buherator
@buherator.bsky.social
"I'm interested in all kinds of astronomy."
https://scrapco.de
Mostly cross-posting from Fediverse: @buherator@infosec.place
https://scrapco.de
Mostly cross-posting from Fediverse: @buherator@infosec.place
[RSS] Windows Internals: Check Your Privilege - The Curious Case of ETW's SecurityTrace Flag
connormcgarr.github.io ->
Original->
connormcgarr.github.io ->
Original->
January 21, 2026 at 1:26 PM
[RSS] Windows Internals: Check Your Privilege - The Curious Case of ETW's SecurityTrace Flag
connormcgarr.github.io ->
Original->
connormcgarr.github.io ->
Original->
January 21, 2026 at 1:26 PM
[reddit] Possible new SSO Exploit (CVE-2025-59718) on 7.4.9?
www.reddit.com ->
/via @Hetti
#Fortinet
Original->
www.reddit.com ->
/via @Hetti
#Fortinet
Original->
January 21, 2026 at 12:11 PM
[reddit] Possible new SSO Exploit (CVE-2025-59718) on 7.4.9?
www.reddit.com ->
/via @Hetti
#Fortinet
Original->
www.reddit.com ->
/via @Hetti
#Fortinet
Original->
I feel I have this instinct to feed programs data that they won't be able to handle.
Unfortunately this is mostly true for tools I'd like to use, not targets I review.
Original->
Unfortunately this is mostly true for tools I'd like to use, not targets I review.
Original->
January 21, 2026 at 11:11 AM
I feel I have this instinct to feed programs data that they won't be able to handle.
Unfortunately this is mostly true for tools I'd like to use, not targets I review.
Original->
Unfortunately this is mostly true for tools I'd like to use, not targets I review.
Original->
Humble request for vibe-coders: report your runtime errors!
LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.
Slightly related illustration:
Original->
LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.
Slightly related illustration:
Original->
January 21, 2026 at 9:36 AM
Humble request for vibe-coders: report your runtime errors!
LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.
Slightly related illustration:
Original->
LLM tends to insert Pokémon exception handlers everywhere, making problems (of which vide-code has a *lot*) hard to even notice.
Slightly related illustration:
Original->
I positively surprised that AWS apparently built a separate IAM for their European Sovereign Cloud:
aws.amazon.com ->
I can't tell if this whole thing will be good enough, but some key issues seem to be addressed here.
Original->
aws.amazon.com ->
I can't tell if this whole thing will be good enough, but some key issues seem to be addressed here.
Original->
January 21, 2026 at 8:31 AM
I positively surprised that AWS apparently built a separate IAM for their European Sovereign Cloud:
aws.amazon.com ->
I can't tell if this whole thing will be good enough, but some key issues seem to be addressed here.
Original->
aws.amazon.com ->
I can't tell if this whole thing will be good enough, but some key issues seem to be addressed here.
Original->
In the shitty state of tech today: Soundcloud!
I want to filter for DJ mixes (long tracks) on the web:
- The mobile app groups sets to a tab when searching, but the web version does not.
- The web version allows you to filter search based on duration, but the official help page
1/2
I want to filter for DJ mixes (long tracks) on the web:
- The mobile app groups sets to a tab when searching, but the web version does not.
- The web version allows you to filter search based on duration, but the official help page
1/2
January 21, 2026 at 8:00 AM
In the shitty state of tech today: Soundcloud!
I want to filter for DJ mixes (long tracks) on the web:
- The mobile app groups sets to a tab when searching, but the web version does not.
- The web version allows you to filter search based on duration, but the official help page
1/2
I want to filter for DJ mixes (long tracks) on the web:
- The mobile app groups sets to a tab when searching, but the web version does not.
- The web version allows you to filter search based on duration, but the official help page
1/2
[RSS] What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key?
devblogs.microsoft.com ->
Original->
devblogs.microsoft.com ->
Original->
January 20, 2026 at 10:50 AM
[RSS] What was the secret sauce that allows for a faster restart of Windows 95 if you hold the shift key?
devblogs.microsoft.com ->
Original->
devblogs.microsoft.com ->
Original->
TIL this was the moment when web search turned shit:
blog.google ->
OK, that's a bit of an exaggregation but there are so many use-cases when Page Rank Just Works(tm), I can't wrap my head around why engines wouldn't keep it as an optional search mode.
Original->
blog.google ->
OK, that's a bit of an exaggregation but there are so many use-cases when Page Rank Just Works(tm), I can't wrap my head around why engines wouldn't keep it as an optional search mode.
Original->
January 20, 2026 at 8:15 AM
TIL this was the moment when web search turned shit:
blog.google ->
OK, that's a bit of an exaggregation but there are so many use-cases when Page Rank Just Works(tm), I can't wrap my head around why engines wouldn't keep it as an optional search mode.
Original->
blog.google ->
OK, that's a bit of an exaggregation but there are so many use-cases when Page Rank Just Works(tm), I can't wrap my head around why engines wouldn't keep it as an optional search mode.
