Posts
3985Following
730Followers
1608
repeated
David Chisnall (*Now with 50% more sarcasm!*)
david_chisnall@infosec.exchange
I saw that there’s now a mobile version of Roller Coaster Tycoon (Roller Coaster Tycoon Touch) and I thought it might be fun (one of the Netflix bundled mobile games). A couple of hours of casual play in, it was clear that the game was carefully designed to make it progressively harder and harder to make progress without in-app purchases.
@EUCommission , if you want to actually make things safer online, how about making that kind of predatory practice illegal? Children are particularly vulnerable, but so are a lot of adults. No need for age verification, just an outright ban.
So sad to see a such a respected game series used for this kind of whale farming.
1
3
0
buherator
buheratorhttps://geohot.github.io//blog/jekyll/update/2026/05/03/punk-or-why-i-dont-stream.html
"What killed the hacker culture I grew up in was spectacle."
0
0
1
buherator
buheratorhttps://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202
0
1
0
buherator
buheratorhttps://starlabs.sg/blog/2026/04-three-bugs-walk-into-a-pdf-prototype-pollution-served-cold/
CVE-2026-34621, CVE-2026-34622, CVE-2026-34626
0
0
0
buherator
buheratorhttps://tantosec.com/blog/2026/04/route-to-root-in-4g-industrial-router/
0
0
3
buherator
buheratorhttps://spaceraccoon.dev/discovering-vulnerabilities-enterprise-audiovisual-hardware/
0
2
1
buherator
buheratorhttps://github.com/0xeb/libghidra
#Ghidra
0
1
3
buherator
buheratorhttps://labs.taszk.io/articles/post/tapocalypse/
1
2
3
repeated
internetarchive
internetarchive@mastodon.archive.orgNews shouldn’t disappear. 🕳️
Some publishers are blocking the Wayback Machine, putting the public record at risk. Journalists are speaking out.
Add your name. Stand for preserving the news.
0
8
0
repeated
Michal Špaček
spazef0rze@infosec.exchangeDetailed report from DigiCert (thanks!) about "a limited number of code signing certificates, few of which were then used to sign malware".
At the beginning a ZIP file with a .scr executable, and some time later 60 revoked Code Signing certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=2033170
0
4
0
repeated
tjhowse
tj@howse.socialCan web developers stop fucking with scroll bars please? No website is so beautiful that it justifies losing the ability to see how far the page scrolls down. I don't give two shits about your design vision.
11
17
0
repeated
repeated
Tim (Wadhwa-)Brown 
timb_machine@infosec.exchange
Interesting Git repos of the week:
Detection:
* https://github.com/gadievron/honeyslop - a side bar to RAPTOR, a vulndev slop detector from @gadi 🤖
* https://github.com/Nehboro/nehboro - a Chrome extension to help protect you from phishing scams
* https://github.com/trustedsec/SysmonCommunityGuide - TrustedSec dropped guides for Sysmon
* https://github.com/JPCERTCC/LogonTracer - watch out for unexpected logins with JPCERT
* https://github.com/persistent-security/month-of-bypasses - a month of detection engineering tips and tricks
* https://github.com/sjzasada/agentflash - my old uni house mate has written a tool to keep an eye on Claude
Bugs:
* https://github.com/theori-io/copy-fail-CVE-2026-31431 - copy.fail \o/
Exploitation:
* https://github.com/CyberStrikeus/CyberStrike - sloppy pen testing 🤖
* https://github.com/SnailSploit/Claude-Red - another agentic pen tester 🤖
* https://github.com/PurpleAILAB/Decepticon - rise of the bots 🤖
* https://github.com/hackerschoice/team-teso - courtesy of @thc, an archive of TESO
* https://github.com/BishopFox/cirro - @BishopFox created Cirro to map clouds 🤖
* https://github.com/thomasdullien/vulpine - @HalvarFlake dabbles in AI bug hunting and vulndev
* https://github.com/boostsecurityio/smokedmeat - smoked meat attacks CICD pipelines for hot red team action
* https://github.com/mandiant/gopacket - Mandiant ported Impacket to Go
* https://github.com/trailofbits/trailmark - @trailofbits's Trailmark graphs code 🤖
* https://github.com/sailay1996/vss-fr2system - arbitrary reads to SYSTEM \o/
* https://github.com/asset-group/Sni5Gect-5GNR-sniffing-and-exploitation - attacking 5G for sniffs and giggles
* https://github.com/ANSSI-FR/bmc-tools - ANSSI parses your RDP screenshots
* https://github.com/BSI-Bund/RdpCacheStitcher - BSI stitches them together
* https://github.com/califio/publications - @thaidn and friends do interesting things 🤖
* https://github.com/jedireza/reserved-subdomains - what subdomains are reserved?
Hardening:
* https://github.com/sektioneins/ovpncc - One of SektionEins's various config checking tools, this onefor OpenVPN
* https://github.com/HarmonicSecurity/claudit-sec - audit your Claude Desktop posture
Cryptography:
* https://github.com/nitram2342/bruteforce-crc - crunching through CRC32
Data:
* https://github.com/op7ic/SwarmMaker - my good friend opt7ic drops a new tool to build LLM skills
Nerd:
* https://github.com/moshix/BRICKS_TS - mainframe code
1
3
0
repeated
repeated
IFIN - The Independent Federated Intelligence Network
ifin@infosec.exchange313 Team, the Iraqi-aligned group claiming credit for the Ubuntu attack, are now encouraging the use of #CopyFail against Ubuntu targets while servers may not be able to reach updates.
https://discourse.ifin.network/t/ubuntu-services-under-attack/356
0
2
0
repeated
pancake 
pancake@infosec.exchange
“GCC now supports Algol 68” https://algol68genie.nl/en/blog/gcc-algol-68-genie/
0
2
0
repeated
Joxean Koret (@matalaz)
joxean@mastodon.social#BlackMetal album of the day by a friend of mine: Malevolic, Complete Integrity Corruption.
https://malevolic.bandcamp.com/album/complete-integrity-corruption
#Metal
0
1
0
buherator
buherator
0
3
5
repeated
Damien Sorresso
enhancedscurry@mastodon.socialMy first ever open source release: lib0xc, the C standard library you wish you had.
0
3
0