Count Dracula was 412 when he moved to England in search of new blood.

Sauron was 54,000 years old when he forged The One Ring.

Cthulhu had seen galaxies flare
into life and fade to darkness before he put madness in the minds of men.

It's never too late to follow your dreams!

New blog post: Vulnerability Spotlight - CVE-2023-32692.

Learn about the remote code execution vulnerability in CodeIgniter4 and try out our Dev-Container based test environment to follow along!

#cve #vulnerability

https://mogwailabs.de/en/blog/2026/05/vulnerability-spotlight-cve-2023-32692/

DOMPurify XSS via `selectedcontent` re-clone

https://github.com/cure53/DOMPurify/security/advisories/GHSA-87xg-pxx2-7hvx

This is one of the most interesting bypasses we have seen in a long time, and it feels that this new HTML element will cause lots of trouble in the future.

[RSS] Pen & paper quantum computing

https://bfswa.substack.com/p/pen-and-paper-quantum-computing

[RSS] SeppMail Secure E-Mail Gateway: Critical RCE and LFI Vulnerabilities

https://labs.infoguard.ch/posts/seppmail_secure_e-mail_gateway_rce_vulnerabilities_cve-2026-2743_cve-2026-7864_cve-2026-44127_cve-2026-44128/

[RSS] The Biometric AuthToken Heist: Cracking PINs and Bypassing CE via a Long-Ignored Attack Surface

https://www.darknavy.org/blog/the_biometric_authtoken_heist/

[RSS] Instrumenting QT6 desktop apps with Frida - Part 1

https://blog.samanl33t.com/writings/0x0003-frida-on-qt6-part-1/

[RSS] Hack the Elephant One Bite at a Time: JPEG-Related Memory-Safety Bugs in PHP

https://swarm.ptsecurity.com/hack-the-elephant-one-bite-at-a-time-jpeg-related-memory-safety-bugs-in-php/

Deep dive into the Object creation flow in Windows

Part 1 - Allocation & Pre-Initialization
https://winware31.blogspot.com/2026/04/deep-dive-into-object-creation-flow-in.html

Part 2 - Access check internals
https://winware31.blogspot.com/2026/05/deep-dive-into-object-creation-flow-in.html

Part 3 - Post-Initialization & Name Lookup
https://winware31.blogspot.com/2026/05/deep-dive-into-object-creation-flow-in_0798478475.html

[RSS] HDD Firmware Hacking Part 1

https://icode4.coffee/?p=1465

[RSS] Exploiting Toshiba Qiomem.sys vulnerable driver

https://valium007.github.io/posts/toshiba-vuln/

The Nightmare-Eclipse repo clearly credits James Forshaw with the CVE-2020-17103 vulnerability that MiniPlasma is based off of.

Did Nightmare-Eclipse modify MiniPlasma to use a variant of CVE-2020-17103 that still works on modern Windows, which surely contains the fix?

NO. MiniPlasma IS the poc from the GPZ write-up, but with a minor tweak to do something (LPE).

Why does it work on current Windows?
Well, instead of fixing CVE-2020-17103, they decided to break the PoC instead. And yeah, with Win10 Dec 2020 and Win11 RTM, the GPZ PoC doesn't work.

But somewhere between Win11 RTM and 22H2 (I have neither the VM snapshots nor the patience to determine when exactly), whatever thing Microsoft did to break the CVE-2020-17103 PoC regressed. An because it wasn't a fix, then surely Microsoft had no regression test to detect that the fix was no longer present.

So here we are. MiniPlasma is the GPZ PoC, but modified slightly to achieve LPE by way of Volatile Environment and wermgr.exe instead of creating DEMODEMO in the registry.

Since Microsoft didn't bother fixing CVE-2020-17103, will CVE-2020-17103 simply be updated with the MiniPlasma recognition that it wasn't actually fixed in December 2020? Get real. This will surely get a new CVE, as CVEs are for Microsoft updates, not vulnerabilities. 😂

hi everyone

given one #bitlocker #0day is already out there, here's my own bitlocker 0day, I added it to my repo listing bitlocker attacks.

Introducing "ram leak": https://github.com/Wack0/bitlocker-attacks#ram-leak

As we all know, the boot environment allows booting from a ramdisk. This involves loading a file from disk into RAM, as expected.

However, "file" and "disk" can be arbitrarily chosen, and "disk" being a BitLocker encrypted partition is a supported scenario. Using another trick (same one used with bitpixie earlier) it's possible to get the keys derived without going through the legacy integrity validation checks too if relevant.

You can see where this is going. It's possible to leak any file from a bitlocker encrypted OS partition into RAM as long as you can get the keys derived (ie, TPM-only scenario).

The catch is that booting into the NT kernel marks that memory area as free so it could get overwritten there, but there are other ways to dump the memory area, and a PoC is included with my preferred method (it's only a PoC so just displays a hexdump of the first sector of the file)

The video shows successful exploitation in my test VM, it has secure boot enabled (you can tell because VMware shows an efi shell option on the boot menu when secure boot is disabled).

#infosec #windows

GitHub Copilot AI token charges go up 10×–100×

how Enterprise Software as a Service works

https://www.youtube.com/watch?v=-A9FjHGcFWg&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20260518-github-copilot-ai-token-charges-go-up-10x-100x - podcast

time: 7 min 33 sec

https://pivot-to-ai.com/2026/05/18/github-copilot-ai-token-charges-to-go-up-10x-100x/ - blog post

Clownstrike share price basically tripled since the 2024 fuckup... There is no such thing as long term damage in cyber stocks LOL :PPPPPPPP

🐞 Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’

“So just to make it really clear: If you found a bug using AI tools, the chances are somebody else found it too. If you actually want to add value, read the documentation, create a patch too, and add some real value on *top* of what the AI did. Don't be the drive-by ‘send a random report with no real understanding’ kind of person. OK?”

https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633

#ai #linux

RubyGems suspends new Signups after Hundreds of Malicious Packages are Uploaded.

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack."

"We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being. Hundreds of packages involved – mostly targeting us, but some carrying exploits."

https://x.com/maciejmensfeld/status/2054164602577940619

⁉️Visitors to RubyGems sign up page are now greeted with the message: "New account registration has been temporarily disabled."⁉️

https://rubygems.org/sign_up

#rubygems #security #privacy #media #secure #ruby #programming #developer #infosec #tech #news

so, umm, this is a 16 bytes intro

16 bytes

!!!!!!!!!!!!!!!!

https://www.youtube.com/watch?v=MvycyU-kLjg

#demoscene #intro

@schrotthaufen Glad to hear it's some more widespread thing!

( jk, I feel crushed I'm not worthy of a targeted attack :,( )