Lightnews — Scholar-powered news

Reposted by jstnkndy

Daniel Cuthbert @dcuthbert.bsky.social · 11d

It has been about two decades since I last needed/used one, but is there any modern KVM switch that works with Mac’s properly? Lost faith in a wide screen Picture in Picture monitor so hope the KVM world is better

2 1 1

jstnkndy @jstnkndy.bsky.social · 12d

You think someone would really do that? Use static keys in distributed products? ;)

1 2

Reposted by jstnkndy

RCE Security @rcesecurity.com · 12d

Another day, another Remote Code Execution (and its 3 friends).

Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security

www.rcesecurity.com/2025/09/when...

When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security

www.rcesecurity.com

1 3 4

jstnkndy @jstnkndy.bsky.social · 12d

Hah! Great findings :D

Reposted by jstnkndy

Corey “🎃Managed NAT Gateway👻” Quinn @quinnypig.com · 12d

I'd have jumped on this before my Echo Show started showing ads I couldn't disable. Hope the revenue was worth the customer trust.

Techmeme @techmeme.com · 12d

Amazon unveils the $220 Echo Studio, its high-end speaker for audiophiles, 8" and 11" Echo Show for $180 and $220, and the $100 Echo Dot Max, all with Alexa+ (Mark Gurman/Bloomberg)

Main Link | Techmeme Permalink

5 2 28

jstnkndy @jstnkndy.bsky.social · 12d

that's definitely a risk!

jstnkndy @jstnkndy.bsky.social · 12d

There may be a better way, but I could see Integrity being affect in that people would expect real emails from the site, but the integrity of the sender has been compromised.

2

jstnkndy @jstnkndy.bsky.social · 12d

I'm at the point where I've seen first hand production platforms running AI generated code and have found critical vulnerabilities in those platforms. We're getting to the point where the number of emojis in the code will be telling of the number of bugs.

2 4 13

Reposted by jstnkndy

DistrictCon @districtcon.bsky.social · 14d

You've got less than 12 hrs to submit to our CFP, which closes at midnight TODAY ⏰

sessionize.com/districtcon

DistrictCon Year 1: Call for Sessions

Empowering Hackers Across Industries to do Cool Shit. DistrictCon is a DC hacker con, focusing on hacking together and exchanging ideas over typical t...

sessionize.com

4 3

jstnkndy @jstnkndy.bsky.social · 15d

hoping you found one bug, then another, then another, then another.

Reposted by jstnkndy

Eli Omen @eliomen.bsky.social · 17d

"we take your privacy. seriously."

8 27

Reposted by jstnkndy

DistrictCon @districtcon.bsky.social · 19d

🪩 CFP closes soon!! 🪩
submit to sessionize.com/districtcon

DistrictCon Year 1: Call for Sessions

Empowering Hackers Across Industries to do Cool Shit. DistrictCon is a DC hacker con, focusing on hacking together and exchanging ideas over typical t...

sessionize.com

6 4

Reposted by jstnkndy

Sam Houston @samhouston.bsky.social · 24d

I need more friends in the Bay Area/ #Vallejo and I'm feeling so unsure about what to do about it

A lot of my friends and old colleagues left the Bay during the pandemic.

Making friends in your 30s/40s is so difficult, especially if you don't want to hangout at a bar all night

1 1 2

jstnkndy @jstnkndy.bsky.social · 24d

Fuck Trump, fuck Kirk, and fuck this timeline.

4

Reposted by jstnkndy

codewhitesec.bsky.social @codewhitesec.bsky.social · 27d

CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com packaged as a metal festival. Have fun 🤘 and #applyIfYouCan

5 6

jstnkndy @jstnkndy.bsky.social · 28d

v.redd.it/qaywi8e1j7pf1

❤️

From the therewasanattempt community on Reddit: To stop free lunch

Explore this post and more from the therewasanattempt community

v.redd.it

jstnkndy @jstnkndy.bsky.social · Sep 11

I appreciate the practical context in which this was presented, well done!

1 1

Reposted by jstnkndy

Thomas Stacey @t0xodile.com · Sep 11

The recording for my latest research has been released! If you prefer to listen rather than read, now is your chance.

P.S. It may be worth listening to it at a slower speed due to my tendency to talk at the speed of light...

The Single-Packet Shovel: Digging For Desync-Powered Request Tunnelling - Thomas Stacey

YouTube video by Bsides Exeter

www.youtube.com

1 5 9

jstnkndy @jstnkndy.bsky.social · Sep 11

"That’s why we built Chariot, to make continuous offensive security actionable."

And there it is. Awful.

1

jstnkndy @jstnkndy.bsky.social · Sep 11

Another great one from watchTowr:

labs.watchtowr.com/you-already-...

You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)

We’re back - it’s a day, in a month, in a year - and once again, something has happened. In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherw...

labs.watchtowr.com

1 3

jstnkndy @jstnkndy.bsky.social · Sep 5

it's too bad that @portswigger.net broke their navigation so now older links are no longer useful.

2

jstnkndy @jstnkndy.bsky.social · Sep 4

It's almost that time of year

1

jstnkndy @jstnkndy.bsky.social · Sep 3

Every time

1 5 17

Reposted by jstnkndy

Atredis Partners @atredispartners.bsky.social · Aug 28

Check out our latest blog from Matt Burch (@emptynebuli.bsky.social ) detailing new supplemental findings from his DefCon32 talk Where's the Money: Defeating ATM Disk Encryption: www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057

Where’s the Money - Supplemental Findings — Atredis Partners

While creating the content for my DefCon 32 talk, Where’s the Money: Defeating ATM Disk Encryption, I observed two additional vulnerabilities that had been overlooked in the heat of the research.…

www.atredis.com

3 2

jstnkndy @jstnkndy.bsky.social · Aug 22

this is why you should make bsky your primary ;) and congrats on the Phrack article!

1 1