Mastodawn

@jaras hey cool 7-zip bug

https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/

Any opinion on exploitability on non-Windows? Your writeup talks about the filetype handler bypass for NTFS in 7z.dll… so while the BOF exists on all OS targets, maybe only exploitable with an evil .zip or .rar on Windows?

I’m just thinking about CI/CD tooling.

GHSL-2026-140: Heap Buffer Write Overflow in 7-Zip

A heap buffer overflow vulnerability (GHSL-2026-140) exists in 7-Zip version 26.00, caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing attackers to exploit this issue for arbitrary code execution.

GitHub Security Lab

Tod Beardsley 2d ago

runZero, Inc 2d ago

As AI-assisted bug discovery accelerates, traditional workflows—triage, verification, CVE assignment, & patching—are hitting a bottleneck. ⛔️

What's the solution? Part of the answer is to harness LLMs to help level the playing field.

Want to know more? Check out @todb’s latest blog, LLMs are dual use, so use them! 🚀

👉 Read the full blog here: https://www.runzero.com/blog/llms-dual-use/

I thought there was a bug in EPSS since I couldn't see the score for CVE-2026-45498, but... it's just too new. Released today. Rare not-Patch-Tuesday CVE release for Microsoft. Wonder what's up.

(It's a Microsoft Defender DoS, which, sure, seems bad for an A/V thing, but... it's just DoS according to the CVE and KB.)

(Also the KB says there's no exploitation, but CISA KEV says otherwise... curiouser and curiouser.)

Show thread

Tod Beardsley May 18

Also, there's a new ritual at the polling place. Now, instead of just handing you a ballot to use at the machine, the voter must chose one from a pile of blank ballots.

I have no idea what problem this is intended to solve. It's like you get to play a no-stakes game of 3-card monty right before voting, and nobody there could explain what this extra randomness actually accomplishes.

Tod Beardsley May 18

Hey y’all. Early voting for the primary runoffs in #Texas started today. If you voted in the primary back in February/March, today’s the day to finish that up.

Tod Beardsley May 13

runZero, Inc May 12

🚨New Report: 2026 GigaOm Radar for Operational Technology Security

🎉 We’re thrilled to announce that runZero is positioned as a Challenger & Fast Mover in the Innovation/Platform Play quadrant of the Radar. 👏

🎥 Webinar (May 28 at 12 PM ET): Join GigaOm Field CTO Chris Ray and runZero CEO HD Moore to explore new methods for hardening #OT defenses and share insights from the GigaOm Radar for OT Security.

👉 Read the report & register for the webinar today at: https://www.runzero.com/gigaom-radar-ot-security

Tod Beardsley May 7

hrbrmstr 🇺🇦 🇬🇱 🇨🇦May 6

Gosh this was a (recent) first-hand lived experience.

I'm dismayed it's more prevalent than I hoped.

https://nooneshappy.com/article/appearing-productive-in-the-workplace/

Tod Beardsley May 7

I wish my local radio station, #KUTX, had a chat -- mastodon or discord or something -- at least for some shows. It's eclectic enough that it could be fun to connect with fans over weird song choices.

I realize the moderation would have to be pretty solid, as with all public servers.

maybe I'll start my own. :)

@cR0w seriously I would like it if 'the community' would just agree to have like, one day off a week where there were no new vuln disclosures or something.

We need like a Vulnerabilities Union or something, I guess.

Website	https://hugesuccess.org
GitHub	https://github.com/todb
OnlyFans	https://onlyfans.com/sudo_whoami
Jobby job	https://www.runzero.com/authors/tod-beardsley/
Callsign	KT0DBK
Pronouns	he/him