Liang Wenfeng
LightNews LightNews
banner
0xsojalsec.bsky.social
Liang Wenfeng
@0xsojalsec.bsky.social
31 followers 100 following 1 posts
Cyber security Re-Sachers || Malware Analyses || Information Security || Onion Monitoring || I0S || AI Re-Sacher ||
Posts Replies Media Videos
Reposted by Liang Wenfeng
securitycipher.bsky.social
Crafting Engaging Web Application Challenges for Your College CTF

https://medium.com/@shashank_d_s/crafting-engaging-web-application-challenges-for-your-college-ctf-b712e10b9ed6?source=rss------bug_bounty-5
April 14, 2025 at 6:12 PM
Reposted by Liang Wenfeng
infosec.skyfleet.blue
Hackers Mimic Google Chrome Install Page on Google Play to Deploy Android Malware
Hackers Mimic Google Chrome Install Page on Google Play to Deploy Android Malware
cybersecuritynews.com
April 14, 2025 at 7:31 AM
Reposted by Liang Wenfeng
infosec.skyfleet.blue
SSL/TLS certificate lifespans reduced to 47 days by 2029
SSL/TLS certificate lifespans reduced to 47 days by 2029
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.
www.bleepingcomputer.com
April 14, 2025 at 6:06 PM
Reposted by Liang Wenfeng
securitycipher.bsky.social
low-level p2p ping + tcp flooding leads to a remote crash in monerod

https://hackerone.com/reports/2858802
April 14, 2025 at 6:17 PM
Reposted by Liang Wenfeng
infosec.skyfleet.blue
GPT-4 Retiring: GPT-4o Takes Over in ChatGPT
GPT-4 Retiring: GPT-4o Takes Over in ChatGPT
GPT-4 retires in ChatGPT as OpenAI shifts to GPT-4o, offering enhanced multimodal capabilities. Developers retain GPT-4 API access.
securityonline.info
April 14, 2025 at 11:05 AM
Reposted by Liang Wenfeng
infosec.skyfleet.blue
Apple Adds RCS End-to-End Encryption for Sending Text Messages Using iPhone
Apple Adds RCS End-to-End Encryption for Sending Text Messages Using iPhone
cybersecuritynews.com
March 17, 2025 at 1:55 PM
Reposted by Liang Wenfeng
cybdetective.bsky.social
ClustrMaps

A service to find information about 🇺🇸US citizens by full name (addresses, phone numbers, related persons, age, etc.).

Free, but contains many advertisements. Also has some outdated data.

clustrmaps.com

#osint #socmint
March 9, 2025 at 8:11 AM
Reposted by Liang Wenfeng
georgetakei.bsky.social
It’s borderline criminal.
March 8, 2025 at 3:43 PM
Reposted by Liang Wenfeng
cybdetective.bsky.social
ClustrMaps

A service to find information about 🇺🇸US citizens by full name (addresses, phone numbers, related persons, age, etc.).

Free, but contains many advertisements. Also has some outdated data.

clustrmaps.com

#osint #socmint
March 9, 2025 at 8:10 AM
Reposted by Liang Wenfeng
infosec.skyfleet.blue
North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit
North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit
Experts from multiple blockchain security companies said Monday that the hackers were able to move all of the stolen ETH coins to new addresses — the first step taken before the funds can be laundered further.
therecord.media
March 4, 2025 at 6:32 PM
Reposted by Liang Wenfeng
webvixen.bsky.social
February 27, 2025 at 5:26 PM
Reposted by Liang Wenfeng
404media.co
AT&T hacker tried to sell stolen data to foreign government.

🔗 www.404media.co/at-t-hacker-...
AT&T sign orange background with sky Miley Cyrus "what?" meme
February 27, 2025 at 7:12 PM
Reposted by Liang Wenfeng
cve.skyfleet.blue
CVE-2025-1681 - WordPress Cardealer Theme Cross-Site Request Forgery (CSRF) and File Inclusion Vulnerability
CVE ID : CVE-2025-1681

Published : Feb. 28, 2025, 12:15 a.m. | 1 hour, 12 minutes ago

Description : The Cardealer theme for WordPress is vulnerable to unauthorize...
CVE-2025-1681 - WordPress Cardealer Theme Cross-Site Request Forgery (CSRF) and File Inclusion Vulnerability
The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access …
cvefeed.io
February 28, 2025 at 1:53 AM
Reposted by Liang Wenfeng
cve.skyfleet.blue
CVE-2025-21824 - NVIDIA Host1x Use of Uninitialized Mutex
CVE ID : CVE-2025-21824

Published : Feb. 27, 2025, 8:16 p.m. | 1 hour, 35 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

gpu: host1x: Fix a use of uninitialized mute...
CVE-2025-21824 - NVIDIA Host1x Use of Uninitialized Mutex
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of uninitialized mutex leading to below warning when CONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are enabled. [ 41.662843] ------------[ cut here ]------------ [ …
cvefeed.io
February 27, 2025 at 9:58 PM
Reposted by Liang Wenfeng
cybdetective.bsky.social
CHRONOS

#go tool to download and analyze archive org snapshots:

- search regex matches
- extract endpoints from JS fils
- calculate old favicon hashes
- extract html tags with XPath

github.com/mhmdiaa/chro...

