Lightnews — Scholar-powered news

Julien | MrTuxracer @mrtuxracer.bsky.social · 17d

Nah, it's only been a very vivid fever dream. It never happened, for sure 😬

When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security

Julien | MrTuxracer @mrtuxracer.bsky.social · 17d

Btw, here's the write-up about the cookie forgery for your pleasure 😉

www.rcesecurity.com/2025/09/when...

When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security

1 1 3

Reposted by Julien | MrTuxracer

RCE Security @rcesecurity.com · 17d

Another day, another Remote Code Execution (and its 3 friends).

Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security

www.rcesecurity.com/2025/09/when...

1 3 4

Julien | MrTuxracer @mrtuxracer.bsky.social · Aug 30

Gosh, why the heck?!

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 29

Remember I wanted to drop more bugs (Pre-Auth RCE, Cookie Forgery etc.) in June?

Unfortunately, I had to postpone the disclosure because there are still too many vulnerable instances online and the vendor apparently needs to manually patch each one... 🤦‍♂️

#BugBounty #security

6

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 22

I‘d say it’s gonna be option one 🤪 Norway is one of the most beautiful countries on this planet 👌

Privacy, Proton and Pentesting

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 13

"We take our freedom for granted. It’s better to pay the price of convenience and take back ownership of your data."

This is it 💯

#privacy

Ciarán Cotter (monke) @monke.ie · Jul 11

🐵 MonkeHacks #71
Privacy, Proton and Pentesting

#bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks...

MonkeHacks #71

monke.ie

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) - Help Net Security

Reposted by Julien | MrTuxracer

Help Net Security @helpnetsecurity.com · Jul 11

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)

📖 Read more: www.helpnetsecurity.com/2025/07/11/c...

#cybersecurity #cybersecuritynews #exploit #filesharing @censys.bsky.social @rcesecurity.com @mrtuxracer.bsky.social

Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server.

www.helpnetsecurity.com

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10

Yeah, I mean it really depends how you’re using it. Personally, Notion was more of an overpriced idea dump with project management for me. So switching it to Stackfield wasn’t that much of a change 🤷‍♂️

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10

Although self-hosted Obsidian would do it too 👍

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10

I‘m abusing my Stackfield instance for that 😏

Homepage | European Alternatives

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10

In terms of that, big shout-out to @proton.me for their stance on #privacy and for their Mail/Drive/Pass products that are a perfect alternative to some of these products! Cheers guys! Appreciate your hard work!

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10

I am a huge fan of the #BuyFromEU movement! So far, I've ditched a lot of US stuff already, including Microsoft, Dropbox, 1Password, Notion, Grammarly, Amazon, Slack, and Google.

This helped a lot: european-alternatives.eu

We help you find European alternatives for digital service and products, like cloud services and SaaS products.

european-alternatives.eu

Homepage | European Alternatives

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 10

I am a huge fan of the #BuyFromEU movement! So far, I've ditched a lot of US stuff already, including Microsoft, Dropbox, 1Password, Notion, Grammarly, Amazon, Slack, and Google.

This helped a lot: european-alternatives.eu

We help you find European alternatives for digital service and products, like cloud services and SaaS products.

european-alternatives.eu

3 4 11

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 9

Good that @proton.me has this feature already 👌

proton.me/support/mail...

Managing newsletters in Proton Mail | Proton

Learn how to easily manage email subscriptions in Proton Mail’s newsletters section. Unsubscribe, organize, and declutter your inbox in just a few clicks.

proton.me

4 50

Julien | MrTuxracer @mrtuxracer.bsky.social · Jul 3

Here's an update to the blog post about CVE-2025-47812, which now includes a way to leak a user's password (CVE-2025-27889), but requires a bit of social engineering.

#security #BugBounty

RCE Security @rcesecurity.com · Jul 3

We've just updated our latest blog post about CVE-2025-47812 to include another disclosure that went a little under the radar but could be used to leak a user's password: CVE-2025-27889.

#security #BugBounty

www.rcesecurity.com/2025/06/what...

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security

6

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 30

As promised! Here's a root/SYSTEM-level RCE (aka CVE-2025-47812) affecting Wing FTP Server in versions before 7.4.4.

Enjoy 🥷

#security #BugBounty

RCE Security @rcesecurity.com · Jun 30

During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling.

#security #BugBounty

www.rcesecurity.com/2025/06/what...

1 6

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 30

I'll publish 4 CVEs later today, including one unauthenticated Root/SYSTEM-level RCE.

I'm a bit nervous, TBH, because it potentially affects 15k systems on the internet. But, according to the vendor, most instances should've been updated already 😬

6

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 25

I don’t know why, but this has some very strong jonathandata vibes 😬

1 3

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 14

A missing SPF record chained with sending an email leading to critical content injection? 🤯

1 2

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 11

Yeah, I love him too!

2

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 10

Yep, he does this stuff 👍

2 2

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 6

❤️

Julien | MrTuxracer @mrtuxracer.bsky.social · Jun 6

Totally understandable 😬

It caused a long sequence of WTFs on my face when I found it.