side channel attacks per hour

⚠️#Docker: If you are using Docker for Desktop you need to update it TODAY to v4.44.3. Critical CVE-2025-9074 #vulnerability in previous versions allows malicious containers to access host system:

👇
https://www.heise.de/en/news/Docker-Desktop-Critical-vulnerability-allows-host-access-10560707.html

Fresh Windows VM crashes the kernel debugger, great...

Anyone happens to know if there's any easy trick to bypass an Incapsula "security firewall" that thinks downloading with curl/wget is an attack to be prevented? (It's not just the user agent, I tried that.)

[RSS] OpenPrinting ippusbxd media-size-supported stack based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071

rsync: 6 CVEs https://www.openwall.com/lists/oss-security/2025/01/14/3
Two independent groups of researchers identified a total of 6 CVEs in rsync. In the most severe CVE (affects rsync 3.2.7+), an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code.

Time to upgrade #ApacheTika to 3.2.2.

XXE in XFA parsing up through version 3.2.1

https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w

[RSS] Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault

https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/

[RSS] DLL ForwardSideloading

https://www.hexacorn.com/blog/2025/08/19/dll-forwardsideloading/

[RSS] Marshal madness: A brief history of Ruby deserialization exploits

https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/

Git 2.51: Preparing for the future with SHA-256 https://www.helpnetsecurity.com/2025/08/19/git-2-51-sha-256/

Ever seen two responses to one request? That's just pipelining... or is it? I've just published "Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling" https://portswigger.net/research/how-to-distinguish-http-pipelining-from-request-smuggling

Is it me or Spotify has trouble tracking what time you are at in a track (progress bar jumps, finishes before the track does, etc.)?

I thought humanity solved this problem a few years back.

UK drops demand for backdoor into Apple encryption https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped

"Ukraine gives award to foreign vigilantes for hacks on Russia" https://www.bbc.com/news/technology-68722542

ehhh...

Don’t skip the linenoise section, a lot of great bits in there! https://haunted.computer/@phrack/115051910573337358

Today I have a more serious topic than usual, please consider reposting for reach:

My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder (myoclonus and/or spasms) to finally find a cause and, above all, an effective therapy. The symptoms are bothering our son ever since he’s born, now for more than nine years, seriously affecting his sleep. The usual processes and medical contact points have failed us unfortunately and he seems stuck in this condition.

We’re based in Berlin, Germany but really any contact with a specialist who would be willing to take on this case we’d be grateful for!

To reach use you can DM me or contact us via Email at unclear.condition@gmail.com

One of the most effective security controls you can ever invest in, is a decent work computer for your employees.

Yep, it’s a bit more cash up front to get a bit more RAM or a bit more CPU poke, but your job in IT/Security is to get people the gear they need to do their jobs without thinking ‘this would be quicker if I used….’

Because we all know what happens when your VP of Finance decides to prep the W2’s on their kids Alienware gaming desktop full of Minecraft plugins downloaded from every corner of the internet.

#infosec