Feel old yet? The winrar registration nag screen is Electron these days.
EDIT: Whoops, it seems I'm wrong: This is just an embedded webview, which on Win10 is apparently chromium-backed (probably because it's Edge)
#Polish researchers have discovered components of a German #Enigma cipher machine, crucial to the Nazi wartime communications system, on Sobieszewska island near the city of Gdańsk. All in all, 8 rotors and various other parts were recovered. https://tvpworld.com/84053156/fragments-of-rare-german-enigma-machine-unearthed-in-poland
One of the fun parts of doing my security audits is coming across unexpected code that looks exploitable, and trying it out myself to see what possibilities exist.
In a recent audit, I found myself asking... What if you hashed null?
https://securinglaravel.com/security-tip-what-if-you-hashed-null/
That's not how you're supposed to put the ../ in the pentest report!
https://github.com/pwndoc/pwndoc/security/advisories/GHSA-2mqc-gg7h-76p6
Calling all Mystery AI Hype Theater 3000 fans! Have you found a piece of Fresh AI Hell but not known where to send it? Here's the spot:
https://thecon.ai/submit-fresh-ai-hell/
Help @alexhanna.bsky.social and me clean out the Fresh Hell by submitting it there!
Critical command injection in BeyondTrust Remote Support and Privileged Remote Access. Yikes.
Cloud customers patched as of yesterday but on-prem needs to patch.
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
DevOps practices are all well and good, but beware of the configuration of the tools that access your production.
I've written a blog post sharing some dangerous ways Argo CD can be configured, detailing the security impact: https://ledger.com/argo-cd-security-misconfiguration-adventures
Microsoft refuses pull request to put documentation in readable table form because LLMs are bad at parsing tables https://github.com/MicrosoftDocs/WSL/pull/2021