banner
LightNews
mrtuxracer.bsky.social
Julien | MrTuxracer
@mrtuxracer.bsky.social
1.2K followers 84 following 58 posts
Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ IDA Pro | Mobile Hacker
Posts Media Videos Starter Packs
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · 14h
OK, Rocket Software believes that the likelihood of my unauthenticated RCE "being exploited is rare"...🤦‍♂️

docs.rocketsoftware.com/bundle/trufu...

#security
Rocket Software Documentation
docs.rocketsoftware.com
1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · 15d
Nah, it's only been a very vivid fever dream. It never happened, for sure 😬
1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · 15d
Btw, here's the write-up about the cookie forgery for your pleasure 😉

www.rcesecurity.com/2025/09/when...
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security
www.rcesecurity.com
1 1 3
Reposted by Julien | MrTuxracer
rcesecurity.com
RCE Security @rcesecurity.com · 15d
Another day, another Remote Code Execution (and its 3 friends).

Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security

www.rcesecurity.com/2025/09/when...
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security
www.rcesecurity.com
1 3 4
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Aug 30
Gosh, why the heck?!
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 29
Remember I wanted to drop more bugs (Pre-Auth RCE, Cookie Forgery etc.) in June?

Unfortunately, I had to postpone the disclosure because there are still too many vulnerable instances online and the vendor apparently needs to manually patch each one... 🤦‍♂️

#BugBounty #security
6
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 22
I‘d say it’s gonna be option one 🤪 Norway is one of the most beautiful countries on this planet 👌
1 1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 13
"We take our freedom for granted. It’s better to pay the price of convenience and take back ownership of your data."

This is it 💯

#privacy
monke.ie
Ciarán Cotter (monke) @monke.ie · Jul 11
🐵 MonkeHacks #71
Privacy, Proton and Pentesting

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...
MonkeHacks #71
Privacy, Proton and Pentesting
monke.ie
1 1
Reposted by Julien | MrTuxracer
helpnetsecurity.com
Help Net Security @helpnetsecurity.com · Jul 11
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)

📖 Read more: www.helpnetsecurity.com/2025/07/11/c...

#cybersecurity #cybersecuritynews #exploit #filesharing @censys.bsky.social @rcesecurity.com @mrtuxracer.bsky.social
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) - Help Net Security
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server.
www.helpnetsecurity.com
1 1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10
Yeah, I mean it really depends how you’re using it. Personally, Notion was more of an overpriced idea dump with project management for me. So switching it to Stackfield wasn’t that much of a change 🤷‍♂️
1 1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10
Although self-hosted Obsidian would do it too 👍
1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10
I‘m abusing my Stackfield instance for that 😏
1 1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10
In terms of that, big shout-out to @proton.me for their stance on #privacy and for their Mail/Drive/Pass products that are a perfect alternative to some of these products! Cheers guys! Appreciate your hard work!
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10
I am a huge fan of the #BuyFromEU movement! So far, I've ditched a lot of US stuff already, including Microsoft, Dropbox, 1Password, Notion, Grammarly, Amazon, Slack, and Google.

This helped a lot: european-alternatives.eu
Homepage | European Alternatives
We help you find European alternatives for digital service and products, like cloud services and SaaS products.
european-alternatives.eu
1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10
I am a huge fan of the #BuyFromEU movement! So far, I've ditched a lot of US stuff already, including Microsoft, Dropbox, 1Password, Notion, Grammarly, Amazon, Slack, and Google.

This helped a lot: european-alternatives.eu
Homepage | European Alternatives
We help you find European alternatives for digital service and products, like cloud services and SaaS products.
european-alternatives.eu
3 4 11
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 9
Good that @proton.me has this feature already 👌

proton.me/support/mail...
Managing newsletters in Proton Mail | Proton
Learn how to easily manage email subscriptions in Proton Mail’s newsletters section. Unsubscribe, organize, and declutter your inbox in just a few clicks.
proton.me
4 50
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 3
Here's an update to the blog post about CVE-2025-47812, which now includes a way to leak a user's password (CVE-2025-27889), but requires a bit of social engineering.

#security #BugBounty
rcesecurity.com
RCE Security @rcesecurity.com · Jul 3
We've just updated our latest blog post about CVE-2025-47812 to include another disclosure that went a little under the radar but could be used to leak a user's password: CVE-2025-27889.

#security #BugBounty

www.rcesecurity.com/2025/06/what...
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security
www.rcesecurity.com
6
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 30
As promised! Here's a root/SYSTEM-level RCE (aka CVE-2025-47812) affecting Wing FTP Server in versions before 7.4.4.

Enjoy 🥷

#security #BugBounty
rcesecurity.com
RCE Security @rcesecurity.com · Jun 30
During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling.

#security #BugBounty

www.rcesecurity.com/2025/06/what...
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security
www.rcesecurity.com
1 6
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 30
I'll publish 4 CVEs later today, including one unauthenticated Root/SYSTEM-level RCE.

I'm a bit nervous, TBH, because it potentially affects 15k systems on the internet. But, according to the vendor, most instances should've been updated already 😬
6
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 25
I don’t know why, but this has some very strong jonathandata vibes 😬
1 3
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 14
A missing SPF record chained with sending an email leading to critical content injection? 🤯
1 2
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 11
Yeah, I love him too!
2
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 10
Yep, he does this stuff 👍
2 2
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 6
❤️
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 6
Totally understandable 😬

It caused a long sequence of WTFs on my face when I found it.
1
mrtuxracer.bsky.social
Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 6
I have plenty of public disclosures planned for June:

2x RCE (one as root!),
Full SSRF,
Directory traversal,
Cookie forgery leading to auth bypass,
Multiple information disclosures incl. PII
Link injection leaking clear-text passwords

All pre-auth 🙃

#security #BugBounty
3 20