The script kiddie 🇫🇷

GNU InetUtils telnetd auth bypass By abusing USER='-f root' with telnet -a, attackers can get root shell without a password. A real old-school bugtraq-style issue. Advisory: openwall.com/lists/oss-secu…

TP-Link Tapo C200 IP camera: security analysis and exploitation by @evilsocket evilsocket.net/2025/12/18/TP-… #infosec #iot

The US government declassifying a PoC: #include<▇▇▇▇.h> int ▇▇▇_▇▇▇▇ { ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇ return ▇▇; } /* * ▇▇▇▇▇ ▇▇▇ * ▇▇▇▇▇▇▇ ▇ */

>"AI will take us to the future" >look inside >AI sends us back to 2015

@duborges So you mean the malware escaped the docker to infest the host ? I know running docker as root is not good but how to did it escape it ?

i've been hacked and traced the malware's wallet to see how much money they actually made from this new exploit (if you use Next.js/React, READ THIS!) I woke up to a terrifying email from Hetzner: "Netscan Detected." my server was blocked and a botnet was using my IP to attack others i dug into the logs and what I found the anatomy of the attack: 1) The Symptoms: I logged into htop and saw the mess: - CPU usage: 361% - A process named ./3ZU1yLK4 running wild - Random connections to an IP in the Netherlands my server wasn't serving my app anymore; it was mining crypto for someone else! 2) The Culprit: It wasn't a random SSH brute force. It was inside my Next.js container the malware was sophisticated it renamed itself nginxs and apaches to look like web servers it even had a "killer" script that hunted down other hackers' miners to kill the competition 3) The "Root" Cause (literally): Probably the recent React/Next.js CVE-2025-66478 exploit was the entry point (my project was running on "next": "15.5.4", behind cloudflare dns, but their recent fix didn't work apparently) but the fatal error was mine: my Docker container was running as ROOT Coolify deploys like this automatically when using Nixpacks, and I never changed it... so because of USER root, the malware could install cron, systemd, and persistence scripts to survive reboots meaning, it was able to infect my whole server, from a single Next.js docker! 4) The Forensics: I ran docker diff on the container - the hacker didn't just run a script, they installed a whole toolset.. - /tmp/apaches.sh (The installer) - /var/spool/cron/root (The persistence) - /c.json (The wallet config) 5) The Fix: I killed the container, scrubbed the host, and extracted the malware for analysis. but the real fix is in the Dockerfile. if you are deploying Node/Next.js, DO NOT use the default (root), you must: - RUN adduser --system nextjs - USER nextjs if you have Docker on ROOT and didn't update the exploited react version, you'll be hacked soon check your containers NOW. Run: docker exec id (or get the full list first: docker stats --no-stream) If it says uid=0(root), you are one vulnerability away from being a crypto-miner host. (it's easy to notice when hacked, it will be a command running on the top CPU%, using all your hardware resources) 6) The Money: I dug deeper and recovered the config file (c.json) - Wallet: A Monero (XMR) address: 831abXJn8dBdVe5nZ*** - Pool: auto.c3pool . org and ofc i tracked the hacker’s wallet on the mining pool 7) The Scale: My server wasn't alone. It was just 1 of 415 active zombies in this botnet they are burning the CPU of 400+ cloud servers... to earn... guess how many millions? $4.26/day on the image attached you can see: "Total Paid: 0.00", meaning this campaign just started. I caught them on Day 1. i also tracked back the server where they hosted the malware, and by inspecting the code, I found several comments in Chinese, so I guess that's their origin im rebuilding from scratch on a fresh VPS. the lesson was expensive, but at least I caught it before the hosting nuked my account permanently... PS: I have the IP for all the other machines mining with that malware, not sure how I can help them, but feel free to contact me if ur doing infosec stay safe