Original->
[RSS] Iranian state TV feed reportedly hijacked to air anti-regime messages
therecord.media ->
Original->
therecord.media ->
Original->
January 19, 2026 at 3:46 PM
[RSS] Iranian state TV feed reportedly hijacked to air anti-regime messages
therecord.media ->
Original->
therecord.media ->
Original->
[RSS] Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability
talosintelligence.com ->
Original->
talosintelligence.com ->
Original->
January 19, 2026 at 3:41 PM
[RSS] Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability
talosintelligence.com ->
Original->
talosintelligence.com ->
Original->
[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service
swarm.ptsecurity.com ->
Original->
swarm.ptsecurity.com ->
Original->
January 19, 2026 at 3:36 PM
[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service
swarm.ptsecurity.com ->
Original->
swarm.ptsecurity.com ->
Original->
[RSS] The Computational Web and the Old AI Switcharoo
fromjason.xyz ->
"shoehorning AI features into our apps isn%27t just tech bros following their tail. It%27s setting the expectation that all consumer technology requires AI."
Original->
fromjason.xyz ->
"shoehorning AI features into our apps isn%27t just tech bros following their tail. It%27s setting the expectation that all consumer technology requires AI."
Original->
January 19, 2026 at 8:00 AM
[RSS] The Computational Web and the Old AI Switcharoo
fromjason.xyz ->
"shoehorning AI features into our apps isn%27t just tech bros following their tail. It%27s setting the expectation that all consumer technology requires AI."
Original->
fromjason.xyz ->
"shoehorning AI features into our apps isn%27t just tech bros following their tail. It%27s setting the expectation that all consumer technology requires AI."
Original->
If you host your own e-mail domain could you please test if Internet Archive sign up verification/pw reminder e-mails arrive to you?
Original->
Original->
January 18, 2026 at 1:42 PM
If you host your own e-mail domain could you please test if Internet Archive sign up verification/pw reminder e-mails arrive to you?
Original->
Original->
January 18, 2026 at 1:31 PM
[RSS] Random BSODs on ASRock Z170 Extreme4: Fixed by Disabling CPU C-States
medium.com ->
Original->
medium.com ->
Original->
January 17, 2026 at 1:17 PM
[RSS] Random BSODs on ASRock Z170 Extreme4: Fixed by Disabling CPU C-States
medium.com ->
Original->
medium.com ->
Original->
[RSS] Introducing rzweb: A Web-Based Binary Analyzer Using Rizin and WebAssembly - Open-Source and Browser-Only
github.com ->
Original->
github.com ->
Original->
January 17, 2026 at 7:21 AM
[RSS] Introducing rzweb: A Web-Based Binary Analyzer Using Rizin and WebAssembly - Open-Source and Browser-Only
github.com ->
Original->
github.com ->
Original->
[RSS] wtf is NS_ERROR_INVALID_CONTENT_ENCODING? investigating shared dictionaries and ChatGPT breakage in Firefox
joshua.hu ->
Original->
joshua.hu ->
Original->
January 16, 2026 at 6:44 PM
[RSS] wtf is NS_ERROR_INVALID_CONTENT_ENCODING? investigating shared dictionaries and ChatGPT breakage in Firefox
joshua.hu ->
Original->
joshua.hu ->
Original->
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)
www.openwall.com ->
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
www.openwall.com ->
Original->
www.openwall.com ->
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
www.openwall.com ->
Original->
January 16, 2026 at 4:24 PM
GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)
www.openwall.com ->
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
www.openwall.com ->
Original->
www.openwall.com ->
GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)
www.openwall.com ->
Original->
Part of the reason of every service turning shit is that some technical writers assume that shit can only ever run on k8s...
worstofbreed.net ->
#documentation
Original->
worstofbreed.net ->
#documentation
Original->
January 16, 2026 at 1:18 PM
Part of the reason of every service turning shit is that some technical writers assume that shit can only ever run on k8s...
worstofbreed.net ->
#documentation
Original->
worstofbreed.net ->
#documentation
Original->
I just got the weirdest e-mail:
It's a lab result for someone else. It has a PDF attachment, but I can see noting malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist.
I'd say this must be a typo, but my
1/3
It's a lab result for someone else. It has a PDF attachment, but I can see noting malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist.
I'd say this must be a typo, but my
1/3
January 16, 2026 at 8:01 AM
I just got the weirdest e-mail:
It's a lab result for someone else. It has a PDF attachment, but I can see noting malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist.
I'd say this must be a typo, but my
1/3
It's a lab result for someone else. It has a PDF attachment, but I can see noting malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist.
I'd say this must be a typo, but my
1/3
A 0-click exploit chain for the Pixel 9 /by @natashenka
Part 1.:
projectzero.google ->
Part 2.:
projectzero.google ->
Part 3.:
projectzero.google ->
Original->
Part 1.:
projectzero.google ->
Part 2.:
projectzero.google ->
Part 3.:
projectzero.google ->
Original->
January 15, 2026 at 6:49 PM
A 0-click exploit chain for the Pixel 9 /by @natashenka
Part 1.:
projectzero.google ->
Part 2.:
projectzero.google ->
Part 3.:
projectzero.google ->
Original->
Part 1.:
projectzero.google ->
Part 2.:
projectzero.google ->
Part 3.:
projectzero.google ->
Original->
"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."
1/2
1/2
January 15, 2026 at 5:23 PM
"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."
1/2
1/2
[RSS] CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
cymulate.com ->
Original->
cymulate.com ->
Original->
January 15, 2026 at 4:33 PM
[RSS] CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
cymulate.com ->
Original->
cymulate.com ->
Original->