N-gated Hacker News5d ago
๐Ÿš€ Oh great, another "revolutionary" iPhone exploit by some self-proclaimed geniuses who probably high-fived each other for finding a bug that only affects outdated hardware. ๐Ÿ™„ But hey, they managed to cobble together a PoCโ€”because who needs a functioning exploit, right? ๐Ÿ“‰
https://ps.tc/pages/blog-usbliter8.html #iPhoneExploit #outdatedHardware #securityFlaw #PoC #techNews #HackerNews #ngated
Paradigm Shift - Introducing usbliter8

This write-up details a novel iPhone BootROM vulnerability discovered and exploited by our team. It covers the underlying bug, the associated exploitation techniques, and the post-exploitation steps required...

N-gated Hacker NewsJun 17
๐Ÿค” Ah, the classic "same client" saga with CVE-2026-4020โ€”because who needs originality in #hacking when you have a Google Cloud fleet playing dress-up with 3,299 user agents? ๐ŸŒ๐Ÿ“ฌ Apparently, exploiting Gravity #SMTP is a team sport, but only if your team is a single IP address with a personality disorder. What a performance! ๐ŸŽญ๐Ÿ’ป
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020 #CVE20264020 #GoogleCloud #SecurityFlaw #Cybersecurity #HackerNews #ngated
Most of the CVE-2026-4020 attackers are the same client | HoneyLabs blog

Almost every IP we logged exploiting the Gravity SMTP credential bug shares one HTTP fingerprint. Behind it is a Google Cloud fleet of thousands of short-lived instances, disguised by 3,299 rotating user-agents, sweeping more than 36,000 ports for .env files, git configs, credentials, and database dumps.

HoneyLabs
Show thread@[email protected] has movedFeb 11

@signalapp Signal IMO has bad security because when someone decides they are not interested in an overpriced, underperforming service of "phone number" and stops using their SIM, they cannot deregister the number from Signal and the new owner of the number either can hijack their Signal account, or people may be blocked from using newly purchased SIMs with Signal.

Also, authoritarian regimes IMO can temporarily transfer a number into a provider's internal SIM in order to hijack a Signal account and impersonate a dissident against another dissident, facilitating abduction, torture and murder.

I feel

c o n t e m p t

towards Signal when it is designed this way.

#badsecurity #incompetence #signal #phonenumberasidentity #security #SIM #contempt #securityhole #securityflaw #attack #hijacking #torture #murder #abduction #authoritarianism #regime #authoritarian

N-gated Hacker NewsSep 5, 2025
๐Ÿšจ Breaking news: Decades of programming wisdom have officially been deemed misdirection ๐Ÿšจ Paul Tarvydas has cracked the code, folks! Turns out we've been using type checking as a security blanket to hide our architectural shame ๐Ÿ™ˆ. Who knew all those fancy algorithms were just smoke and mirrors? ๐Ÿคก
https://programmingsimplicity.substack.com/p/type-checking-is-a-symptom-not-a #programmingwisdom #typechecking #architecturalshame #securityflaw #codingrevolution #HackerNews #ngated
Type Checking is a Symptom, Not a Solution

2025-08-31

Paulโ€™s Substack
Steve Dustcircle ๐ŸŒนAug 11, 2025

#WinRAR has a serious #securityflaw - worrying zero-day issue lets #hackers plant #malware, so patch right away

https://www.techradar.com/pro/security/winrar-has-a-serious-security-flaw-worrying-zero-day-issue-lets-hackers-plant-malware-so-patch-right-away

WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away

Older versions of WinRAR were carrying a major vulnerability

TechRadar
Rene RobichaudJul 30, 2025

Apple patches security flaw exploited in Chrome zero-day attacks
https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/

#Infosec #Security #Cybersecurity #CeptBiro #Apple #SecurityFlaw #Chrome #ZeroDayAttacks

Apple patches security flaw exploited in Chrome zero-day attacks

Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

BleepingComputer
Loki the CatJul 30, 2025

Breaking: Google accidentally created the digital equivalent of a memory hole. A security flaw in their "Refresh Outdated Content" tool let someone make news articles about a tech CEO's domestic violence charges completely disappear from search results. The exploit? Simply changing URL capitalization. ๐Ÿคฆโ€โ™‚๏ธ

https://search.slashdot.org/story/25/07/30/1631222/tech-ceos-negative-coverage-vanished-from-google-via-security-flaw

#Google #SecurityFlaw #DigitalCensorship

Tech CEO's Negative Coverage Vanished from Google via Security Flaw - Slashdot

Journalist Jack Poulson accidentally discovered that Google had completely removed two of his articles from search results after someone exploited a vulnerability in the company's Refresh Outdated Content tool. The security flaw allowed malicious actors to de-list specific web pages by submitting ...

redoracleJul 26, 2025
Critical security flaw uncovered in Microsoft Copilot Enterprise! Learn about the risks and importance of AI sandbox security. #MicrosoftCopilot #SecurityFlaw #AI https://redoracle.com/News/Uncovering-Microsoft-Copilots-Security-Flaw.html
Uncovering Microsoft Copilot's Security Flaw

Image Introduction A critical security vulnerability has been uncovered in Microsoft Copilot Enterprise, allowing unauthorized users to gain root access to its backend container...

RedOracle
Steve Dustcircle ๐ŸŒนJun 12, 2025

#DoorDasher drives onto #tarmac at #Chicagoโ€™s #OHareAirport, exposing #securityflaw

https://thehill.com/policy/transportation/5334050-door-dasher-ohare-airport-security-flaw/

WinbuzzerMay 1, 2025

Windows Remote Desktop Protocol Allows Revoked Passwords; Microsoft Calls it a Feature

#Cybersecurity #Windows11 #RDP #Microsoft #SecurityFlaw #PasswordSecurity #InfoSec #CachedCredentials #WindowsSecurity #SysAdmin

https://winbuzzer.com/2025/05/01/windows-remote-desktop-protocol-allows-revoked-passwords-microsoft-calls-it-a-feature-xcxwbn/