Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8fc4ca6426ae50c7673326eacb6644a8b361ad1051138d04cbd9da8b807a0973— faulty *ptrrr (@0x_shaq) February 9, 2025 This is a pre-auth SQLi bug that can be leveraged to an RCE in FortiWeb.
CVE-2025-5777 aka CitrixBleed 2 has been added to CISA KEV now over evidence of active exploitation.
Citrix are still declining to comment about evidence of exploitation as of writing.
Belkin WEMO to shut down cloud operations and cripple WEMO iot devices in January 2026
How's that AI coding going for you? Ah... I see.
Wired: McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’
"... Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers...."
https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
I just saw copilot leave "[nitpick]..." PR comments. Given that these things just reflect a probabilistic sample of our own writing back at us, I am even more convinced that programmers are bad at using programming tools. And that this is in large part driven by the need and desire to perform constant displays of dominance.
So vast swathes of projects just never set up linters or style guides. Because they don't know how. And because they don't want to learn. Because it would reduce their opportunity to make "[nitpick]..." comments on other people's PRs. And thus, so does copilot
Are you still on #Spotify?
Spotify’s CEO Daniel Ek has raised €600M for his new startup, which is developing AI TECH FOR WAR. Ek still owns 9% of Spotify, but has 37% voting control. His net worth went from $2.5B to $10B in the last two years alone, on the back of paying musicians a pittance in royalties.
And don’t forget:
• Spotify spent $250M of your subscription dollars to invite Joe Rogan to spew his disinformation on their platform.
• They’re still trying to embrace and extinguish Podcasts.
• They’re developing in-house, AI-generated “music” so users will play them (royalty-free) instead of music created by humans (who demand royalty).
And now, he’s using his wealth, created by your subscriptions, to fund tech that will use AI to literally murder humans in war.
Stop funding him. Quit Spotify now.
#QuitSpotify #music #ai #militaryTech #techbro
“Spotify’s CEO invests $1 billion into an AI military start-up — and musicians are fuming”
Those #github commits you removed with sensitive data are still accessible. I didn't know this
GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents.
Two recent statements from the surveillance company—one addressing Illinois privacy violations and another defending the company's national surveillance network—reveal a troubling pattern: when confronted by evidence of widespread abuse, Flock Safety has blamed users, downplayed harms, and doubled...
If anybody wonders who Ingram Micro are, they turn over $48 billion a year and have about 20 different business units and brands.
Their network border is dead. Haven’t checked network traffic to see if ransomware yet.
Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/
2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”
They’re both a large MSP and MSSP who sell anti-ransomware services.
Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/
It’s a smart play as it makes them the owner of the narrative.
Ingram Micro have filed an 8-K for ransomware.
Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.
https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm
@GossiTheDog
Item 8.01. Other Events.
On July 5, 2025, Ingram Micro Holding Corporation (the “Company”) issued a press release stating the Company identified ransomware on certain of its internal systems. Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.
A copy of the press release is attached hereto as Exhibit 99.1, noting that the Company is working diligently to restore the affected systems so that it can process and ship orders.
#AltText #Alt4You
@GossiTheDog It's always "we found ransomware", and never "we couldn't bother to secure our shit and got pwned"
It's as if ransomware is a mythical act of the gods...
“refreshing honest” would have been wighin the first two hours…
@deepthoughts10 @GossiTheDog this is a fundamental misunderstanding.
Ingram Micro is a *TIER 1*. There are only three of them; IM, TD Synnex, and AVNET. They do not do business with 'small.' I just happen to be a grandfathered customer in good standing from the 90's.
All the low tier MSPs are dealing with an entirely different arm. The minimums for a REAL customer is an insurable LoC of at least $10M last I looked.
@GossiTheDog and iirc it's not possible to eject a reseller partner (even one that isn't currently placing licences in your tenant) from your MS365 tenant, either - the reseller has to delete the relationship (or maybe, if you can figure out a way to contact them, MS can do it for you).
Can't reseller partners create new global admins to do tenant recovery even if they have no role assigned?
@root @GossiTheDog do want to give the nuance that their ‘regular’ tenant (ingrammicro.com) does not have access to the customer tenants. The GDAP relation is with their MSP tenant (msp.ingrammicro.com).
Not that it matters much if they have access to workstations and idp’s 🤷
@GossiTheDog One of those business units is AWS resale. Potentially there could be tens or hundreds of thousands of their customer's AWS accounts compromised as part of this - my understanding is that Ingram have full admin privileges to their resale customers accounts.
Many AWS partners use Ingram Micro to provide white label resale, so companies won't necessarily be aware they are affected because they don't deal with them directly.
Tellingly, their “please contact us” does not list an email address.
Van confirm. Its a mess
Marco Ivaldi
Kevin Beaumont
AI6YR Ben
Jenniferplusplus
Joseph Cox
Dave Rahardja
Unlogic
Electronic Frontier Foundation
George Liquor, American
Zack Whittaker
Emory
Phoenix Gee
vampirdaddy
greem
Expertenkommision Cyberunfall
Ray—Golden Retriever Whisperer—🔝Insights
Multi :companion_cube:
Hugo Mills
PhreakByte
Brian Clark
RootWyrm 🇺🇦
Interpipes 💙
Martin Boller 
Cameron
Jeffrey
fuzzyfuzzyfungus
Logan Land
One of many Tims
bashtoni
AnneH
John "Gozzy" Godsland
Joel Michael
JP
Alan Miller 
🇺🇦
rk: it’s hyphen-minus actually
OSPF110 ☕
Johnny von Awesome
8tpercent