Posts
3867
Following
728
Followers
1595
"I'm interested in all kinds of astronomy."
buherator
repeated
asciimoo@chaos.social

asciimoo

Hister v0.13.0 is out with quite a few new features. Update your instances.

https://github.com/asciimoo/hister/releases/tag/v0.13.0

Hister is a general purpose web search engine providing automatic full-text indexing for visited websites.

0
2
0
buherator
repeated
thezdi@infosec.exchange

TrendAI Zero Day Initiative

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as https://www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2

0
4
0
buherator

buherator

[RSS] Trailmark turns code into graphs

https://blog.trailofbits.com/2026/04/23/trailmark-turns-code-into-graphs/
0
2
2
buherator

buherator

OffensiveCon'26 agenda is out

https://www.offensivecon.org/agenda/2026.html
1
1
2
buherator

buherator

[RSS] Mapping the page tables into memory via the page tables

https://devblogs.microsoft.com/oldnewthing/20260422-00/?p=112255
0
0
0
buherator
repeated
LukaszOlejnik@mastodon.social

Lukasz Olejnik

A 4-star admiral told Congress the U.S. military runs a Bitcoin node to “secure networks” and endorsed Bitcoin as a “power projection” capability. The cryptographic primitives he cited like proof or work aren’t exactly earth shuttering in 2026. https://gooden.house.gov/2026/4/gooden-reveals-historic-u-s-military-use-of-bitcoin-node

0
2
1
buherator

buherator

CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to
local root exploit

https://www.openwall.com/lists/oss-security/2026/04/22/6
0
3
0
buherator
repeated
0patch@infosec.exchange

0patch

Micropatches released for Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2026-20931)
https://blog.0patch.com/2026/04/micropatches-released-for-windows.html

1
3
0
buherator
repeated
davidrevoy@framapiaf.org

David Revoy

The Dungeon of Dark Patterns

Sources and bonus timelapse: https://www.peppercarrot.com/en/miniFantasyTheater/049.html

8
36
1
buherator

buherator

#classstruggle #vent
Show content
Today I read one too many utterly stupid takes on "capitalism" (which seems to be an alias for Everything Bad in Society) from one of the Fedi-comrades, so as a former business owner let me tell you this:

When some ppl (not you!) tell their friends at the pub about how they abuse WFH, or even have two full-time jobs because they can arrange their calls creatively...well, your boss probably goes to the same pubs.

Now I won't assume that everyone does the same, but in exchange please also consider that not all bosses are greedy assholes just like not all employees are lazy liars.
0
0
2
buherator
repeated
stf@chaos.social

stf

if the part before the main, is the "prequel" then why is the part after the main a "sequel" and not a "postquel"?

1
1
0
buherator
repeated
buffshirtlesswizard@app.wafrn.net

buffshirtlesswizard

Edited 8 days ago

Today I learned a spell to TOAST A BAGEL. It is supposed to be a spell to REFORGE A RING but it does not check the ring’s MATERIAL, and if you cancel about a second into casting the bagel will NOT be DESTROYED.

#wizardposting #wizard
5
8
1
buherator
repeated
talosvulns

Talos Vulnerability Reports

New vulnerability report from Talos:

Adobe Photoshop Installation Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2274

CVE-2026-34632
0
1
0
buherator

buherator

"I'm here to chew bubblegum and punish microsoft for their sins. And I'm all out of bubblegum."

SandboxEscaper is back :)

https://xcancel.com/WeirdQuadratic/status/2046683620987809947
0
2
2
buherator
repeated
freddy@security.plumbing

Frederik Braun �

I typically recommend people do not pick a Firefox fork because keeping up with security patches is a lot of work and being downstream of our code typically implies a delay.

But if you feel like you really have to use a Firefox fork, I suggest you find one that has the means to ship an update within a day.

From those I looked at, most did not bring an update based on 150 yet. (Special shout out to the Tor Browser. You're awesome!)

0
3
0
buherator

buherator

Reply to @0xabad1dea@infosec.exchange
@0xabad1dea Put out a poster with a bounty for the courier who identifies the intruder. It may not worth for them (having a delivery quota, etc), but if the intruder sees the poster (s)he won't trust the couriers anymore.
0
0
0
buherator
repeated
a13xp0p0v@infosec.exchange

Alexander Popov

My new article: "Some notes on the security properties of the pipe_buffer kernel object"

Many Linux kernel exploits use the pipe_buffer kernel object to build strong exploit primitives. I experimented with pipe_buffers and discovered something interesting

https://a13xp0p0v.tech/2026/04/20/pipe-buffer-experiments.html

0
5
0
buherator

buherator

[RSS] X41 Reviewed SecureDrop

https://x41-dsec.de/security/research/job/news/2026/04/21/securedrop-review-2026/
0
2
0
buherator

buherator

Reply to @mttaggart@infosec.exchange
@mttaggart
0
0
1
buherator
repeated
mttaggart@infosec.exchange

Taggart ifin

Edited 6 days ago

Oh my god, OpenAI reinvented Recall, but for macOS.

"Chronicle" is an opt-in feature that scans your screen, saves screenshots temporarily, and sends them to OpenAI's servers.

https://developers.openai.com/codex/memories/chronicle

6
17
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.