Reposted
Reposted
Don’t look down.
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
December 22, 2025 at 3:39 PM
Don’t look down.
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
La torcia olimpica sta attraversando un paese senza neve.
I dati del CIMA ci dicono che ad oggi manca quasi il 60% della neve sulle nostre montagne, con punte del 77% in Sicilia (bacino del Simeto, quindi Etna) e del 67% in Calabria. 1/7
Reposted
While cleaning a storage room, our staff found this tape containing #unix v4 from Bell Labs, circa 1973
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
November 6, 2025 at 8:50 PM
While cleaning a storage room, our staff found this tape containing #unix v4 from Bell Labs, circa 1973
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
Apparently no other complete copies are known to exist: https://gunkies.org/wiki/UNIX_Fourth_Edition
We have arranged to deliver it to the Computer History Museum
#retrocomputing
Reposted
A story I found about Haiti:
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
December 18, 2025 at 2:43 AM
A story I found about Haiti:
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
In 1999, a group of Haitians were tired of political disorder and dreamed of a better life in the United States. So they built a small, 23-foot boat by hand using pine trees, scrap wood, and used nails. They called the boat "Believe in God."
Reposted
Feels like CVE-2025-64512 is underrated. It can literally be used to run arbitrary code in markitdown (84k ⭐️ on GitHub) and other projects, ingesting a crafted file.
github.com/luigigubello...
github.com/luigigubello...
December 12, 2025 at 9:21 AM
Feels like CVE-2025-64512 is underrated. It can literally be used to run arbitrary code in markitdown (84k ⭐️ on GitHub) and other projects, ingesting a crafted file.
github.com/luigigubello...
github.com/luigigubello...
Reposted
{\__/}
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
GitHub - luigigubello/logseq-unpatched-vulnerabilities: Two undisclosed and unpatched vulnerabilities (no CVEs) in the Clojure project Logseq.
Two undisclosed and unpatched vulnerabilities (no CVEs) in the Clojure project Logseq. - luigigubello/logseq-unpatched-vulnerabilities
github.com
December 5, 2025 at 4:48 PM
{\__/}
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
( • . •)
/ > 🎁 luigigubello/logseq-unpatched-vulnerabilities
Reposted
my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 4, 2025 at 2:03 PM
my new blogpost is out!!
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration
and i've already used it to get a google docs bounty ^^
have fun <3
lyra.horse/blog/2025/12...
cool folks doing cool stuff - do not miss out!
@shielder.com security researchers Davide and Pietro will be presenting on their audit of OpenEXR next Tuesday, 13:00 CST. Join to hear about how a team at the top of their game is auditing high-value targets used in a billion dollar industry.
RSVP here: luma.com/ir16fuig
RSVP here: luma.com/ir16fuig
Security Audit of OpenEXR · Luma
Description
Join security researchers Pietro and Davide from Shielder as they take us through a source code security audit of the Academy Software Foundation's…
luma.com
November 24, 2025 at 3:59 PM
cool folks doing cool stuff - do not miss out!
Reposted
this would be a perfect photo of the sun, if only some guy hadn't gotten in the way 🔭
November 14, 2025 at 9:07 PM
this would be a perfect photo of the sun, if only some guy hadn't gotten in the way 🔭
Reposted
Tanto per esserne chiari: l'attuale traiettoria, considerando le politiche di mitigazione annunciate e messe in atto, ci porterà verso un sontuoso +2.7 °C nel 2100.
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
November 12, 2025 at 10:31 AM
Tanto per esserne chiari: l'attuale traiettoria, considerando le politiche di mitigazione annunciate e messe in atto, ci porterà verso un sontuoso +2.7 °C nel 2100.
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
La fine di questo secolo è ad appena 75 anni di distanza, moltissimi bambini nati negli ultimi anni saranno lì...
Reposted
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
github.com
November 10, 2025 at 9:39 AM
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
Reposted
Reposted
Attending #theSAS25? Meet @paupu.bsky.social for his PAM pwnage talk!
