Posts
3370
Following
712
Followers
1579
"I'm interested in all kinds of astronomy."
buherator
repeated
mnot@techpolicy.social

Mark Nottingham

So, Google just launched a major new AI demo that requires people to relax their browser security settings. Wow.

4
5
0
buherator
repeated
gwynnion@mastodon.social

Nowhere Girl

I don't want to "talk" to my browser. I don't want my browser to "summarize" things. I don't want my browser to "help" me with things. I don't want my browser to do anything except show me web pages and shut the fuck up and get out of the way.

13
30
1
buherator
repeated
REverseConf@infosec.exchange

RE//verse Conference

The RE//verse YouTube channel is packed with talks from RE//verse 2025! Catch Takahiro’s deep dive into UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior here: https://youtu.be/pMZqvv_tKDs?feature=shared and be sure to subscribe so you don’t miss more like this!

0
3
0
buherator
repeated
andersonc0d3@infosec.exchange

Anderson Nascimento

VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717

0
2
0
buherator
repeated
cure53@infosec.exchange

Cure53 🏳️‍🌈

Small change to HTML with massive impact on eliminating mXSS attacks

https://github.com/whatwg/html/commit/e21bd3b4a94bfdbc23d863128e0b207be9821a0f

0
3
0
buherator
repeated
ifsecure@infosec.exchange

Ivan Fratric

...and now the video of my talk "Finding and Exploiting 20-year-old bugs in Web Browsers" is live too https://www.youtube.com/watch?v=U1kc7fcF5Ao

2
7
0
buherator
repeated
SSDSecureDisclosure@infosec.exchange

SSD Secure Disclosure

🚨 New advisory was just published! 🚨

Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product: https://ssd-disclosure.com/ssd-advisory-multiple-foscam-x5-vulnerabilities/

0
2
0
buherator

buherator

Wow, this was fast! #OffensiveCon25 videos are up!

https://www.youtube.com/watch?v=goEb7eKj660&list=PLYvhPWR_XYJk0p40BrX7K2z-_j_tJmvhc
0
7
9
buherator
repeated
nspace@infosec.exchange

Nspace

Edited 7 months ago

We found a vulnerability in AMD CPUs that lets us load arbitrary microcode!
The recording of our OffensiveCon presentation is live at https://youtu.be/sUFDKTaCQEk
Slides at http://entrysign.top

0
3
0
buherator

buherator

[RSS] Telegram Gave Authorities Data on More than 20,000 Users

https://www.404media.co/telegram-gave-authorities-data-on-more-than-20-000-users/
0
0
1
buherator

buherator

[RSS] Remembering The ISP That David Bowie Ran For Eight Years

https://hackaday.com/2025/05/19/remembering-the-isp-that-david-bowie-ran-for-eight-years/
0
1
2
buherator
repeated
mcc@mastodon.social

mcc

Discovery: The "copilot" bot user that Microsoft will soon be flooding your github repos with garbage content from is implemented in some sort of special way that exempts it from the "block" feature you would normally be able to block other users/bots with

https://github.com/orgs/community/discussions/159749

27
19
0
buherator

buherator

#EU reaction as Orbán is about to kill independent press and civil society in #Hungary

https://youtu.be/UIPSvIz9NDs?si=Sbe2wHqsHkqPtjm6&t=40
0
0
0
buherator
repeated
arstechnica@mastodon.social

Ars Technica

Microsoft takes Windows Subsystem for Linux open source after nearly a decade
WSL has also recently added official support for both Fedora and Arch distros.
https://arstechnica.com/gadgets/2025/05/microsoft-takes-windows-subsystem-for-linux-open-source-after-nearly-a-decade/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

3
8
0
buherator
repeated
golang@hachyderm.io

golang

"Go Cryptography Security Audit" by Roland Shoemaker — https://go.dev/blog/tob-crypto-audit

0
3
0
buherator

buherator

CVE-2024-11182 also seems like a stored XSS: "attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag" - The '90s called and they want their webmail bugs back!!

RE: https://mastodon.social/@cisakevtracker/114535806650652126
0
0
1
buherator

buherator

I found that CVE-2024-27443 doesn't qualify for XSS Reflections as it seems to be a stored XSS. Pretty neat vuln though!

https://github.com/v-p-b/xss-reflections

RE: https://mastodon.social/@cisakevtracker/114535804613431399
0
0
1
buherator
repeated
cR0w@infosec.exchange

cR0w

I have been following the INFOSEC industry and am ready to begin my startup. Any investors here interested? Here's my business plan.

6
2
0
buherator

buherator

[RSS] Security Bulletin: IBM i is vulnerable to a machine-in-the-middle attack due to mishandling error codes when verifying the host key by OpenSSH. [CVE-2025-26465]

https://www.ibm.com/support/pages/node/7233399?myns=swgother&mynp=OCSWG60&mynp=OCSSTS2D&mynp=OCSS9QQS&mynp=OCSSKWKM&mynp=OCSSC5L9&mynp=OCSSB23CE&mync=A&cm_sp=swgother-_-OCSWG60-OCSSTS2D-OCSS9QQS-OCSSKWKM-OCSSC5L9-OCSSB23CE-_-A

#IBMi
0
0
0
buherator

buherator

[RSS] Security Bulletin: IBM i is vulnerable to a privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i [CVE-2025-33103].

https://www.ibm.com/support/pages/node/7233799?myns=swgother&mynp=OCSWG60&mynp=OCSSKWKM&mynp=OCSSC5L9&mynp=OCSSTS2D&mynp=OCSS9QQS&mynp=OCSSB23CE&mync=A&cm_sp=swgother-_-OCSWG60-OCSSKWKM-OCSSC5L9-OCSSTS2D-OCSS9QQS-OCSSB23CE-_-A

#IBMi
0
0
2
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.