Le témoignage de Hugues, étudiant de 23 ans, qui affirme avoir été frappé et traité de « sale bougnoule » et « sale arabe » par la police le soir des célébrations de la victoire du PSG en ligue des champions.

Soutenez un média indépendant : https://fr.tipeee.com/les-repliques

HTTP/2 Bomb Exploit Chains Decade-Old Flaws to Crash Web Servers

Researchers discovered the "HTTP/2 Bomb," an exploit that chains HPACK compression flaws with window-stalling techniques to exhaust server memory and knock major web servers offline in seconds. The attack affects NGINX, Apache, IIS, and Envoy, allowing a single client to consume up to 64GB of RAM using minimal bandwidth.

**If you run nginx, Apache httpd, IIS, Envoy, or Cloudflare Pingora with HTTP/2 enabled, patch now where fixes exist (nginx 1.29.8, Apache mod_http2 v2.0.41, and Envoy's recent patch). Where no patch is available or you can't upgrade yet, disable HTTP/2, put the server behind a proxy that hard-caps the number of headers per request, and set per-worker memory limits so a bombed process gets killed and restarted before it takes down the machine.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/http-2-bomb-exploit-chains-decade-old-flaws-to-crash-web-servers-v-z-w-z-r/gD2P6Ple2L

Calif, posted yesterday: Codex Discovered a Hidden HTTP/2 Bomb https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb

More:

"The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold."

Security Week: ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds https://www.securityweek.com/http-2-bomb-exploit-knocks-web-servers-offline-in-seconds/ @SecurityWeek #infosec #vulnerability

I quite like Project Zero blog. Some interesting tricks.

"memstart_addr is an exported variable that can be looked up in /proc/kallsyms."

⚠️ Their content was like that long before chat-supplychain-pt, I understand almost nothing of it 🤯
A KASLR leak is a type of security weakness where information is unintentionally revealed that lets someone figure out the randomized memory location of the OS kernel.

Defeating KASLR by Doing Nothing at All
https://projectzero.google/2025/11/defeating-kaslr-by-doing-nothing-at-all.html

#linux #bpf #infosec

Macron annonce 93 milliards d'euros d'investissement qui permettront de créer "plus de 15000 emplois" https://www.liberation.fr/economie/sommet-choose-france-emmanuel-macron-promet-des-investissements-record-de-93-milliards-deuros-20260601_EPVOK5RJQZGGZJG2EVJENETEMQ/

Alors je suis pas économiste mais je sais faire une division ça fait à peu près six millions d'euros par emploi je vois pas dans quel monde c'est bien joué comme move

After doing a couple of private workshops on how to use #Mastodon, I've decided I could just record a series of tutorials and have everyone benefit from it. Mastodon has a lot of features, and sometimes even long time users aren't aware of all of them! The first episode is about making posts on Mastodon--going over every aspect.

https://www.youtube.com/watch?v=fNBKHTa3Irk