[RSS] RSync: Heap Buffer Overflow, Info Leak, Server Leaks, Path Traversal and Safe links Bypass

https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088

[RSS] PaloAlto OpenConfig Plugin: Command Injection Vulnerability

https://github.com/google/security-research/security/advisories/GHSA-73px-m3vw-mr35

CVE-2025-0110

Valve releases full Team Fortress 2 game code to encourage new, free versions
Other Source games also get the Half-Life 2 anniversary update treatment.
https://arstechnica.com/gaming/2025/02/valve-releases-full-team-fortress-2-game-code-to-encourage-new-free-versions/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

TIL there is a non-stop Mythbusters channel on YT :O

https://www.youtube.com/watch?v=brUPUA0WNQ8

#Ghidra 11.3.1 is out, change log:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.3.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Has anyone managed to remote kernel debug Windows VMs over IP with virtio NIC drivers?

@LivingCooki I only hoped it has

Be Careful What You Ask For: Voice Control

https://hackaday.com/2025/02/19/be-careful-what-you-ask-for-voice-control/

🚀 Master heap exploitation with Corelan in Zagreb! Hands-on, real-world skills from the best. Limited spots—sign up now! 🔥
https://deep-conference.com/training-corelan-heap-exploit-development-masterclass-for-windows/

After a long and restful break since leaving my last role, I'm back to actively looking for new problems to solve. If you know of anyone looking for someone with an extensive background in security leadership, application security, & penetration testing, let me know!

Resume: https://adamcaudill.com/resume/

[RSS] Ivanti Endpoint Manager - Multiple Credential Coercion Vulnerabilities

https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/

CVE-2024-10811: Credential Coercion Vulnerability in GetHashForFile
CVE-2024-13161: Credential Coercion Vulnerability in GetHashForSingleFile
CVE-2024-13160: Credential Coercion Vulnerability in GetHashForWildcard
CVE-2024-13159: Credential Coercion Vulnerability in GetHashForWildcardRecursive

[RSS] Hackaday Europe 2025: Speakers, Lightning Talks, and More!

https://hackaday.com/2025/02/18/hackaday-europe-2025-speakers-lightning-talks-and-more/

[RSS] Auto-Download Your Kindle Books Before February 26th Deadline

https://hackaday.com/2025/02/18/auto-download-your-kindle-books-before-february-26th-deadline/

Four years ago I got my first threat of violence for my Open Source work that I ended up reporting to the police. Thick skin and all that, but there are limits...

https://daniel.haxx.se/blog/2021/02/19/i-will-slaughter-you/

This is *the most malicious, brutal* malicious compliance I've seen in quite some time, possibly ever, and I am HERE FOR IT. Thank you, @jwz

https://www.jwz.org/xscreensaver/google.html

#privacy #security #infosec #Android #screensaver

@cyanautik @schrotthaufen @Viss https://www.youtube.com/watch?v=j1GlFlMfszc

@schrotthaufen @Viss I've heard a couple of tracks featuring these at various EDM events (annoying af tbh).

Normally you can't auth to Entra ID connected webapps with bearer tokens. But if Teams can open SharePoint/OneDrive with an access token, I guess so can we. roadtx now supports opening SharePoint with access tokens in the embedded browser 😀

So, coup by the evil venture capitalists. I kindly suggest the good venture capitalists should proceed to stand up and actively fight this, before everything goes full Palpatine.