#osint
February 27, 2025 at 10:35 PM
Reposted by Liang Wenfeng
cybersecurity.page
ACR (Automatic Content Recognition) on TVs tracks viewing habits and can compromise privacy. Disabling it can prevent data collection, protect your privacy, and stop targeted ads. Instructions for disabling ACR vary by TV brand. It's recommended to do this ASAP for security.
How to disable ACR on your TV (and why you shouldn't wait to do it)
View post on Reddit.
reddit.com
February 28, 2025 at 12:42 AM
Reposted by Liang Wenfeng
securitycipher.bsky.social
CSRF in 2025: “Solved” But Still Bypassable

https://infosecwriteups.com/csrf-in-2025-solved-but-still-bypassable-942ca382ab77?source=rss------bug_bounty-5
February 28, 2025 at 4:10 AM
Reposted by Liang Wenfeng
therealjackhopkins.bsky.social
Congratulations to Dr. Peter Hotez. I've had conversations with Hotez. Not only is he a brilliant man, but also a very kind human being.

houston.innovationmap.com/peter-hotez-...
Houston Nobel Prize nominee earns latest award for public health research
Hotez and his team were selected to receive $500,000 from Lyda Hill Philanthropies to help fund The Texas Virosphere Project.
houston.innovationmap.com
February 26, 2025 at 11:55 PM
Reposted by Liang Wenfeng
ceej.online
meme format: STOP DOING RICH TEXT - WORDS DON'T NEED TO BE DIFFERENT SHAPES - YEARS OF (microsoft word text format bar) YET NO REAL-WORLD USE FOUND FOR STRIKETHROUGH - Wanted to emphasize language We had a tool for that: It was called "write better" - "Yes please give me words I can click" - Statements dreamed up by the utterly Deranged LOOK at what Microsoft have been demanding your Respect for all this time, with all the Markdown& .txt we built for them (This is REAL formatting done by REAL writers RTF file icon: ?????? In-line rich text formatting pop up: ??????? Microsoft Word "Style" designer: ?????????? "Hello I would like WIGGLY LETTERS" They have played us for absolute fools
February 27, 2025 at 5:19 PM
Reposted by Liang Wenfeng
cyberciti.biz
them: write a sad story using only 4 words

me: sudo rm -rf /*
February 28, 2025 at 12:41 AM
Reposted by Liang Wenfeng
infosec.skyfleet.blue
[CVE-2024-3220] CPython: Default mimetype known files writeable on Windows
oss-sec: [CVE-2024-3220] CPython: Default mimetype known files writeable on Windows
Posted by Alan Coopersmith on Feb 14 -------- Forwarded Message -------- Subject: [Security-announce][CVE-2024-3220] Default mimetype known files writeable on Windows Date: Fri, 14 Feb 2025 10:16:45 -0600 From: Seth Larson <seth () python org> Reply-To: security-sig () python org To: security-announce () python org There is a LOW severity vulnerability affecting CPython. There is a defect in the CPython standard library module “mimetypes” where on...
seclists.org
February 14, 2025 at 5:09 PM
Reposted by Liang Wenfeng
novicsara.bsky.social
Pressure works--South Carolina AG is slowly backing away from the lawsuit. Keep calling!
archive.ph/YtXrq
archive.ph
February 14, 2025 at 12:43 PM
Reposted by Liang Wenfeng
akrherz.bsky.social
@shawnmilrad.bsky.social Sir, I am concerned what will happen when DOGE finds NAWIPS/GEMPAK.

~/projects/gempak (main) $ git grep -Pil '(equality|diversity|bias)' | wc -l
185

Please advise.
February 14, 2025 at 6:04 PM
Reposted by Liang Wenfeng
selenalarson.bsky.social
Happy Valentine's Day to all my cyber friends
Pink heart on a white background: Is your name Lumma? because you've stolen my heart White text on a pink background surrounded by pink hearts: If your love were an obfuscated batch script, I’d decompile it just to understand you better. pink heart on white background with white text: You must be an APT Because you've established persistence in my heart white text on pink background surrounded by hearts: lets get osi model layer 1
February 14, 2025 at 2:45 PM
Reposted by Liang Wenfeng
cyberciti.biz
How do I list all USB devices in Linux?
www.cyberciti.biz/faq/linux-ho...
How do I list all USB devices in Linux?
Explains how to use the lsusb command in Linux to list and display all connected USB devices using the CLI and GUI tools.
www.cyberciti.biz
February 13, 2025 at 9:38 PM