I don't like this custom protocol, I'm sure there is a common library that could be used! Let's take a look at this alternative repository...

"import org.springframework...."

*drop and run*

Yes, there’s another phishing campaign contacting fediverse users to fill out a form to avoid being suspended or whatever. Stay calm and just report them and be sure to check the option to inform their home instance so the account gets suspended for everyone.

Also, please consider enabling moderated signups if you don’t already have them. I get it - signups dropped by >90% when I did it, but there’s very little capability for dealing with bad actors proactively once they have an account. I know it’s not a foolproof way to keep the scammers out, but it is an improvement.

[RSS] STAR Labs Summer Pwnables Linux Kernel Challenge Writeup

https://u1f383.github.io/linux/2025/09/01/starlabs-summer-pwnables-linux-kernel-challenge-writeup.html

you had ONE job

"Just fucking use HTML"- https://justfuckingusehtml.com/

Just a tiny bit offensive. 🤏

🔥 So, at DEF CON there was a talk about deobfuscation: VMDragonSlayer by @van1sh_bsidesit.

The author released the code and there's clearly huge amounts of AI slop.🤖

Now, WE WENT TO THE TALK and spoke with the speaker after the talk. 🧵
https://bird.makeup/users/dodo_sec/statuses/1960547263605772738

@lazyb0y from my previous answer: "Please don't tell me it should be adtech that should play nicely, while the regulation is there because they don't play nicely in the first place"

@davidkarlas @Viss @jason @codinghorror I don't have hard data on this unfortunately, but I tend to browse in incognito, so I get all cookie notifications all the time. Based on this experience GH is a rare exception. I must add, that this is in part because the EU is not only failing in proper enforcement, but also communication as I know of multiple well intentioned site owners who implemented this BS because they didn't understand the regulation.

To be fair I also hear marketing crying over constent requirements, which is good, but overall the adtech industry is still thriving while user experience deteriorated. In other words the regulation doesn't have the intended effect, while causing negative externalities, making things worse. (Please don't tell me it should be adtech that should play nicely, while the regulation is there because they don't play nicely in the first place)

@jason @codinghorror @Viss And they reacted in a way that made said behavior even worse. Well done!

[RSS] Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309)

https://blog.amberwolf.com/blog/2025/august/advisory---netskope-client-for-windows---local-privilege-escalation-via-rogue-server/

newtons per kernel module

Entertaining and inspiring #pwn2own #xdev writeup 👏 (also from a few months back)

#Lorex 2K Indoor Wi-Fi Security Camera: RCE #Exploit Chain

https://github.com/sfewer-r7/LorexExploit

https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf

[RSS] This Week in Security: DEF CON Nonsense, Vibepwned, and 0-days

https://hackaday.com/2025/08/29/this-week-in-security-def-con-nonsense-vibepwned-and-0-days/

by Hackaday

Don't forget: this Friday, September 5th, is a #BandcampFriday and a #FairTradeMusicFriday!

https://IsItBandcampFriday.com
https://IsItFairTradeMusicFri.day

#FediMusic #Bandcamp #FairTradeMusic #Music #Musodon

KernelSnitch - Side-Channel Attacks on Kernel Data Structures

https://lukasmaar.github.io/slides/ndss25-kernelsnitch.pdf

@lethalbit schematic or summoning diagram?

@itgrrl No, this is not the topic of my question, and I think you are needlessly working yourself up on comments on the Internet.

Unrelated to the particular context this came up, is there a name for this? I've seen this behavior a bunch of times, esp. in IT!

RE: https://mstdn.io/@wolf480pl/115113655884602210

@FritzAdalis @da_667 I also think this causing trouble: https://techcommunity.microsoft.com/blog/microsoft-security-blog/a-new-modern-and-secure-print-experience-from-windows/4002645

@tmr232 oh yeah hidden persistent config fuckups are the best...