Mastodawn

MemoryLeech

@CyberLeech@cyberplace.social

178 Followers

898 Following

2.5K Posts

Don't mind me leeching

Cyber, Intel, Info, Detection

MemoryLeech 2h ago

Legit_Spaghetti 14h ago

Welp, after 21 years with Blizzard Entertainment, I was laid off today. What an incredible journey. I got to be part of challenging, exciting projects, and I played a part in shaping the company's voice for over two decades.

One thing you learn living in California is that the most intense growth usually follows after a wildfire. Some plants even require fire to release their seeds.

So we'll see what comes next. If you need an editor on your team, hit me up.

MemoryLeech 2h ago

Jonathan McDowell 6h ago

The Minor Planet Center has designated 3I/ATLAS = C/2025 N1 (ATLAS), or informally "Comet ATLAS", a new interstellar comet that is currently about 4.5 AU from the Sun and screaming through the solar system at 58 km/s (130000 mph)

MemoryLeech 17h ago

manic pixie donkey kong 18h ago

Good friend of mine released a lovely post punk flavoured drone ambient album this weekend. Give it a listen

https://ultimategrey.bandcamp.com/album/glaciers

Glaciers, by Ultimate Grey

11 track album

Ultimate Grey

MemoryLeech 19h ago

daniel:// stenberg://22h ago

#curl user survey 2025 respondents like Mastodon:

MemoryLeech 19h ago

ableists get the spork 1d ago

A reminder that pride is not over, it's Disability Pride month!

MemoryLeech 1d ago

Ciarán McNally 1d ago

This is important to remember, especially in hard times

MemoryLeech 1d ago

Catalin Cimpanu 1d ago

RCE Security has found major vulnerabilities in the Wind FTP server.

Attackers can bypass authentication on the server's web interface just by appending a NULL byte to the username followed by any random string.

https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security

MemoryLeech 2d ago

1 - Only expose what you need to.

2 - Keep your shit patched.

3 - Segment and isolate exposed systems to minimize lateral movement.

4 - Use "strong" ( whatever that means in your environment ) authentication and change defaults.

5 - Don't stress over it. It's just computers.

MemoryLeech 2d ago

Cassandrich 2d ago

TIL in Firefox about:config:

widget.gtk.overlay-scrollbars.enabled = false
widget.non-native-theme.gtk.scrollbar.thumb-size = 1
widget.non-native-theme.scrollbar.style = 4
widget.non-native-theme.scrollbar.size.override = 16

Gets you scrollbars that are actually visible and clickable with the mouse.

MemoryLeech 3d ago

Andy Bell 5d ago

Back in the day, Twitter used to be really good if I set up a thread to connect freelancers with clients. Let's see if Mastodon can do it.

Clients: if you're looking for freelancers/contractors, get in the comments

Freelancers/contractors: get in the comments

Everyone else: boosts appreciated.

The market is *dead* for freelancers and a big part of that (in my opinion) is fragmentation. Let's get that network effect *back*.

×

Kevin Beaumont 1d ago

Evidence if anybody cares

Kevin Beaumont 1d ago

I’ve heard that Citrix are complaining me billing this CitrixBleed 2 is causing them reputational damage, and isn’t related in any way to CitrixBleed.

For the record - it was a dumb joke name to attraction attention for patching. I know it isn’t exactly the same cause.

But, ya know, it is a memory disclosure vuln which reveals sensitive info, and it does require ICA sessions be reset.. which only happened before with CitrixBleed.

ineedsleeps 1d ago

@GossiTheDog but they're good with the "Electric Boogaloo" subtitle?

Some commentators have drawn comparisons between CVE 2025-5777 and CVE 2023-4966. While the vulnerabilities share some characteristics, Cloud Software Group has found no evidence to indicate that they are related.

Emphasis theirs. 🤣

Kevin Beaumont 1d ago

@cR0w lols. Like the way they don’t mention CitrixBleed, or the relationship of memory disclosure and sessions needing to be reset 🤣

@GossiTheDog I also like Cloud Software Group does not provide forensic analysis; however, customers can contact Citrix Customer Support to get access to IoCs.

And

Does CVE 2025-6543 constitute a zero day vulnerability?

Cloud Software Group became aware of limited exploitation activity before the patch was released.

Kevin Beaumont 1d ago

@cR0w don’t say the zero day word! They wouldn’t provide us any IOCs for CVE-2025-5777.

microwavetacos 1d ago

@cR0w @GossiTheDog the only IOCs they will release is via a technical support request for CVE 2025-6543 and is literally a script that looks for a handful of vulnerable conditions and file types in locations they shouldnt be. No public IPs, domains, filenames, etc

Kevin Beaumont 1d ago

@microwavetacos @cR0w yeah, they’re trying to obfuscate that one is RCE via webshell implant

microwavetacos 7h ago

@GossiTheDog @cR0w forgot about this but might help some people patching this week now that there is an official notice. Patching defaults some CSP setting to "on" which can cause blank login pages after updating. Citrix engineer we talked to last week stated they were getting inundated with calls about it. It extended our downtime by about an hour until a team member figured it. Never roll back, power through!
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694826

Loading...

, powered by sarcasm 1d ago

@GossiTheDog shit software causes reputational damage

just_one_bear 1d ago

@GossiTheDog As with so much in this world: "The little stupid differences are outweighed by the big stupid similarities."

@GossiTheDog im surprised to read they care about their reputation.

That's really difficult to imagine, given their track record of security problems.

Various_Canaries 1d ago

@GossiTheDog What about "Electric Bugaloo?" Lmao I bet they love that

Amar Kulo 21m ago

@GossiTheDog I would say that increasing licensing prices 240% in a Broadcom style does them more reputational damage than this

Drew Mayo 1d ago

@GossiTheDog I appreciate you. I want to punch folks using ai to make up this shit.