B'ad Samurai 

@[email protected]
506 Followers
208 Following
418 Posts

#security #automation #soar #iac and #tay

I love the PacNW / BC. When I'm not doing security shenanigans, you'll find me on a glacier, volcano, ski lot or sketching mushrooms on the trail.

I believe the outdoors heal and are for EVERYONE.

Keyoxide: aspe:keyoxide.org:6FO76WXKQECSKSK6X7QD5VSZ2A

Webhttps://badsamurai.dev
GitHubhttps://github.com/BadSamuraiDev
Verificationhttps://www.badsamurai.dev/mastodon-verification
Gravatarhttps://gravatar.com/badsamuraidev
Pronounshe/him
B'ad Samurai 3h ago

RE: https://mastodon.social/@botgov/116743467328624090

aiworkforcehub.gov is another domain for the Department of Labor for America to secure global dominance in AI

https://blog.dol.gov/2025/11/24/the-trump-administrations-ai-action-plan-is-bringing-agility-to-americas-workforce

B'ad Samurai 21h ago
watchTowr22h ago

Happy Friday... again.

Yes, we've been left unattended, allowing us to run amok and publish our analysis of CVE-2026-20253 - an Arbitrary File Write in Splunk Enterprise that can be turned into Pre-Auth RCE...

Enjoy, friends!

https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

Three posts in three days? Are we insane? We're home alone, there's no-one to stop us, and we're up past bed time. So, we need to talk about Splunk. On June 10th, Splunk published this CVE-2026-20253 advisory: It has everything that we love: * No

watchTowr Labs
B'ad Samurai 1d ago
IFIN - The Independent Federated Intelligence Network1d ago

RE: https://infosec.exchange/@ifin/116735279416101129

This attack is ongoing, with the attackers shifting from npm to bun for malware installation. If you see information we're missing, please consider contributing!

B'ad Samurai 1d ago
SUBPOP at SEA is gone!? It was the only thing that made me happy about this airport.
B'ad Samurai 1d ago
Ian Campbell 🏴1d ago
Since June 1 2026, less than two weeks ago, Cloudflare has protected at least 100,000 newly observed or newly active domains that have earned a 100 risk score from us, meaning they are blocklisted by a third party.
B'ad Samurai 1d ago
Elisabeth Alba1d ago
"Sunset Friends"
2x3 inches, ink, watercolor, and acryla gouache
B'ad Samurai 1d ago
IFIN - The Independent Federated Intelligence Network1d ago

400+ Arch User Repository packages have been compromised in a massive, sophisticated supply chain attack, including a rootkit installation.

https://discourse.ifin.network/t/400-aur-packages-compromised-with-infostealer-and-rootkit/577

#ThreatIntel #ThreatIntelligence #IFIN

400+ AUR Packages Compromised with Infostealer and Rootkit

Last Updated: 2026-06-12T04:22:42Z (UTC) What’s Happening It appears an AUR package maintainer’s account (arojas) was compromised. The maintainer’s account had write access to over 400 package repos. The compromise was reported and other AUR maintainers have been working to remove the infected packages. The affected packages were modified with preinstall scripts to use npm to install the atomic-lockfile package, a malicious payload. Here’s an example of the change: This blog has a deep d...

IFIN
B'ad Samurai 1d ago
IFIN - The Independent Federated Intelligence Network1d ago

RE: https://infosec.exchange/@ifin/116732602137426733

The idea is when you go to make the case for ad blockers, you can point to this external, "authoritative" resource and say look, these very serious people said so.

B'ad Samurai 1d ago

RE: https://infosec.exchange/@metacurity/116733907862052755

Seems like a mechanism for manipulating markets.

B'ad Samurai 1d ago
da_6671d ago

wrote a rule to cover Ivanti Sentry pre-auth command injection (2026-10520) - should be out in the ETOPEN ruleset with today's release.

https://discourse.ifin.network/t/cve-2026-10520-ivanti-sentry-preauth-command-injection-eitw/573

CVE-2026-10520: Ivanti Sentry Preauth Command Injection EITW

Last Updated: 2026-06-11T13:15:59Z (UTC) What’s Happening I can’t believe this is the first Ivanti post on the forum. It won’t be the last. On 2026-06-09T07:00:00Z (UTC), Ivanti published an advisory for two critical vulnerabilities: CVE-2026-10520, the command injection vuln, and CVE-2026-10523, an authentication bypass. The command execution vuln is a perfect 10, and is indeed a no-auth code execution vector that runs commands as root. At the time, the vulnerability was not exploited in the...

IFIN