Local folks:
25.01.2026 13:28
π 19
π 2
π¬ 1
π 0
Local folks:
VulnCheck is #hiring (senior) exploit developers in the U.S. and UK! If you love writing RCE exploits but also want to help customers detect exploitation and assess exposure, this is a fantastic place to learn and grow! Open roles here - we're also looking for UK engineers: www.vulncheck.com/careers
But keep reading
βSilently patching vulnerabilities is an established bad practice that enables attackers and harms defenders." @catc0n.bsky.social
decipher.sc/2025/11/17/f...
C R Y I N G this is so perfect lmao
x: www.instagram.com/reel/DQ7cPSf...
If AI is going to economically and environmentally doom us all anyway, could it at least make iOS keyboards less godawful?
Posted by Block Club Chicago: "Cycling x Solidarity's latest mutual aid effort takes cyclists on group rides through Pilsen and other neighborhoods to buy out tamale vendors so they can stay home as ICE swarm the city. They pass out to food to people in need."
Forgive me, Chicago, I was not aware of your game
"Plan to skip No. 1 piece of advice" is a wild way to say "cannot afford to wait until the recommended age because of the high cost of basic expenses throughout their lives" www.cbsnews.com/news/social-...
*Charlotte and Emily BrontΓ«:* "He has no clue which one of us is which."
More governors need to stand up like this.
I'm no fan of Newsom generally, but he's at least not rolling over for the administration. California is better off for it.
I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.
It seems like thereβs still a piece of the story missing re: the private key.
Pretty unfortunate update on Fortra GoAnywhere MFT CVE-2025-10035 from the folks at watchTowr labs.watchtowr.com/it-is-bad-ex...
Federal agencies have about 24 hours to patch two critical bugs in a line of Cisco firewalls
patch CVE-2025-30333 and CVE-2025-20362 asap
therecord.media/cisco-asa-fi...
I donβt think Iβve ever loved anything as much as ICE loves violently attacking women.
The Secret Service isn't claiming it foiled any plot targeting the UN General Assembly. Just that a big collection of SIMs (probably used for fraud) could have *potentially* disrupted NYC cell service. The SIMs were in a *35 MILE* radius of the UN.
These headlines are all pretty egregiously wrong:
This is incredible stuff
Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...
Diagram titled 'Possible causes of your problems'. On the left hand side, subtitled 'Yes': Funding removed from local councils, growing gap between rich and poor, multinational companies not paying their taxes, lack of new affordable housing, government not investing sufficiently in schools and healthcare. On the right hand side, subtitled 'No': Picture of small boat, with arrow; 'People fleeing horrific situations that you and I can't imagine'.
Possible causes of your problems. Itβs a diagram that (sadly) still seems relevant in 2025, so reposting a year and a bit on.
Hey, security research friends! You know how vulnerability disclosure coordination is the most painful part of vuln research? Good news: VulnCheck will do it for you! You get credit, we handle the CVEs + vendor discussions.
Report vulnerabilities for disclosure here: vulncheck.com/advisories/r...
A beautiful, tender piece about grief and aging and friendship and the sacred call to haunt: joysullivan.substack.com/p/when-to-ca...
We need community notes here to clarify that in fact Michelle Wu ended his campaign
A meme with the black spinning top from the movie "Inception". It's on a beige-ish background and the text of the meme says "It's like...a third-order command injection."
Quote from the VulnCheck team exploit mines 2025-09-11T19:24:00Z
Overachievers
Gen Z in Nepal burned down the parliament, burned down the homes of government officials, forced the prime minister to resign, and paraded the finance minister through the streets nearly naked.
I know NPM and SAP and probably other acronyms are on fire today, but @vulncheck.bsky.social put out a Chrome extension for #CVE and #exploit intel and it's saving me kind of a lot of tab-switching effort, so you get π π€ posts from me instead of ποΈπ₯ posts www.vulncheck.com/blog/vuln-ch...
Friends, for your Friday, here's a new image of planets being born.
The inverse of this skeet is "Some enterprising young sys admins used example machine keys for production deployments, which is also significantly less surprising than anyone reading docs."
There is something soothing about watching a baseball diamond get steamrolled.
Some enterprising young threat actor read the Sitecore docs, which is significantly less surprising than literally anyone else reading docs cloud.google.com/blog/topics/...
