We have disclosed CVE-2026-2329, a critical unauth stack-based buffer overflow vuln affecting the Grandstream GXP1600 series of VoIP phones. Read our disclosure on the @rapid7.com blog, including technical details for unauth RCE, and accompanying @metasploit-r7.bsky.social modules: r-7.co/4tIzope
๐จ In November 2025, a critical vuln. was patched in #n8n, a popular piece of automation software.
The advisory for (what the finders have dubbed) #Ni8mare was published on January 7, 2026 โ now tracked as CVE-2026-21858 with a CVSS score of 10.0.
More: r-7.co/3Z3aGBP
Large dog in a bed hidden under a blanket with only his snoot sticking out.
A close up of a dog's snoot sticking out from under covers.
Looked over this morning and saw this dufus was in full blanket-snorkel mode. Pure jealousy.
We now have a (draft) @metasploit-r7.bsky.social exploit module for the recent Fortinet FortiWeb vulns, chaining CVE-2025-64446 (auth bypass) + CVE-2025-58034 (command injection) to achieve unauthenticated RCE with root privileges: github.com/rapid7/metas...
There's an unpatched admin auth bypass in the Twonky Server
www.rapid7.com/blog/post/cv...
Please forgive me if I'm saying something you already know, but as a former Jacksonville resident if you have some time, Chamblin Bookmine is a lovely way to spend it.
I would have thought so too. Saying "cloud native solution" would be a bit confusing alone, as it is a string of three nouns (or a verb and two nouns), but "cloud-native solution" clearly identifies the nouns/verb acting as a single adjective, leaving the subject clear?
Last night, Fortra disclosed a critical vulnerability in their GoAnywhere MFT file transfer product. CVE-2025-10035 has a virtually identical description to CVE-2023-0669, which was exploited by ransomware crews. Unclear if this one has been exploited. Patch now. www.vulncheck.com/blog/cve-202...
Is it wrong I pictured a half-drunk dude waiving a stump saying "I thought this was AMERICA!"
Also, as a recreational diver: Please do not train sharks to think my hand is holding something tasty.
Can confirm- in 2019 no stomach shots. Got 4 IG injections at the bite site, 1 in the butt cheek, and then 4 vaccinations in the arm over the next month or two.
The IG was the worst, as it made me feel like I had the flu the next day, but better than death. Also make sure you are current on TDAP.
Just finished reading @carlhiaasen.com's Double Whammy and immediately thought about Jim Tile's assertion that while Clinton Tyree's environmental and anti-corruption platforms are great, it will be his teeth that get him elected.
This is awkward....
Very dirty dog in a crate
Moderately clean dog lying in the grass
In happy news, our most recent foster found his forever home this weekend. He showed up on the ranch when the weather was in the 20's, and stayed for a warm bed, lots of kibble, surgery to remove a benign tumor, a couple baths, rest, and lots of treats and pets. Day 1 vs day 40(?).
Having been a civilian at the DoD, there cannot be anything more explicit in that chat than what I heard daily from some servicemembers and old straight white dudes.
The culture change going from DoD civilian/contractor to tech space was so dramatic, I had not realized how "used" to it I had become.
I'm all for burning down stupid bureaucratic nonsense, but maybe ask why it is done that way and what happened that caused those rules to be created before striking the match?
A great way to do this for non-compliant managers is to type up your notes from face-to-face encounters and email them to the person to ask if you missed anything in the discussion. I once made a senior DoD manager go apoplectic using this tactic.
Pepperidge Farm remembers blank meme
www.today.com/news/man-liv...
He probably started the form, but didnโt finish it.
VM Failing to start
Image of automatically created VM Hard drive on ARM PC with MD5 hash
Same MD5 Hash showing on VM Hard drive created on an x64 Host OS
Super excited that Microsoft has enabled "quick create" on Hyper-V to let you automagically create popular VMs. Less excited that it appears to create the same x64 VM, even if your host OS is ARM-based. ๐ Maybe at least put the arch in the vhdx filename?
I'm on at 15:15 ET tomorrow!
Pointer dog pointing at a large goose two feet away
Truly uncanny how he can find waterfowl hidden in the grass.
CVE-2023-20198 (critical RCE in Cisco IOS XE) PoC and associated Fofa query:
github.com/W01fh4cker/C...
I don't know why I keep being surprised that Enterprise software is as utterly cobbled together as the code I wrote to control the temperature of my kegerator 20 years ago.
Yeah; some of the $500+ rescue fees are..... suspicious. Our local shelters are so dang happy to get dogs into homes we often don't even pay adoption fees, though we usually drop off a couple hundred pounds of kibble throughout the year as a "thank you."
Great Pyr with muddy paws
I know those feels......
I don't think our GP digs delicately enough for archeology work. It is more civil engineering focused.
Great Pyrenees Dog lying on a carpet with a K-BAR knife unsheathed with the scabbard next to it.
That time we found our Great Pyr had taken out a K-BAR, managed to get it unsheathed, and got real serious about livestock guarding.....
do u enjoy silly little guys??? i got u. get yourself some silly little guys, today ๐ฆดโจ fangcrush.storenvy.com
Two dogs on beds covered in blankets by a fireplace
I am often jealous of our dogs....
I'm in a meeting and someone said "all the way back in Python 2.7" like it was code carved in stone and now my back hurts.
