Joshua Rogers

Trivy got popped again lol opensourcemalware.com/repository/htt… #diff-7c91aaa231c9799967299bd573925eaa0e310a4274e57a39bf3bf8930aa278c2R79-R81" target="_blank" rel="nofollow noopener">github.com/aquasecurity/t… #diff-1243c5424efaaa19bd8e813c5e6f6da46316e63761421b3e5f5c8ced9a36e6b6R116" target="_blank" rel="nofollow noopener">github.com/actions/checko… "scan.aquasecurtiy.org" and using @rauchg as the committer is kinda op

@julianor @thegrugq zeropath.com/blog/sudo-bug-…

@julianor @thegrugq it also found a RCE in sudo's .. logging server:). but I never got around to writing about it (more info somewhere on sudo.ws/releases/devel/)

Sudo bug exploited by CrackArmor independently discovered by AI Fail open: a system, upon experiencing a failure, defaults to an unlocked state. "make a setuid(), setgid() or setgroups() failure fatal. Found by the ZeroPath AI"

@halvarflake @HostileSpectrum feel free to reach out if you're around. one of the best places in the world imo.

@HostileSpectrum I'm going on vacation there end of march, want to join? :)

How many signals must be given before the Taiwan crisis is seen as a present matter, not merely some future maybe? Chaoyang being as explicit in new threats as any warrior, let alone diplomat, ever could be.

joshua.hu/firefox-making… Making Firefox's right-click not suck, even more, with userChrome.css. I explain how to get rid of the useless “Bookmark Link…” “Save Link As…” “Email Image…” “Set Image as Desktop Background…” “Bookmark Page…” and so on.

incredible that we built all this RAG and vector database stuff and it turns out that grep from 1973 works better than all that

@Frichette_n Big agree. But the fact of the matter is that the low hanging fruit is just as fruitful as the really sophisticated stuff, there's no point to even waste time with the hard stuff. State of security lol

Researching supply chain threats is goofy because you’ll find a clever technique, be impressed by it, and think “wow, for once an attacker in the wild is doing something smart”, and then you dig into it more and it’s a researcher at Trail of Bits 😂

ransomware

alright, he got me

Making Firefox's right-click menu bar not absolutely fucking suck with some settings in about:config joshua.hu/firefox-making…

aisle.com/blog/aisle-fin… Multiple vulnerabilities in Amazon's crypto / tls stack.

technocreto

“How should cybersecurity companies do marketing?” Just look at @HuntressLabs and @ThinkstCanary: - hire fantastic people - publish blog posts to show off real, nuanced research - no theatrical clickbait bs - don’t put lamp shades on heads - word of mouth does the rest

aisle.com/blog/firefox-w… Firefox WebRTC GMP H.264 heap overflow via short EncodedImage (CVE-2026-2757)

Tongji