Posts
3618
Following
724
Followers
1593
"I'm interested in all kinds of astronomy."
snap-confine + systemd-tmpfiles = root (CVE-2026-3888)

https://www.openwall.com/lists/oss-security/2026/03/17/8

Qualys just can't stop!
0
1
1
[RSS] Now You See mi: Now You're Pwned

https://labs.taszk.io/articles/post/nowyouseemi/
0
1
2
[RSS] From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow

https://osec.io/blog/2026-03-17-virtio-snd-qemu-hypervisor-escape
0
1
2
repeated

yt comment:

> Remember: The dumbest person you know is being told 'you are absolutely right' by a LLM right now.

1
18
0
repeated
Edited 10 hours ago

Hey Simon Gardner, James Pearson and Blake Morrison. That was not journalism, that was just Doxing. Shame on you. I hope you will never get a job in journalism again. And may your sleeves always get wet, when washing your hands.

0
3
0
repeated
repeated

@jerry

I’m catching up on the news today and see that Nvidia forecasts $1T in GPU sales over the next 18 months. That is crazy. I don’t know how that works at any level

If Trump’s ongoing plan to cause hyperinflation of the US Dollar succeeds (as it shows every chance of doing) this seems feasible.

I’ve wondered for a while if this is the plan for most ‘AI’ data centres:

  1. Borrow hundreds of billions via fixed-rate bonds.
  2. Build a thing.
  3. Crash the economy so hard that a billion dollars is the price of six eggs.
  4. Repay the loans.
2
2
0
repeated

the *european* payment processor - - that the FSFE was using for donations, was doing some disproportional requests violating the of the to the FSFE, and in the fog of war cancelled the contract with the . Now the FSFE is hunting to get those 450 donors attention and donations back. details in this archived mail: https://ctrlc.hu/~stef/fsfe-nexi.txt

maybe some journalist could shine some attention at this case?

0
1
0
repeated
Edited 13 hours ago

Sam Bankman-Fried’s mom, a former law professor, has been asked to please stop filing documents on her son’s behalf in regards to his motion for a retrial (where he is supposedly representing himself)

https://storage.courtlistener.com/recap/gov.uscourts.nysd.590940/gov.uscourts.nysd.590940.589.0.pdf

4
5
0
repeated
repeated

in linux you can use the evil bird emoticon (:>) to destroy files, eg `:> important_document.txt`

the bird will eat the file and leave it completely empty!

7
10
1
repeated

Fun stuff from my team mates Rene Rehme @renereh1, Nina Piontek and @kantorkel:

"Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.”

https://srlabs.de/blog/hacking-ai-agent

https://infosec.exchange/@srlabs/116243968443532012

0
3
0
repeated

During my previous research, I identified a "Won't Fix" DoS vulnerability affecting the latest versions of Windows, including 25H2 and Server 2025.

https://cravaterouge.com/articles/null-fastmutex/

1
4
0
@chmod644 We should definitely come up with a catchy name!
1
0
0
repeated

Shall we stop calling them "social networks" and give them a more descriptive and accurate naming, like "Advertisment agregators and political view manipulative instruments".

I know, is not catchy, but at least it doesn't give the impression that you are interacting socially in a posstive and human way.

1
2
0
Cisco Talos issued a ton of TP-Link advisories, check @talosvulns for more details!

RE: https://infosec.place/objects/3c67cba4-e40f-42c2-8c4b-284816d64d00
0
0
1
Edited 17 hours ago
[RSS] Qihoo 360's AI Product Leaked the Platform's SSL Key, Issued by Its Own CA Banned for Fraud

https://blog.barrack.ai/qihoo-360-ssl-key-leak-wotrus-ca-fraud/

https://crt.sh/?id=24937759962
https://crt.sh/?id=24937755996

Ouch...
0
0
1
repeated

🦀 Looking for Rust malware samples to practice analyzing? Our Rust Malware Sample Gallery just received a major update, with 20 new families added! https://github.com/decoderloop/rust-malware-gallery

The Sample Gallery collects links to articles about malware written in Rust, organizes them by malware family, and includes a download link to a publicly available sample for every malware family. This is a resource for any malware analyst who wants to get hands-on with real Rust malware.

The last time the Sample Gallery was updated was almost 2 years ago, in January 2024. Since then, there's been an explosive growth in new Rust malware, including all of the following families that are now in the Sample Gallery:

SPICA, KrustyLoader, RustDoor, SSLoad, Fickle Stealer, Cicada3301 Ransomware, RustyClaw, Embargo Ransomware, RustyAttr, Akira Ransomware (both the Akira_v2 and Megazord variants), Banshee (Rust variant), RALord Ransomware, RustoBot, Tetra Loader, EDDIESTEALER, Myth Stealer, Rustonotto, RustyPages, ChaosBot

This is nearly one new Rust malware family observed in the wild, every month. Rust as a programming language for malware is here to stay!

1
6
0
The leaked exploit toolkit for various iOS versions (Coruna)

https://github.com/khanhduytran0/coruna
0
6
7
Show older