[RSS] [CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution

https://karmainsecurity.com/KIS-2025-02

@raptor @TarkabarkaHolgy I imagine this is similar how the brain can recover from certain kinds of damage, reassigning tasks of damaged tissue to other parts?

Sleep deprivation is a form of torture.

Unless you are a parent, in which case it is a form of "children are a blessing, you wanted this, you're on your own, suck it up, good luck."

#parenting

Time to update microcode on your Intel processors (gen >9)...

New speculative prediction bug lets you capture /etc/shadow with 99% reliability. They didn't make anything like it work on AMD or ARM... yet...

https://comsec.ethz.ch/research/microarch/branch-privilege-injection/

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512

there's something beautifully wrong about trying to advertise copilot to a windows 98 machine.

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application.

https://www.ibm.com/think/x-force/operationalizing-browser-exploits-to-bypass-wdac

Holy wow, XSS to RCE in Restricted Mode in VSCode. What a find!

https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/

Gear is still missing... #P2OBerlin

The schedule for #Pwn2Own Berlin is now live! We have three days of exploitation set - including our first AI entries. https://www.zerodayinitiative.com/blog/2025/5/14/pwn2own-berlin-the-full-schedule #P2OBerlin

days like today I remember to do my breathing exercises and gently remind myself this is nothing an extinction level event cant fix

@mahaloz This is very cool!

What does it mean to be a hacker? This semester, I taught a hacker history and culture class, which was a blast. In one assignment, my students paid tribute to the classic @phrack Pro-Phile -- a small bio on a famous hacker. Check out their pieces: https://cse194.mahaloz.re/prophiles.html

Yes, hello! If you were following @bert_hubert@fosstodon.org you should have been redirected automatically to following this new account. And if not, if you are still interested in my ramblings, please follow this account manually. Can I ask for retoots so the people that might be interested see this news? Thanks!

Wow, this is really taking off! FD: I read this here on Fedi but couldn't find the original only reposts on the other site :(

More importantly: things are really turning shit in my country (see top post). Do whatever you can against populists and don't let yourselves be divided with stupid identity politics!

https://www.youtube.com/watch?v=pYMMuuPsngk

@whitefish I think they are technically white mice.

@gaborudvari I'm afraid this is 100% accurate...

CVE-2024-28956: Xen Security Advisory 469 v2: x86: Indirect Target Selection https://www.openwall.com/lists/oss-security/2025/05/12/5
A bug in the hardware support for prediction-domain isolation. An attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests.

https://bird.makeup/@vu5ec/1921973704948371486

"Are Pinky and the Brain still trying to take over the world? Because at this point I'm willing to hear them out."

"[Steam breach] debunked [...] source of it all is an AI company's LinkedIn post that itself looks AI made itself"

https://bsky.app/profile/tannerofthenorth.bsky.social/post/3lp572utm5c2c

h/t @neurovagrant

#fromBsky

What happens if a cosmic ray hits a voting machine?

In Belgium’s 2003 elections, a relatively unknown Communist Party candidate received 4096 extra votes…from a spontaneous bit inversion.

It was more votes than was mathematically possible at that polling station.