The day after the CEO lays off a ton of staff and says:
“Non-technical teams are now pushing code to production with AI”
@coinbase has a major outage on their trading engine, and even their status page doesn’t work.
😂
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
https://t.co/9nqku4svkY
I've written the first article in a series on maldev with Nim.
First up, a simple shellcode loader, cross-compiled from Linux.
Next: process injection and payload encryption.
https://t.co/1Ha05gxtu9
Did you know you can still use terminal escape sequences and they got a CVE as recently as 2024?
I cover that, ANSI bombs and what not to study for the OSCP in the latest issue of Cred Relay.
https://t.co/hI2BZZYANw
CVE-2026-32746 dropped this morning. Pre-auth buffer overflow in GNU telnetd, CVSS 9.8, no patch yet.
Read DREAM Security's disclosure, pointed Claude Code at it, had a working crash PoC within the hour.
https://t.co/KuWgsbM74L
After reviewing research from Elastic blogs and insights shared by Outflank, we took a deeper dive into .msc files and successfully developed a weaponized MSC without relying on apds.dll.
#redteam
I fired up Claude Code and MCP Ghidra to reverse the kernel drivers on my gaming laptop. Found 9 vulnerabilities across 3 vendors. Here's the walkthrough and the prompt I used:
https://t.co/HPDdUMXBDB