buherator
banner
buherator.bsky.social
buherator
@buherator.bsky.social
"I'm interested in all kinds of astronomy."

https://scrapco.de

Mostly cross-posting from Fediverse: @buherator@infosec.place
[RSS] Windows Internals: Check Your Privilege - The Curious Case of ETW's SecurityTrace Flag


connormcgarr.github.io ->


Original->
January 21, 2026 at 1:26 PM
[RSS] X41 Audited Mullvad VPN AB API


x41-dsec.de ->


Original->
January 21, 2026 at 1:26 PM
[reddit] Possible new SSO Exploit (CVE-2025-59718) on 7.4.9?


www.reddit.com ->

/via @Hetti

#Fortinet


Original->
January 21, 2026 at 12:11 PM
I feel I have this instinct to feed programs data that they won't be able to handle.

Unfortunately this is mostly true for tools I'd like to use, not targets I review.


Original->
January 21, 2026 at 11:11 AM
Humble request for vibe-coders: report your runtime errors!

LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.

Slightly related illustration:


Original->
January 21, 2026 at 9:36 AM
I positively surprised that AWS apparently built a separate IAM for their European Sovereign Cloud:


aws.amazon.com ->

I can't tell if this whole thing will be good enough, but some key issues seem to be addressed here.


Original->
January 21, 2026 at 8:31 AM
In the shitty state of tech today: Soundcloud!

I want to filter for DJ mixes (long tracks) on the web:

- The mobile app groups sets to a tab when searching, but the web version does not.
- The web version allows you to filter search based on duration, but the official help page
1/2
January 21, 2026 at 8:00 AM
[RSS] What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key?


devblogs.microsoft.com ->


Original->
January 20, 2026 at 10:50 AM
TIL this was the moment when web search turned shit:


blog.google ->

OK, that's a bit of an exaggregation but there are so many use-cases when Page Rank Just Works(tm), I can't wrap my head around why engines wouldn't keep it as an optional search mode.


Original->
January 20, 2026 at 8:15 AM
[RSS] Iranian state TV feed reportedly hijacked to air anti-regime messages


therecord.media ->


Original->
January 19, 2026 at 3:46 PM
[RSS] Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability


talosintelligence.com ->


Original->
January 19, 2026 at 3:41 PM
[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service


swarm.ptsecurity.com ->


Original->
January 19, 2026 at 3:36 PM
[RSS] The Computational Web and the Old AI Switcharoo


fromjason.xyz ->

"shoehorning AI features into our apps isn%27t just tech bros following their tail. It%27s setting the expectation that all consumer technology requires AI."


Original->
January 19, 2026 at 8:00 AM
If you host your own e-mail domain could you please test if Internet Archive sign up verification/pw reminder e-mails arrive to you?


Original->
January 18, 2026 at 1:42 PM
[RSS] Quantum computing for lawyers


bfswa.substack.com ->


Original->
January 18, 2026 at 1:31 PM
[RSS] Random BSODs on ASRock Z170 Extreme4: Fixed by Disabling CPU C-States


medium.com ->


Original->
January 17, 2026 at 1:17 PM
[RSS] Introducing rzweb: A Web-Based Binary Analyzer Using Rizin and WebAssembly - Open-Source and Browser-Only


github.com ->


Original->
January 17, 2026 at 7:21 AM
Really, no one?


Original->
January 17, 2026 at 6:51 AM
[RSS] wtf is NS_ERROR_INVALID_CONTENT_ENCODING? investigating shared dictionaries and ChatGPT breakage in Firefox


joshua.hu ->


Original->
January 16, 2026 at 6:44 PM
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)


www.openwall.com ->

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)


www.openwall.com ->


Original->
January 16, 2026 at 4:24 PM
Part of the reason of every service turning shit is that some technical writers assume that shit can only ever run on k8s...


worstofbreed.net ->

#documentation


Original->
January 16, 2026 at 1:18 PM
I just got the weirdest e-mail:

It's a lab result for someone else. It has a PDF attachment, but I can see noting malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist.

I'd say this must be a typo, but my
1/3
January 16, 2026 at 8:01 AM
A 0-click exploit chain for the Pixel 9 /by @natashenka

Part 1.:

projectzero.google ->

Part 2.:

projectzero.google ->

Part 3.:

projectzero.google ->


Original->
January 15, 2026 at 6:49 PM
"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."
1/2
January 15, 2026 at 5:23 PM
[RSS] CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center


cymulate.com ->


Original->
January 15, 2026 at 4:33 PM