Average nmap enjoyer, destroyer of IoT worlds and embedded universes.
Chief #Passkey Advocate
"Experte für Nischenthemen" - unnamed
"Intel Gott" - @brahms
"ernährt […]
🌉 bridged from ⁂ https://infosec.exchange/@jrt, follow @ap.brid.gy to interact
JRT
Wort des Tages:
Krypto-Hütchenspieler
Nightmare Eclipse has posted another purported bitlocker bypass: GreatXML
This exploit claims to be able to bypass bitlocker on systems that have executed Microsoft Defender Offline at some point in the past. This is done by replacing […]
[Original post on infosec.exchange]
This is next level infosec shitposing:
"It is the FreeBSD analogue of Linux's Dirty Pipe, CopyFail, Fragnesia, and Dirty Frag — except we gave it a BETTER name, with a BETTER logo, on a BETTER website. The other bug websites? Disasters. Sad. Many people have told us this."
https://bumsrake.de/ […]
The second drive failed in my 9 year old raidz2. I hate the new hardware prices.
#fuckai
Information Security Officer: Good luck!
Me: I have nothing to loose. It's not my certificate.
Lead auditor: 🤣🤣🤣
The Nothing CEO said: "Memory is now the most expensive component in a smartphone. It's more expensive than the processor, more expensive than the display, and can account for more than 50% of the total hardware bill.
For Phone (4a), memory costs doubled between when we decided to build the […]
LMAO.
Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/
MANY ORPHANED AUR PACKAGES ARE BEING TARGETED WITH AN INFOSTEALER. official statement (fediverse discussion)
collection of detection scripts
the Arch User Repository package `alvr` has been orphaned, then adopted by a threat actor who immediately updated it with an […]
[Original post on did]
I found the one greyhatwarfare secure S3 bucket in the wild.
The #curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026. We call it the curl summer of bliss.
https://daniel.haxx.se/blog/2026/06/15/curl-summer-of-bliss/
**The curl project will not accept or otherwise handle any vulnerability reports during the month of July 2026**. We call it the _curl summer of bliss_.
curl’s submission form on Hackerone will be paused starting July 1, 2026.
Summer of bliss starts: **July 1, 2026**. 00:00 CEST
Submissions resume: **August 3 2026**. 09:00 CEST
The security email address will also be a dead end, as we will not process or otherwise care about security or vulnerability reports sent to us that way either.
Whatever issue you find that you feel a need to report to the curl project during this month has to wait. curl’s Hackerone form opens for submissions again on Monday August 3.
We do not accept vulnerability reports over email in general, and this fact remains during and after our vacation.
## Vacation for real
The curl maintainers will use this time of less pressure to take in some extra air and to enjoy the summer. Maybe stroll outside a bit more. Breath. Some of us may spend some of this time to see other places.
We may get some extra time to spend on fixing bugs or working on new code. Fun stuff!
## Side-effects
As a direct side-effect of this summer of bliss, to allow us some more time to handle the issues that might have piled up for us in early August, **we also push the release date** of 8.22.0 two weeks into the future. Now scheduled to happen on September 2, 2026.
## Vulnerability rate
As previously mentioned, we have been under a huge pressure for the last four months or so. Now we need some rest. We do not expect this deluge to be over.
## GitHub
curl’s issue and pull-request trackers on GitHub remain open and active like normal.
## You too?
If you and your Open Source projects also want to participate in the summer of bliss 2026: just do it and let us know! I would of course encourage you to do so. To take care of yourself as a top priority.
## The bad guys won’t rest
Probably not. But we will.
## But what if there is an emergency
Then we get to read about it in August. Or you get a support contract and we get to read about it earlier.
## Contracts excluded
Everyone with a paid support contracts will of course still get full and appropriate service even during this period.
Daniel, in a relaxed state.
## Credits
The ice cream image was made by fotografierende from Pixabay