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
Ready for #theSAScon25 in Khao Lak 🇹🇭 🌴 Ping me if u wanna say hi!
October 26, 2025 at 3:56 PM
Attending #theSAS25? Meet @paupu.bsky.social for his PAM pwnage talk!
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀
Reposted
all the anxiety human evolution developed to help me spot bears now kicks in when i have to answer emails
October 19, 2025 at 3:42 AM
all the anxiety human evolution developed to help me spot bears now kicks in when i have to answer emails
Reposted
In space news, astronomers have not just confirmed but photographed the existence of a black hole pair finding two in a locked 12 year orbit of each other www.utu.fi/en/news/pres...
Scientists capture an image of two black holes circling each other for the first time
For the first time, astronomers have managed to capture a radio image showing two black holes orbiting each other. The observation confirmed the existence of black hole pairs.
www.utu.fi
October 10, 2025 at 4:27 PM
In space news, astronomers have not just confirmed but photographed the existence of a black hole pair finding two in a locked 12 year orbit of each other www.utu.fi/en/news/pres...
Reposted
Dr. Jane Goodall filmed an interview with Netflix in March 2025 that she understood would only be released after her death.
October 5, 2025 at 9:08 AM
Dr. Jane Goodall filmed an interview with Netflix in March 2025 that she understood would only be released after her death.
Reposted
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
October 4, 2025 at 10:39 AM
pagedout.institute ← we've just released Paged Out! zine Issue #7
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
pagedout.institute/download/Pag... ← direct link
lulu.com/search?page=... ← prints for zine collectors
pagedout.institute/download/Pag... ← issue wallpaper
Enjoy!
Please please please share to spread the news - thank you!
Reposted
Heads up to anyone doing #mobile #reverseengineering and #penetrationtesting: I've just ported my @NowSecure #frida instrumentation scripts (#ios and #android) to Frida 17, which introduced some breaking changes in the API.
The original, battle-tested scripts from 2017 are preserved as release […]
The original, battle-tested scripts from 2017 are preserved as release […]
Original post on infosec.exchange
infosec.exchange
October 3, 2025 at 7:27 AM
Heads up to anyone doing #mobile #reverseengineering and #penetrationtesting: I've just ported my @NowSecure #frida instrumentation scripts (#ios and #android) to Frida 17, which introduced some breaking changes in the API.
The original, battle-tested scripts from 2017 are preserved as release […]
The original, battle-tested scripts from 2017 are preserved as release […]
Reposted
No Other Land su Rai3 il 7 ottobre prossimo.
Segnare, passare parola, guardare e far guardare a parenti, amici complici amanti, vicinato, colleghi di lavoro e compagni di sbronze.
Segnare, passare parola, guardare e far guardare a parenti, amici complici amanti, vicinato, colleghi di lavoro e compagni di sbronze.
September 25, 2025 at 4:46 PM
No Other Land su Rai3 il 7 ottobre prossimo.
Segnare, passare parola, guardare e far guardare a parenti, amici complici amanti, vicinato, colleghi di lavoro e compagni di sbronze.
Segnare, passare parola, guardare e far guardare a parenti, amici complici amanti, vicinato, colleghi di lavoro e compagni di sbronze.
Reposted
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
September 2, 2025 at 7:59 PM
📢 It's here! Part 2 of Norbert Szetei's (@73696e65.bsky.social) research into ksmbd. See how customized fuzzing & the appropriate sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
blog.doyensec.com/2025/09/02/k...
#doyensec #appsec #security
Reposted
At long last - Phrack 72 has been released online for your reading pleasure!
Check it out: phrack.org
Check it out: phrack.org
August 18, 2025 at 9:33 PM
At long last - Phrack 72 has been released online for your reading pleasure!
Check it out: phrack.org
Check it out: phrack.org
Reposted
who called it a Kubernetes penetration test and not a clusterfuck
August 15, 2025 at 4:47 PM
who called it a Kubernetes penetration test and not a clusterfuck