In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial exploit tools. Several other improvements were made based on our January 2024 vulnerability reports and proposals including an implementation of wiping data before rebooting when a wipe is triggered. We shipped an improved version of this for our duress PIN/password feature before the feature shipped for Android. We made massive improvements in GrapheneOS to defend against these attacks since January 2024. For ARMv9 devices, we greatly improved our hardware memory tagging implementation in hardened_malloc, deployed it for the Linux kernel allocators and greatly expanded the use of PAC and BTI across the OS. We replaced our decade old feature for blocking new USB peripherals while locked with a greatly expanded and far more secure feature. The new approach blocks USB-C connections and USB-C data at a hardware level with expanded software-based blocking as a fallback (#usb-c-port-and-pogo-pins-control" target="_blank" rel="nofollow noopener">grapheneos.org/features#usb-c…). We started deploying RANDSTRUCT for the kernel, which will eventually be used to have multiple possible struct memory layouts for each device model chosen randomly at boot. Our work on reducing kernel attack surface also continued. We plan to focus more on Linux kernel security going forward. Our locked device auto-reboot feature from 2021 was replaced with a more secure approach preventing bypasses via crashes (#auto-reboot" target="_blank" rel="nofollow noopener">grapheneos.org/features#auto-…). It also avoids chain reboots without introducing a security weakness which makes low timer values such as the minimum 10 minutes far more usable. We shipped our 2-factor fingerprint unlock feature planned since 2015 (#Two-factor-fingerprint-unlock" target="_blank" rel="nofollow noopener">grapheneos.org/features#Two-f…). It allows people to avoid reliance on secure element security with a strong passphrase while keeping convenience. Fingerprint + scrambled PIN also defends well against being recorded unlocking. Several more major improvements specifically against the physical data extraction attack vector are planned. Our next release adds an implementation of zeroing RAM at boot in the kernel to match what fastboot mode does. We also plan to add a toggle for essentially toggling off Device Encrypted data.

@TeamYouTube @ericparker You let Mr Beast lock some guy in a burning home and let Logan Paul meme a guy who hung himself in a forest BUT YOU REMOVE AN EDUCATIONAL VIDEO ON CYBERSECURITY?! WHO THE FUCK IS RUNNING THIS CLOWN SHOW BOO THIS MAN

@vxunderground Imagine needing the state to control your child phone

I received some criticism from ... parents ... maybe (?) regarding the recent European Union legislation stuff and "protecting children online". They stated large tech companies only need to see your identification once and then it is disposed of. Hence, providing them your identification isn't a concern. They stated my criticism is undue and my criticism reflects me myself personally not caring about children, or something. The retort to this is that you're placing trust into companies who have repeatedly for YEARS violated privacy laws with disregard to consumers. Google and Meta (Facebook, Instagram) being the largest offenders by a significant margin. Even your beloved Discord got caught not appropriately disposing of government identifications from their Zendesk customer support portal. Dawg, I'm sorry but you CANNOT place arbitrary faith into these large companies. They don't give a fuck about you. They don't give a fuck about your children. They don't give a fuck about your mental health or safety. They only thing they care about is money. Have you ever wondered why social media platforms are free yet some how continue bringing in billions of dollars a year? How is it these tech executives are billionaires, and paying their employees outrageous sums of money, despite not charging users? The answer: data You're the product. They sell what you do to other companies for analytics. If you provide them your government issued identification they will 100% find a way, a loophole, or straight up break the law, to increase their bottom line. They don't care. I dare you to lookup all the anti-trust laws Google and Meta have violated. It is absurd. The amount of laws they've broken borders on satire. These companies sometimes act like criminal enterprises (not literally, but seriously though, they have money and lawyers and don't give a fuck). Meta and Google unironically tracked women ON THEIR PERIODS for enhanced analytics to push better advertisements. They DO NOT care, dawg.

You're an imbecile. This won't stop anything. The kids on social media don't have parents who actually "parent". All they're going to do is find a bypass or convince their parent (or some other adult) to allow them access to the social media platform. You've just given large technology companies gold on a gold platter under the guise of helping children. Thank you for destroying the privacy of people all across the European Union and doing nothing to protect the kids. This is excellent work. Bravo.

