Posts
3896
Following
728
Followers
1602
"I'm interested in all kinds of astronomy."
buherator
repeated
flup@mastodon.scot

Ian Chard

also affects .

1
5
0
buherator
repeated
david_chisnall@infosec.exchange

David Chisnall (*Now with 50% more sarcasm!*)

I saw that there’s now a mobile version of Roller Coaster Tycoon (Roller Coaster Tycoon Touch) and I thought it might be fun (one of the Netflix bundled mobile games). A couple of hours of casual play in, it was clear that the game was carefully designed to make it progressively harder and harder to make progress without in-app purchases.

@EUCommission , if you want to actually make things safer online, how about making that kind of predatory practice illegal? Children are particularly vulnerable, but so are a lot of adults. No need for age verification, just an outright ban.

So sad to see a such a respected game series used for this kind of whale farming.

1
3
0
buherator

buherator

[RSS] Punk, or why I don't stream anymore

https://geohot.github.io//blog/jekyll/update/2026/05/03/punk-or-why-i-dont-stream.html

"What killed the hacker culture I grew up in was spectacle."
0
0
1
buherator

buherator

[RSS] A Shortcut to Coercion: Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202

https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
0
1
0
buherator

buherator

[RSS] Three Bugs Walk Into a PDF: Prototype Pollution, Served Cold

https://starlabs.sg/blog/2026/04-three-bugs-walk-into-a-pdf-prototype-pollution-served-cold/

CVE-2026-34621, CVE-2026-34622, CVE-2026-34626
0
0
0
buherator

buherator

[RSS] Carrot disclosure: Forgejo

https://dustri.org/b/carrot-disclosure-forgejo.html
0
0
0
buherator

buherator

[RSS] A Route to Root in a 4G Industrial Router

https://tantosec.com/blog/2026/04/route-to-root-in-4g-industrial-router/
0
0
3
buherator

buherator

[RSS] Discovering Vulnerabilities in Enterprise Audiovisual Hardware

https://spaceraccoon.dev/discovering-vulnerabilities-enterprise-audiovisual-hardware/
0
2
1
buherator

buherator

[RSS] libghidra - SDK for automating Ghidra from Python, Rust, and C++

https://github.com/0xeb/libghidra

#Ghidra
0
2
3
buherator

buherator

[RSS] TAPOcalypse Now: Exploiting TP-Link Smart Devices From Anywhere

https://labs.taszk.io/articles/post/tapocalypse/
1
2
3
buherator

buherator

Reply to @wolf480pl@mstdn.io
@wolf480pl @joshbressers @gregkh I don't think a negative externality has to affect *everyone*. We can argue about who are 1st, 2nd, and 3rd parties in this game, but in the end suboptimal vulnerability management (caused by arguably bullshit CVEs) definitely hurt the security of end users who don't have a say about which vendors their service provider choose (not that there are many orgs out there today who can run without Linux, so this demand is a bit unrealistic too).
0
0
0
buherator

buherator

Reply to @gregkh@social.kernel.org
@gregkh @joshbressers What you are describing is called a "negative externality".
1
0
1
buherator
repeated
internetarchive@mastodon.archive.org

internetarchive

News shouldn’t disappear. 🕳️

Some publishers are blocking the Wayback Machine, putting the public record at risk. Journalists are speaking out.

Add your name. Stand for preserving the news.

✍️ https://www.savethearchive.com/NewsLeaders

0
8
0
buherator
repeated
spazef0rze@infosec.exchange

Michal Špaček

Detailed report from DigiCert (thanks!) about "a limited number of code signing certificates, few of which were then used to sign malware".

