H
CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.
An 18 year old memory corruption flaw in NGINX Plus and NGINX Open Source lets an unauthenticated attacker crash worker processes or execute remote code with crafted HTTP requests.
(depthfirst.com)
@gabrielesvelto Any solution that unlocks the encryption automatically without user having to provide "something you know" (*) is vulnerable to attacks by definition.
*) "something you have" may be good enough, for example some token or USB key. In this case you need to accept the risk of the attacker gaining access to the token, however.
Yet another #BitLocker "exploit" circulating.
This is a friendly reminder that if you set your system to just unlock with TPM alone, the system is not protected against determined attacker. BitLocker with TPM cannot protect your system unless if you configure the system to request PIN as well.
Vulnerabilities found from #curl:
#Mythos: 1
Me: 30
- https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
- https://sintonen.fi/advisories/
@christopherkunz Sure if you executed that particular exploit you definitely must restore the /etc/passwd afterwards.
Note that if you tested the exploit locally and then applied the workaround your system will retain the tampered kernel cache and will remain vulnerable even when the module is no longer in memory and cannot no longer be loaded.
You can use sudo sh -c "echo 3 > /proc/sys/vm/drop_caches" to flush the exploit from memory. Rebooting will also work, of course.
EDIT: Needless to say you should not execute random exploits in any important system. Always use a dedicated VM you can wipe after testing.
@gtsadmin They will be loaded by the kernel automatically on demand. So apply the mitigation until kernel update is available.
Apparently there's yet another #LinuxKernel Local Privilege Escalation #vulnerability. There's a mitigation that disables esp4, esp6 and rxrpc modules.
Contribute to V4bel/dirtyfrag development by creating an account on GitHub.
GitHub (github.com)
EDIT: The related vulnerabilities are now tracked as CVE-2026-43284 and CVE-2026-43500. https://nvd.nist.gov/vuln/detail/CVE-2026-43284 https://nvd.nist.gov/vuln/detail/CVE-2026-43500
@rebane2001 This reminds me of a certain provider who used to have a pre-created user on the default Linux image with a password the same as the username. The user was in sudoers. This user account wasn't documented anywhere.
So even if you changed the root password, all systems set up with that image remained trivially exploitable over ssh.
Los Alamos nuclear secrets "leaked" in LPG-21 magnetic disk memory:
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
(www.youtube.com)
I guess securely wiping storage media wasn't a thing eh?
@Netux @signalapp I of course included PoC. This is no my first ride.
I've tried to report a security vulnerability to @signalapp for months now (first attempt was 2025-11-23 to the official security-at email address). I haven't gotten any response from them, even after repeated attempts. This is highly frustrating.
Is there a way to reach them? I don't need any kind of special treatment, just someone acknowledging that the message has been received would be okay.
@zackwhittaker No amount of AI can protect one from human stupidity.
Not every security adjacent bug is an exploitable vulnerability.
#Yammer (oh sorry I meant "Viva Engage communities") will be enabled in #Teams for everyone, by default. Unless if you opt out at org level: https://mc.merill.net/message/MC1218423
Here's how you can turn this thing off: https://learn.microsoft.com/en-us/MicrosoftTeams/teams-viva-experiences#how-to-set-viva-engage-experiences-in-teams