We no longer have any active servers in France and are continuing the process of leaving OVH. We'll be rotating our TLS keys and Let's Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now. Our App Store verifies the app store metadata with a cryptographic signature and downgrade protection along with verification of the packages. Android's package manager also has another layer of signature verification and downgrade protection. Our System Updater verifies updates with a cryptographic signature and downgrade protection along with another layer of both in update_engine and a third layer of both via verified boot. Signing channel release channel names is planned too. Our update mirrors are currently hosted on sponsored servers from ReliableSite (Los Angeles, Miami) and Tempest (London). London is a temporary location due to an emergency move from a provider which left the dedicated server business and will move. More sponsored update mirrors are coming. Our ns1 anycast network is on Vultr and our ns2 anycast network is on BuyVM since both support BGP for announcing our own IP space. We're moving our main website/network servers used for default OS connections to a mix of Vultr+BuyVM locations. We have 5 servers in Canada with OVH with more than static content and basic network services: email, Matrix, discussion forum, Mastodon and attestation. Our plan is to move these to Netcup root servers or a similar provider short term and then colocated servers in Toronto long term. France isn't a safe country for open source privacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed. We don't feel safe using OVH for even a static website with servers in Canada/US via their Canada/US subsidiaries. We were likely going to be able to release experimental Pixel 10 support very soon and it's getting disrupted. The attacks on our team with ongoing libel and harassment have escalated, raids on our chat rooms have escalated and more. It's rough right now and support is appreciated.

@GrapheneOS Framing gOS as a dangerous OS used by criminals is just insane. As a journalist, your job should be to fight to preserve freedom and encourage people to use this kind of OS.

We were contacted by a journalist at Le Parisien newspaper with this prompt: > I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police? Are you aware that some of your clients might be criminals? And how does the company manage this issue? Absolutely no further details were provided about what was being claimed, who was making it or the basis for those being made about it. We could only provide a very generic response to this. Our response was heavily cut down and the references to human rights organizations, large tech companies and others using GrapheneOS weren't included. Our response was in English was translated by them: "we have no clients or customers" was turned into "nous n’avons ni clients ni usagers", etc... GrapheneOS is a freely available open source privacy project. It's obtained from our website, not shady dealers in dark alleys and the "dark web". It doesn't have a marketing budget and we certainly aren't promoting it through unlisted YouTube channels and the other nonsense that's being claimed. GrapheneOS has no such thing as the fake Snapchat feature that's described. What they're describing appears to be forks of GrapheneOS by shady companies infringing on our trademark. Those products may not even be truly based on GrapheneOS, similar to how ANOM used parts of it to pass it off as such. France is an increasingly authoritarian country on the brink of it getting far worse. They're already very strong supporters of EU Chat Control. Their fascist law enforcement is clearly ahead of the game pushing outrageous false claims about open source privacy projects. None of it is substantiated. iodéOS and /e/OS are based in France. iodéOS and /e/OS make devices dramatically more vulnerable while misleading users about privacy and security. These fake privacy products serve the interest of authoritarians rather than protecting people. /e/OS receives millions of euros in government funding. Those lag many months to years behind on providing standard Android privacy and security patches. They heavily encourage users to use devices without working disk encryption and important security protections. Their users have their data up for grabs by apps, services and governments who want it. There's a reason they're going after a legitimate privacy and security project developed outside of their jurisdiction rather than 2 companies based in France within their reach profiting from selling 'privacy' products. discuss.grapheneos.org/d/24134-device… Here's that article: archive.is/AhMsj

Massive shout-out to the local governments of New York, Hawaii, Louisiana, and the homies at the Supreme Court of California. It's 2025 and they're helping people get FREE ROBUX

Cs skin market 23.10.2025

amazon headquarters rn

@Aurelientache Au secours c’est quoi cette merde

🔴À Pékin, échange avec le porte-parole du ministère chinois des Affaires étrangères : menace japonaise, Taïwan, guerre commerciale US. Face à l’impérialisme version Trump, la France 🇫🇷 doit renforcer son partenariat avec la Chine 🇨🇳, engagée pour la paix et le multilatéralisme.

Danganronpa 2x2 (main game + additional story) announced, out 2026

Le montant final officiel de ce #ZEVENT2025 s'élève donc à 16 179 096€ au profit des soignants et des patients. Merci à tous pour votre énergie et votre générosité. 💚

Le Zevent récolte 900.000€ après 2 heures de live !

@freyafoxtv @RjeyTech To be fair I think both iOS and Graphene are good . It is just how you use Graphene that defines how secure is your setup . I also prefer a phone without any software from both apple and google

@freyafoxtv @RjeyTech Graphene is privacy AND security focused . Open source from titan m chip is also better than apple just not giving documentation for their chips (officially). Security != obscurity Graphene is also about limitating exposition surface with good granularity

Willingly choosing to buy an iPhone over this is insane, especially in 2025.