Anyone happens to know if there's any easy trick to bypass an Incapsula "security firewall" that thinks downloading with curl/wget is an attack to be prevented? (It's not just the user agent, I tried that.)

[RSS] OpenPrinting ippusbxd media-size-supported stack based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071

The researchers responsible for 5 of the 6 rsync CVEs first publicly disclosed in January 2025 have now published their writeup in @phrack Magazine, including attack scenarios and exploitation techniques https://www.openwall.com/lists/oss-security/2025/08/19/1
https://bird.makeup/users/phrack/statuses/1957556561473102334

rsync: 6 CVEs https://www.openwall.com/lists/oss-security/2025/01/14/3
Two independent groups of researchers identified a total of 6 CVEs in rsync. In the most severe CVE (affects rsync 3.2.7+), an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code.

Time to upgrade #ApacheTika to 3.2.2.

XXE in XFA parsing up through version 3.2.1

https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w

[RSS] Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault

https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/

[RSS] DLL ForwardSideloading

https://www.hexacorn.com/blog/2025/08/19/dll-forwardsideloading/

[RSS] Marshal madness: A brief history of Ruby deserialization exploits

https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/

Git 2.51: Preparing for the future with SHA-256 https://www.helpnetsecurity.com/2025/08/19/git-2-51-sha-256/

Does anyone know there an alternative to the Spotify Jam feature? so many people i know strictly stay on spotify because spotify jam is so good for long distance relationships
https://mastodon.sdf.org/@jdunlevy/115033656932421363

Ever seen two responses to one request? That's just pipelining... or is it? I've just published "Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling" https://portswigger.net/research/how-to-distinguish-http-pipelining-from-request-smuggling

Is it me or Spotify has trouble tracking what time you are at in a track (progress bar jumps, finishes before the track does, etc.)?

I thought humanity solved this problem a few years back.

UK drops demand for backdoor into Apple encryption https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped

@Viss @chillybot How do you do split DNS without systemd-resolved though? I guess it's possible, but I never figured out how...

@nuintari '80s kid from the Soviet block: you guys have manuals?

@womble It can do that (kind of...), and you could e.g. append "succesful" conversations to the initial prompt for adaption. But doing that once on sanitized data vs. continuously on user input are radically different risks.

"Ukraine gives award to foreign vigilantes for hacks on Russia" https://www.bbc.com/news/technology-68722542

ehhh...

@davidgerard This comment to the video seems on spot:

It seems McKinsey aren't aware that "agentic AI" is just an LLM that can utter some magic incantations that do stuff. It's like a difference between a chimpanzee with a typewriter vs a chimpanzee with a typewriter and a gun.