rsync: 6 CVEs https://www.openwall.com/lists/oss-security/2025/01/14/3
Two independent groups of researchers identified a total of 6 CVEs in rsync. In the most severe CVE (affects rsync 3.2.7+), an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code.

Time to upgrade #ApacheTika to 3.2.2.

XXE in XFA parsing up through version 3.2.1

https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w

[RSS] Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault

https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/

[RSS] DLL ForwardSideloading

https://www.hexacorn.com/blog/2025/08/19/dll-forwardsideloading/

[RSS] Marshal madness: A brief history of Ruby deserialization exploits

https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/

Git 2.51: Preparing for the future with SHA-256 https://www.helpnetsecurity.com/2025/08/19/git-2-51-sha-256/

Ever seen two responses to one request? That's just pipelining... or is it? I've just published "Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling" https://portswigger.net/research/how-to-distinguish-http-pipelining-from-request-smuggling

Is it me or Spotify has trouble tracking what time you are at in a track (progress bar jumps, finishes before the track does, etc.)?

I thought humanity solved this problem a few years back.

UK drops demand for backdoor into Apple encryption https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped

@Viss @chillybot How do you do split DNS without systemd-resolved though? I guess it's possible, but I never figured out how...

@nuintari '80s kid from the Soviet block: you guys have manuals?

@womble It can do that (kind of...), and you could e.g. append "succesful" conversations to the initial prompt for adaption. But doing that once on sanitized data vs. continuously on user input are radically different risks.

"Ukraine gives award to foreign vigilantes for hacks on Russia" https://www.bbc.com/news/technology-68722542

ehhh...

@davidgerard This comment to the video seems on spot:

It seems McKinsey aren't aware that "agentic AI" is just an LLM that can utter some magic incantations that do stuff. It's like a difference between a chimpanzee with a typewriter vs a chimpanzee with a typewriter and a gun.

Don’t skip the linenoise section, a lot of great bits in there! https://haunted.computer/@phrack/115051910573337358

@GossiTheDog "they stall in enterprise use since they don’t learn from or adapt to workflows" - can't wait for some genius to make user prompts persist in the model so the whole thing can get poisoned!

Today I have a more serious topic than usual, please consider reposting for reach:

My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder (myoclonus and/or spasms) to finally find a cause and, above all, an effective therapy. The symptoms are bothering our son ever since he’s born, now for more than nine years, seriously affecting his sleep. The usual processes and medical contact points have failed us unfortunately and he seems stuck in this condition.

We’re based in Berlin, Germany but really any contact with a specialist who would be willing to take on this case we’d be grateful for!

To reach use you can DM me or contact us via Email at unclear.condition@gmail.com

@NanoRaptor Hexagons are the Bestagons!