Posts
4263
Following
738
Followers
1632
"I'm interested in all kinds of astronomy."
repeated

OH: "You're in his DMs. I'm in his VMs. We're not the same."

1
7
0
repeated
I almost got brain aneurysm thinking that the query syntax of tree-sitter and ast-grep differ.

Fortunately that's not the case, but - contrary to Internet wisdom - query syntax is not compatible between languages (parsers).

Also, ast-grep's Playground is insanely useful:

https://ast-grep.github.io/playground.html
1
1
1
[RSS] One-Click Memory Corruption in Alibaba's UC Browser: Exploiting patch-gap V8 vulnerabilities to steal your data

https://www.interruptlabs.co.uk/articles/one-click-memory-corruption-in-alibabas-uc-browser-exploiting-patch-gap-v8-vulnerabilities-to-steal-your-data
0
1
0
repeated

‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.

Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.

0
1
0
repeated
RCE in "json" mode of JsonPlusSerializer · Advisory · langchain-ai/langgraph · GitHub
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5
1
0
0
repeated
Edited 8 months ago
Kaitai Struct: A Tool For Dealing With Binary Formats - Petr Pucil & Mikhail Yakshin

https://www.youtube.com/watch?v=SC2zIli8MNA

#hacklu2025
0
0
0
repeated

"An eBPF Loophole: Using XDP for Egress Traffic" https://loopholelabs.io/blog/xdp-for-egress-traffic

0
2
0
repeated

Someone asked me to hand-translate a publicly posted Chinese technical report about NSA shenanigans on the Chinese Center for Time-Keeping network. It took me a while, because it turns out translating technical corporatese from your third language is very hard when chronically sleep deprived, but it is done.

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

3
7
1
[RSS] Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed

https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/
0
0
0
Python packages are age-shaming my OS :(
1
0
0
repeated
repeated

This is possibly my favourite bug in Firefox right now. Unfortunately it looks like it is about to be fixed.

https://bugzilla.mozilla.org/show_bug.cgi?id=1802115

1
4
0
repeated

🚨 New advisory was just published! 🚨

A vulnerability in the Windows Cloud File API allows attackers to bypass a previous patch and regain arbitrary file write, which can be used to achieve local privilege escalation.

This vulnerability was disclosed during our TyphoonPWN 2025 Windows Category and won first place: https://ssd-disclosure.com/cloud-filter-arbitrary-file-creation-eop-patch-bypass-lpe/

Registration for TyphoonPWN 2026 is already open: https://typhooncon.com/typhoonpwn-2026/

0
2
0
repeated
Edited 8 months ago

Does anyone know how we can pull a malicious domain which, genially, is usable for multiple ?

private-eu[.]com - LIVE domain -

is being used to generate URLS such as "bankname[.]private-eu[.]com" so that they fly below the radar of the "new domain" watches.

Boost for visibility is appreciated.

1
2
0
repeated

I started using @kagihq as my search engine

The biggest surprise has been how jarring seeing a search page that isn't full of shit

I didn't realize my brain has come to expect a page of garbage when I search for things, and it doesn't know what to do now

2
3
0
Show older