At the beginning a ZIP file with a .scr executable, and some time later 60 revoked Code Signing certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=2033170

0
4
0
buherator
repeated
campuscodi@mastodon.social

Catalin Cimpanu

Hungary's pro-Kremlin media gets hacked by WorldLeaks

The leaked data exposes coordination with the Kremlin in anti-Ukraine coverage: https://telex.hu/zacc/2026/04/30/mediaworks-hekkertamadas-memo-zelenszkij-lejaratas-telefonos-segitseg-moszkvabol

Mediaworks threatens lawsuits over coverage of the hacked data: https://hirtv.origo.hu/ahirtvhirei/2026/05/a-mediaworks-kozlemenye

It sues one of the sites that covered the Kremlin ties: https://media1.hu/2026/05/01/mediaworks-buntetofeljelentes-media1-telex-lapszemle-toth-tamas-antal/

h/t @rqm --> https://mastodon.social/@rqm@exquisite.social/116498047329184815

0
3
0
buherator

buherator

Reply to @tj@howse.social
@tj there should be no API for this at all!
0
0
2
buherator
repeated
tj@howse.social

tjhowse

Edited 2 days ago

Can web developers stop fucking with scroll bars please? No website is so beautiful that it justifies losing the ability to see how far the page scrolls down. I don't give two shits about your design vision.

11
17
0
buherator
repeated
gifs_bot@mas.to

GIFS GALORE

CARTOON/BOFFO1.GIF

0
1
0
buherator
repeated
timb_machine@infosec.exchange

Tim (Wadhwa-)Brown donor

Interesting Git repos of the week:

Detection:

* https://github.com/gadievron/honeyslop - a side bar to RAPTOR, a vulndev slop detector from @gadi 🤖
* https://github.com/Nehboro/nehboro - a Chrome extension to help protect you from phishing scams
* https://github.com/trustedsec/SysmonCommunityGuide - TrustedSec dropped guides for Sysmon
* https://github.com/JPCERTCC/LogonTracer - watch out for unexpected logins with JPCERT
* https://github.com/persistent-security/month-of-bypasses - a month of detection engineering tips and tricks
* https://github.com/sjzasada/agentflash - my old uni house mate has written a tool to keep an eye on Claude

Bugs:

* https://github.com/theori-io/copy-fail-CVE-2026-31431 - copy.fail \o/

Exploitation:

* https://github.com/CyberStrikeus/CyberStrike - sloppy pen testing 🤖
* https://github.com/SnailSploit/Claude-Red - another agentic pen tester 🤖
* https://github.com/PurpleAILAB/Decepticon - rise of the bots 🤖
* https://github.com/hackerschoice/team-teso - courtesy of @thc, an archive of TESO
* https://github.com/BishopFox/cirro - @BishopFox created Cirro to map clouds 🤖
* https://github.com/thomasdullien/vulpine - @HalvarFlake dabbles in AI bug hunting and vulndev
* https://github.com/boostsecurityio/smokedmeat - smoked meat attacks CICD pipelines for hot red team action
* https://github.com/mandiant/gopacket - Mandiant ported Impacket to Go
* https://github.com/trailofbits/trailmark - @trailofbits's Trailmark graphs code 🤖
* https://github.com/sailay1996/vss-fr2system - arbitrary reads to SYSTEM \o/
* https://github.com/asset-group/Sni5Gect-5GNR-sniffing-and-exploitation - attacking 5G for sniffs and giggles
* https://github.com/ANSSI-FR/bmc-tools - ANSSI parses your RDP screenshots
* https://github.com/BSI-Bund/RdpCacheStitcher - BSI stitches them together
* https://github.com/califio/publications - @thaidn and friends do interesting things 🤖
* https://github.com/jedireza/reserved-subdomains - what subdomains are reserved?

Hardening:

* https://github.com/sektioneins/ovpncc - One of SektionEins's various config checking tools, this onefor OpenVPN
* https://github.com/HarmonicSecurity/claudit-sec - audit your Claude Desktop posture

Cryptography:

* https://github.com/nitram2342/bruteforce-crc - crunching through CRC32

Data:

* https://github.com/op7ic/SwarmMaker - my good friend opt7ic drops a new tool to build LLM skills

Nerd:

* https://github.com/moshix/BRICKS_TS - mainframe code

, ,

1
3
0
buherator
repeated
frycos@infosec.exchange

frycos

Infosec community right now…

1
8
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.