Socialk@s

The world's fastest Android/DEX decompiler (garlic by @neocanable ) meets radare2 ( @radareorg ) 🔥 github.com/radareorg/r2ga…

‼️🚨 One of the world's largest Certificate Authorities, DigiCert, was compromised by a malicious screensaver file sent through a customer support chat. Their antivirus blocked the malware four times. The agent kept clicking. The fifth try got through. 27 code signing certificates were stolen and used to sign malware. DigiCert ultimately revoked 60 certificates. Per DigiCert's incident report, filed in Mozilla's CA compliance tracker as Bug 2033170, here is how it unfolded: April 2: an attacker contacted a DigiCert helpdesk agent through the company's customer support chat channel, posing as a customer. The lure was a zip file pitched as a screenshot. Inside the zip was a .scr file. On Windows, .scr files are executables, and this one carried a malicious payload. Opening a file a customer sent through the official support channel is what an agent is supposed to do. Support staff are the one role designed to accept files from strangers. DigiCert's endpoint security blocked four infection attempts. On the fifth, the support analyst's machine was infected. DigiCert detected the infection, ran an investigation, and concluded the incident was contained. Eleven days later, an external researcher tipped DigiCert off about misuse of DigiCert-issued code signing certificates in the wild. That tip led to the discovery of a second compromised machine, belonging to a different support analyst, infected through the same vector. The EDR on that machine had not been functioning correctly, so the original investigation missed it. The second machine gave the attacker access to DigiCert's internal support portal. That portal lets support staff reach limited views of customer accounts, including initialization codes for ordered but not-yet-issued code signing certificates. Combining a stolen initialization code with an approved order let the attacker pull a real, validly issued code signing certificate. They did this 27 times. DigiCert's own list of what went wrong: - File-type filtering on the customer support chat channel did not catch the .scr - EDR coverage was inconsistent and incomplete, creating a blind spot - Initialization codes for code signing certificates were not adequately protected DigiCert says it got lucky. An outside researcher found the malware abuse before DigiCert did. Without that tip, the second machine and the active certificate theft might still be running today.

BREAKING: CTF players rejoice worldwide as linux privesc suddenly becomes super easy. copy.fail

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail Write-up: xint.io/blog/copy-fail… GitHub: github.com/theori-io/copy… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

RFID hacking community in 2026: * Still cloning employee badges in 0.8 seconds * Companies still using 125kHz like it’s 2005 * Me, explaining to security teams that their $40k access control is worth about tree fiddy We’re not the villains, we’re the unpaid penetration testers. Change my mind. #RFID #Hacking #CyberSec

Meanwhile in Bug Bounty: AI slop bug reports overflowing vendors. Vendors can't handle the slop. Slop code, slop exploits, and slop write-ups result in vendor exiting program. AI slop is choking Bug Bounty

The latest Proxmark3 release is called BREAKMEIFYOUCAN! Not a random name. That is the actual 3DES factory default key NXP burned into every MIFARE Ultralight C they shipped since 2008. Somebody finally broke it properly. The paper drops the keyspace from 2^112 down to 2^28. Counterfeit cards fall in under 60 seconds from a single card interaction. The tooling is merged: github.com/RfidResearchGr… #Proxmark3 #RFID #NFC #MifareUltralightC #NXP #OpenSource

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread

HWInfo and CPU-Z both compromised. Millions about to be PWNED! CPU Z: hybrid-analysis.com/sample/eff5ece… HW Monitor: hybrid-analysis.com/sample/4968501…

30 centimetres. That's the read range of a typical LF badge reader. That's also the distance between your badge and a stranger standing next to you on the tube. A concealed reader. One commute. Done. You never felt it. The reader never flagged it. Your credential is gone. Faraday sleeve: £3. Replacing your access control system: $200,000. Pick one. #RFID #LF #PhysicalSecurity #RedTeam #AccessControl github.com/RfidResearchGr… @iceman1001" target="_blank" rel="nofollow noopener">youtube.com/@iceman1001

Oh this is clean. A searchable, filterable RFID attack reference. HID Prox, MIFARE, EM4100, animal tags, organized by frequency AND tool (Proxmark, Flipper, Chameleon...). This is the cheat sheet that used to live in your notes app. Bookmark it! you'll thank yourself on your next physical engagement. redteam.vip/ram-rfid-attac…

We've been tracking public CVEs where AI-generated code introduced the vulnerability. vibe-radar-ten.vercel.app 50k+ advisories scanned. Dozens of confirmed cases so far. Claude Code, Copilot, Cursor, and others all show up. Common bug classes include XSS, command injection, SSRF, and path traversal. And these are just the cases that leave metadata traces. The real number is almost certainly higher. Open source, from Georgia Tech SSLab: github.com/HQ1995/vibe-se…

I've open sourced my #radare2 Python script for parsing .gopclntab and recovering function symbols from Go binaries, including fully stripped ones. Supports ELF, Mach-O, and PE across Go versions 1.2, 1.16, 1.18, and 1.20+ github.com/AsherDLL/r2gop… I hope you find it useful.

EXCLUSIVA El Mundo del Spectrum 💥 Descubrimos PROYECTO PALOMA, el visionario trabajo al que Paco Menéndez dedicó sus últimos años de vida. elmundodelspectrum.com/descubrimos-pr…

@Bcnsingular Estem resistint amb penes i treballs en aquesta petita llibreria de #segonamà . Si ens podeu ajudar a difondre de tant en tant..., pengem un llibre cada dia però tenim pocs seguidors... Gràcies!!!

BOMBA: @som3cat estrenarà el canal temàtic '3Cat Anime' per celebrar i descobrir l’anime amb el @DoblatgeCatala. Entre les propostes, el retorn de 'Conan, el nen del futur', 'Cavallers del Zodíac' o 'Neon Genesis Evangelion'. Feu-ne difusió perquè ho sàpiga tothom.

95% of ATM transactions go through COBOL code.

Pues ya está aquí. Ya tienes el número 1 de la cuarta Época de #MICROMANÍA disponible para reservar, con envíos a partir del 16 de marzo y por riguroso orden de encargo. La podrás conseguir en tres ediciones diferentes: ✅ Papel + Digital ✅ Papel ✅ Digital Podrás suscribirte para recibirla automáticamente cada dos meses y despreocuparte de cuándo están disponibles los siguientes números, aquí: tienda.hechoconpixels.com/producto/micro… O comprarla por separado, aquí: tienda.hechoconpixels.com/producto/micro… @jlsanzf @marcostheelf @MM_Micromania @HechoconPixels @MicroHobbyPapel

@MicroManiaPapel Todavía quedan buenas noticias por leer vía X de tanto en tanto 😀

Sí, estamos tan emocionados como vosotros. A partir de esta próxima noche, 15 de febrero a las 0:00h., podréis reservar ya vuestro ejemplar de #MICROMANÍA en nuestra tienda online: tienda.hechoconpixels.com Que el día de San Valentín no os nuble el juicio. Lo primero es lo primero... osea el retro. ¿No?😂 ¡Y Feliz día de los enamorados! 💝