#xterm allows for #code #execution via the #font ? https://www.openwall.com/lists/oss-secur.. It does #require #vim and #zsh to #exploit , but these are #popular #combinations these days! #debian actually #detected this all the way back in 2008! https://bugs.debian.org/cgi-bin/bugrepor..
Apparently the #uk #government is #scanning #servers in the #uk for #vulnerabilities https://www.ncsc.gov.uk/information/ncsc.. Whilst I like the idea of this, I am slightly #concerned they simply don't #report them and instead #exploit them.
Pretty fun #exploit written in 10 days to go from #microsoft #word to #ring 0 ( #root / #admin ) - very impressive: https://disrel.com/posts/Ring0VBA-Gettin..
A *really* bad #linux #kernel #wifi #exploit #patch inbound, it has 5 #cve 's against it: https://lwn.net/Articles/911062/ No idea what it is, but it must be pretty bad for us to be getting pre- #warnings about it like this.
Ouch, the #spring #framework in #java 9 has an #rce #zeroday #exploit https://www.praetorian.com/blog/spring-c.. This is for sure the problem with using such massive and difficult to #test #codebase #projects ...
Any incredibly #complex and #intricate #stack -based #integer #overflow #exploit for the #linux #kernel https://lwn.net/ml/oss-security/1b176761.. These people are nothing short of #genius - I honestly would not know where to begin with this.
New #java log4j #bug #exploit for #infinite #recursion https://issues.apache.org/jira/browse/LO.. Madness. Thank goodness I wrote my own #logging #utility ...
@barray on Sat Dec 11 15:55:38 UTC 2021 said: &eI wrote a #coffeespace #article about the serious #java #log #bug #rce log4j the other day: https://coffeespace.org.uk/projects/log4.. I've seen people try to actively #exploit my #server ! There are some great #memes that have appeared as a result of this very real #security #issue https://log4jmemes.com/ Have a look through and give yourself a laugh!Ouch, the #serious #java #log #bug #rce in log4j is being actively #exploited - perhaps as early as March: https://www.rapid7.com/blog/post/2021/12.. Many #servers are being actively #attacked and #hacked right now. All from using a #logging #library !
A pretty bad #exploit for #vector #graphics #conversion #library #ghostscript - ouch! https://therecord.media/ghostscript-zero.. #remotecode #execution is quite a serious #bug ...
Ouch, a #razor #mouse essential provides a #backdoor into your #windows machine giving #system #privileges through a simple #rightclick #exploit https://www.bleepingcomputer.com/news/se.. What a time to be alive!
Well damn, a pretty smart #exploit for #kindle #touch devices just by opening up a #ebook https://research.checkpoint.com/2021/i-c.. For all you know, books have contained this on the #amazon #store for quite some time... Writing #secure #software is insanely tough!
There is speculation on the tech community over on #hackernews that #apple is #patching the #pegasus #zeroday #exploit #bug currently being actively used against #journalists and #politicians https://news.ycombinator.com/item?id=279.. Whatever the exploit is that they are patching, they have so far released *zero information* about it, not even a #cve number! It's quite seriously and actively being rolled out to all #ios devices in the wild.
This #video is absolutely wild: https://www.youtube.com/watch?v=elqAh3GW.. A #minecraft #hack #exploit using #bayesianinference , #probabilitytheory , #searchalgorithms - you name it. There are some seriously smart dudes playing that game! Colour me impressed!