcmp() to compare.

Maybe I'm simply being pedantic, but I think that when an organization publishes about a vulnerability and creates a CVE for it, the affected products should perhaps be accurate? πŸ€·β€β™‚οΈ

3
5
0
Show older