We have released the files for the research that led to CVE-2024-36904. It contains the codes, the original kernel source, the patch and the modified kernel source that help to trigger the KASAN splat. If you want to play with the vulnerability, you can use the files.

https://github.com/alleleintel/research/tree/master/CVE-2024-36904/

There's another Office "intentional crash" detected by @expmon_ (background for the 1st one: https://www.linkedin.com/posts/haifeili_if-you-need-a-real-world-office-sample-triggering-activity-7304034115706597376-eVnM), it's a bit different (as I just quickly analyzed) but I'd like to leave it to anyone who is interested in investigating. :)

https://pub.expmon.com/analysis/254228/

So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.

Let me put the important words in uppercase.

So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.

[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]

https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/

#cloudflare #password #cybersecurity

Question to the Fediverse:

I'm looking for a mailing list / newsgroup solution (it can be SaaS or self hosted).

I need a couple things:
- Easy subscribe and unsubscribe functions
- Ability to send out mass emails to subscribers (basic functionality)

- Most important... and this is the weird part... I need all the subscribers to be able to "reply all" or to email the list as a whole, to also send messages to everyone. But I don't want them to be able to see everyone on the list.

I need an oldschool mailing list proper, where people can track the threads and replies, right.

All the marketing email lists are only top-down - the emailer mails all the recipients, but there is no allowing the recipients to email each other.

The best I have found is GNU MailMain: https://www.gnu.org/software/mailman/

Does anyone know any other examples?

Edit to add better nomenclature (my brain is not forming words right now):
- Allows for email discussion
- Allows for email threading
- Email Newsgroup - that's a good one

Editing to add answers to my own question:
- GNU Mailman: https://www.gnu.org/software/mailman/
- Gaggle Email: https://gaggle.email (cheers @zebbm)
- Groups io: https://groups.io (cheers @TNLNYC )
- Gray Duck Mail: https://grayduckmail.com
- mlmmj: https://mlmmj.org

Classic Microsoft: they force software you never asked for and didn’t want onto your PC. Then they ship a bug that accidentally removes it

https://www.thurrott.com/a-i/318558/windows-11s-march-security-update-may-remove-copilot-from-your-pc

I feel like the message of Sir Tim Berners-Lee's latest op-ed in the Financial Times may suffer from its medium.

But don't worry, you can read his pitch for Solid here:

https://archive.ph/4Vvms

Happy St Patrick’s Day! I hope you get lucky like the Irish. Or something.

qbasic (1992): opens with the option to view help or jump straight into programming.

qb64 (2025): opens with a warning that any program you make with it will be falsely flagged by your antivirus as malware.

We heard you needed some more time, so we wanted to let you cook.

We decided to push the Phrack 72 CFP deadline back until June 15th.

Stay tuned for upcoming Phrack events.

Print this flyer out and give it to someone IRL!!

🚨 LABScon Replay: Investigative journalist Kim Zetter interviews Microsoft VP David Weston on Windows security, AI, secure dev practices, and the company's reaction to the CrowdStrike outage. @kimzetter @dwizzzlemsft

https://youtu.be/7ne9e0YUrQI?si=w2qTa1NNakOJqadP

SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries https://workos.com/blog/samlstorm

Just spent 6 hours in an ER (I'm fine) and witnessed, in no particular order:

A nurse bit by a patient

A patient screaming MURDERERS from an exam room

Two nurses patiently dressing and re-dessing an elderly man who kept stripping

Someone yelling at a student doctor about wait times

Urine being spilled on the floor

Someone yelling "the patient made a run for it!"

A patient trying to call the cops on doctors

Whatever we think hospital workers should be paid, it's not enough.

#HealthCare

My first watchTowr post is out! It was my first take on a CMS solution and I was able to get some interesting pre-auth RCE chains on Kentico Xperience. 😎

"In today's post, we dive into Kentico's Xperience CMS - highlighting multiple Authentication Bypass vulns chained with a post-auth RCE..."

https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/

The first TUI disassemble and debugger I used which I spent lots of time in there for reversing viruses and understand better the internals of the DOS operating system was HACK from the nocash dude. I'm always happy to find its website up and use it in dosbox https://problemkaputt.de/hack.htm #reverseengineering #tui

CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution https://cvereports.com/cve-2025-24016-unsafe-deserialization-vulnerability-in-wazuh-leading-to-remote-code-execution/

De-google-ify Internet

Amazing campaign by the French not-for-profit association Framasoft.

The De-google-ify Internet project offers 26 ethical and alternative online tools that may be used by everyone.

They build open source alternatives to many Google services like Youtube, Agenda, Docs, Forms, Maps etc, as well other services to replace Doodle, Facebook Event, Github, Zoom, Slack and much more!

Check their beautiful website, watch the videos to know more about their work and follow them here in Mastodon:

@Framasoft

https://degooglisons-internet.org/

#europe #opensource #europeanalternatives #EUtech #boycott #degoogle #google

What unholy mess is this? Do I need to install VS Code now to edit a text file?

The State of Personal Online Security and Confidentiality

https://www.youtube.com/watch?v=AyH7zoP-JOg

Full interview with Signal's Meredith Whittaker.

Four hundred and nineteen Twitter accounts that posted on Brexit were localized to Russia’s Internet Research Agency… About a third of the discussion of Brexit on Twitter was generated by bots—and more than 90% of the bots tweeting political material were not located in the United Kingdom. Britons…had no idea at the time…that the bots were part of a Russian foreign policy to weaken their country. The margin of the vote was 52% for leaving and 48% for staying. … Brexit was a triumph for Russian foreign policy, and a sign that a cyber campaign directed from Moscow could change reality.
—Timothy Snyder, The Road To Unfreedom: Russia, Europe, America
#russia #unitedkingdom #uk #brexit

Mark Rober maps Disney Lands Space Mountain dark roller coaster with a LIDAR *and* drives a Tesla to a Roadrunner-style "fake road" wall in a single video 🍿

https://www.youtube.com/watch?v=IQJL3htsDyQ