Supposedly, https://copy.fail has been patched on Ubuntu, and therefore, on Mint 22.3, which I use; but I've run apt update && apt upgrade over and over, and the copy_fail_exp.py script still gets root. What am I missing?

update 2: it's been patched in the generic kernel. Run your updates as usual

update: it's not patched in the generic kernel! If you really need algid_aeaf, you have to switch to one of the vendor kernels. But if you're a desktop user like me, I don't think you'll miss it; just disable it with the instructions in https://copy.fail/#mitigation

#infoSec #linux #linuxMint #ubuntu #copyFail

Beaucoup de gens vont sans doute résumer la faille de sécurité CVE-2026-3854 en « Mon Dieu, la totalité des logiciels hébergés sur GitHub ont peut-être été compromis ».

Mais, en fait, c'était déjà possible, Microsoft (propriétaire de GitHub) pouvait déjà tout modifier.

Tout ce qu'a permis CVE-2026-3854, si des gens l'ont exploité, c'est de démocratiser cette possibilité, en la rendant accessible à tous les gens ayant un compte GitHub.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

ECI N3: Exploiting and securing communication on the Internet

Pabellón Cero + Infinito, Ciudad Universitaria, Buenos Aires, Argentina, lunes, 27 de julio, 18:00 GMT-3

Profesor

Vladimír Veselý

@[email protected]

Turno

Noche (18:00 a 21:00)

Idioma

Inglés

Descripción

During the course, participants will learn about the basic principles of computer communication security. We will explain how authentication, confidentiality and integrity are achieved using various cryptographic techniques (e.g. MD5, SHA, AES and RSA). Next, participants will learn how to communicate securely on the web, send emails and connect to WiFi networks. Furthermore, we will demonstrate the security vulnerabilities in these scenarios using freely available hacking tools.

Programa del curso

* Monday: Computer Networking and Security 101
* Tuesday: TLS/SSL and exploiting HTTP
* Wednesday: Exploiting DNS and SMTP
* Thursday: Exploiting DHCP and Wi-Fi
* Friday: Exploiting Wi-Fi and conducting MitM

https://cartelera.inexactas.ar/event/eci-n3-exploiting-and-securing-communication-on-the-internet

On #WorldBackupDay, here's a good reminder to check if your backups actually hold up.

The 3-2-1 rule is a simple way to do it: 3 copies, 2 different storage types, and 1 stored in a separate location. Take a minute and check your backups.

I'll take a guess on what the telegram exploit is. Mostly because people seem to be concerned and there is little information and the recommendation appears to be "Disable automatic media download" but I am worried about the mixture of severity and lack of information and at least thought to speculate based on information available and what I can see.

--

Now, please do keep in mind that I have spent like 15mins on this and have hardly done anything serious but hearing "Please do this thing to prevent an exploit but I don't have details" isn't exactly ideal. I'm also jumping to some conclusions as what is exploitable

--

1. Got notified regarding to this CVE via a friend.

* CVE for Telegram - https://bsky.app/profile/redteef.bsky.social/post/3mi3ki5tip227

The main advice appears to be disable automatic media download - My assumption is that some library related to processing media appears to have some issue.

2. pmap of my running telegram process - Saw libjxl and wondered what state it was in (Refer to media attached)

3. Looked up issues related to libjxl on github - https://github.com/libjxl/libjxl/issues/4539
and https://github.com/libjxl/libjxl/issues/4539
"ibjxl JPEG XL decoder crash due to uninitialized pointer access in malformed images" - One of the screenshots output "Illegal Instruction (Core Dump)" which is sinister, this can include the CPU attempting to execute an instruction it doesn't understand and if that segment can be manipulated, this can potentially lead to arbitrary code execution.

Which then also lead me to this: https://github.com/advisories/GHSA-76gx-97cq-65f5

---

Disclaimer: I can't say it is even about libjxl or related to the CVE mentioned in 1 but I can at least see an attack like so: (which gives weight to disabling media for telegram).

1. Attacker crafts a suitable image to manipulate the decoder, image contains data that can either manipulate the pointer and/or data that the segment it could point to (for reference, just enough data to get a shell or establish a connection to something else is enough)

2. Attacker sends the image on a platform where the user using this library can then decode it.

3. The image that is decoded will then be able to execute the payload - Attacker could gain control via this method.

---

While this may seem silly but please also do not hound or abuse the devs at libjxl. Last thing I want are people who are trying to do their best to fix the issues I have listed and do not control what telegram includes in their builds.

#telegram #cve #attachments #media #libjxl #psa

A zero-day vulnerability with critical severity (9.8/10) was found in Telegram by security researcher Michael #DePlante and reported via Zero Day Initiative. Details will be disclosed later in July.

https://www.zerodayinitiative.com/advisories/upcoming/#ZDI-CAN-30207

#Ukraine #Russia #Telegram

Do you find yourself in the position where you just bought a piece of server kit (new or used) and you do not know what the IPMI password is, and you don't have a OS/screen to reset it, or it's set to some static IP that you don't know?

Please enjoy this small (70MB) image you can put on a USB stick and blindly boot the machine into, assuming the USB boots, it will set the IPMI to a known value, and set the network back to "normal" values (no VLAN and DHCP)

Enjoy! (and report back if you find it worked on things not already confirmed in the readme)

https://github.com/benjojo/headless-ipmi-reset