Reposted
I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained […]
[Original post on mastodon.social]
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained […]
[Original post on mastodon.social]
February 10, 2026 at 8:39 PM
I can't remember if I cried
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained […]
[Original post on mastodon.social]
When my `-f root` hit an ACL line
But something touched me deep inside…
The day the telnet died
On January 14, 2026, global telnet traffic observed by the GreyNoise Global Observation Grid fell off a cliff. A 59% sustained […]
[Original post on mastodon.social]
Reposted
Wym Wikipedia is 36 MB owo
February 7, 2026 at 9:46 AM
Wym Wikipedia is 36 MB owo
Reposted
so many are under the false impression that the 36mb of json data xikipedia loads is js or wasm 😭
the site is like 56kB uncompressed unminified, 13kB gzipped, the big json u download is the entirety of wikipedia as data so u can use the site fully offline
the site is like 56kB uncompressed unminified, 13kB gzipped, the big json u download is the entirety of wikipedia as data so u can use the site fully offline
February 7, 2026 at 9:29 AM
so many are under the false impression that the 36mb of json data xikipedia loads is js or wasm 😭
the site is like 56kB uncompressed unminified, 13kB gzipped, the big json u download is the entirety of wikipedia as data so u can use the site fully offline
the site is like 56kB uncompressed unminified, 13kB gzipped, the big json u download is the entirety of wikipedia as data so u can use the site fully offline
Come say hi!
Love breaking things just to see how they work? 🐛🔨
A @shielder.com delegation is on the ground at @fosdem.org, and we're looking for fellow hackers and security researchers.
If you are passionate about securing the Open Source world, we definitely need to talk!
A @shielder.com delegation is on the ground at @fosdem.org, and we're looking for fellow hackers and security researchers.
If you are passionate about securing the Open Source world, we definitely need to talk!
January 31, 2026 at 9:36 AM
Come say hi!
Reposted
Crazy work by my colleague Fabian. High impact target: one might be amazed at how widespread this product is in industrial networks.
You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...
CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive
NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...
code-white.com
January 23, 2026 at 12:33 PM
Crazy work by my colleague Fabian. High impact target: one might be amazed at how widespread this product is in industrial networks.
Reposted
Quick lunch time side quest building a simple lab to play with the inetutils-telnetd authentication bypass as disclosed on oss-sec ₁.
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
January 21, 2026 at 11:06 AM
Quick lunch time side quest building a simple lab to play with the inetutils-telnetd authentication bypass as disclosed on oss-sec ₁.
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
github.com/leonjza/inet...
₁ seclists.org/oss-sec/2026...
if you can read + play both hands at the same time in *only* 5 days is super good!
i recently started, and everytime i come across a new piece it's like feeling my brain exploding
keep it up!
i recently started, and everytime i come across a new piece it's like feeling my brain exploding
keep it up!
January 20, 2026 at 4:55 PM
if you can read + play both hands at the same time in *only* 5 days is super good!
i recently started, and everytime i come across a new piece it's like feeling my brain exploding
keep it up!
i recently started, and everytime i come across a new piece it's like feeling my brain exploding
keep it up!
Stunning pic!
January 8, 2026 at 10:25 PM
Stunning pic!
Reposted
Reposted
Don’t look down.
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
December 22, 2025 at 3:39 PM
Don’t look down.
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
Reposted
While cleaning a storage room, our staff found this tape containing #unix v4 from Bell Labs, circa 1973
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
November 6, 2025 at 8:50 PM
While cleaning a storage room, our staff found this tape containing #unix v4 from Bell Labs, circa 1973
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
Reposted
A story I found about Haiti:
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
December 18, 2025 at 2:43 AM
A story I found about Haiti:
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
Reposted
Feels like CVE-2025-64512 is underrated. It can literally be used to run arbitrary code in markitdown (84k ⭐️ on GitHub) and other projects, ingesting a crafted file.
github.com/luigigubello...
github.com/luigigubello...
December 12, 2025 at 9:21 AM
Feels like CVE-2025-64512 is underrated. It can literally be used to run arbitrary code in markitdown (84k ⭐️ on GitHub) and other projects, ingesting a crafted file.
github.com/luigigubello...
github.com/luigigubello...
Reposted
{\__/}
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
GitHub - luigigubello/logseq-unpatched-vulnerabilities: Two undisclosed and unpatched vulnerabilities (no CVEs) in the Clojure project Logseq.
Two undisclosed and unpatched vulnerabilities (no CVEs) in the Clojure project Logseq. - luigigubello/logseq-unpatched-vulnerabilities
github.com
December 5, 2025 at 4:48 PM
{\__/}
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
Reposted
my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 4, 2025 at 2:03 PM
my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
cool folks doing cool stuff - do not miss out!
@shielder.com security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry.
RSVP here: luma.com/ir16fuig
RSVP here: luma.com/ir16fuig
Security Audit of OpenEXR · Luma
Description
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
luma.com
November 24, 2025 at 3:59 PM
cool folks doing cool stuff - do not miss out!
Come sempre, articolo super interessante!
November 18, 2025 at 7:45 PM
Come sempre, articolo super interessante!
Reposted
this would be a perfect photo of the sun, if only some guy hadn't gotten in the way 🔭
November 14, 2025 at 9:07 PM
this would be a perfect photo of the sun, if only some guy hadn't gotten in the way 🔭
Reposted
Tanto per esserne chiari: l'attuale traiettoria, considerando le politiche di mitigazione annunciate e messe in atto, ci porterà verso un sontuoso +2.7 °C nel 2100.
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
November 12, 2025 at 10:31 AM
Tanto per esserne chiari: l'attuale traiettoria, considerando le politiche di mitigazione annunciate e messe in atto, ci porterà verso un sontuoso +2.7 °C nel 2100.
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
Reposted
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
github.com
November 10, 2025 at 9:39 AM
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
Reposted
Reposted
Attending #theSAS25? Meet @paupu.bsky.social for his PAM pwnage talk!
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
Ready for #theSAScon25 in Khao Lak 🇹🇭 🌴 Ping me if u wanna say hi!
October 26, 2025 at 3:56 PM
Attending #theSAS25? Meet @paupu.bsky.social for his PAM pwnage talk!
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
Reposted
all the anxiety human evolution developed to help me spot bears now kicks in when i have to answer emails
October 19, 2025 at 3:42 AM
all the anxiety human evolution developed to help me spot bears now kicks in when i have to answer emails