Krypton
51 posts
Krypton
@kkrypt0nn
Cloud Engineer | Security enthusiast & researcher | Developer
$rax Katılım Eylül 2018
46 Takip Edilen78 Takipçiler
@kkrypt0nn NGINX users should update regardless, as the vulnerability can still enable DoS.
English
‼️🚨 MAJOR IMPACT: AI just found an 18-year-old NGINX critical remote code execution vulnerability. It has been disclosed on GitHub including PoC code.
- Affects NGINX 0.6.27 through 1.30.0
- Triggered via the rewrite and set directives in config
- Update NGINX ASAP
- NGINX is a widely used HTTP web server, be sure to check its prevalence in other products
English
Don't disable ASLR
Zhenpeng (Leo) Lin@Markak_
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at depthfirst.com/nginx-rift
English
Hard to patch if there's no patch. It's a 0day, and thank you for that.
Blocking the module has some more side-effects than the ones described, see openwall.com/lists/oss-secu…
I call that irresponsible disclosure, change my mind.
Xint@xint_official
Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail…
English
Can we please also get RHEL 14.3 - you guys seem to be 4 major versions in advance 🙏
Xint@xint_official
Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail…
English
@vxunderground > RHEL 14.3
Did the LLM code a special futuristic version of RHEL? (access.redhat.com/articles/red-h…)
Also ubuntu.com/security/CVE-2… may help to see what Ubuntu versions effectively are affected
English
CVE-2026-31431 a/k/a CopyFail
> Linux LPE
> Description sounds like AI slop
> Exploit is legit
> Impacts every Linux kernel from 2017 - Now
> Proof-of-concept released
> It's Wednesday?
copy.fail
English
@DarkWebInformer Hey there! Just wanted to thank you for sharing my repository, it gained quite a few stars from it :D
English
It's that time again! Participate in our 2025 Reverse Engineering Survey to win free admission to RE//verse 2026, a free Binary Ninja license, or many other great prizes!
binary.ninja/survey/
English
Had an amazing time at @1ns0mn1h4ck, perfectly organized as always 🔥
Favorite talk was probably @ElykDeer's one about the Tantō plugin for @vector35 Binary Ninja 🥷
English
What's quite concerning is not only what @evilsocket found out. The fact that there's something going around at VINCE which leads to people having access to vulnerabilities people report using the "responsible" disclosure path..
Amazing research btw. Ignore the hate, keep it up
English
@I_AM_NO_LEGEND 👋 It's pretty hard to answer that, security is a pretty wast area and has lots of subtopics which may interest you more than others. There's a link - github.com/DFIRmadness/5p… - I like, though at some point you will have to find something more specific and targeted you enjoy :D
English
@kkrypt0nn
Hello, I’m interested in getting into cyber security and I would appreciate any help you can offer. Do you have any guidelines, courses, or resources that you can recommend? Thank you in advance for your help.
English
@evilsocket On mobile you can click on the verified checkmark on the profile, then it says whether or not they have it because of the subscription, kind of workaround for mobile
English
Cool, by using the Veryfied extension I now get to see who was actually verified (two badges or green only if they lost the verification because they didn't pay) and who just paid for it (white badge only).
English
@JonathanHeindl @overshield @LiveOverflow "a 4 year old video"
It shows only the last 365 days in the graph. Same for the view counter those are the views of the last 365 days, not since the video was published.
Though I'd also be interested which one it is
English
@overshield @LiveOverflow Probably this one (early 1 year ago candidates and has quite a few views ) youtu.be/8C7ouESJyfM
YouTube
English
Algorithm Gods blessed a 4 year old video with a spike 🙏
Please help and send more thoughts and prayers 😊
English
@evilsocket @dfsec_com Congrats! Hope you will enjoy your time there 😎
English
Personal news - after my sabbatical is over in a few weeks, I'll join Dataflow Forensics (newborn sister of @dfsec_com). I'm excited and honored to join such a top notch team, it is really a dream come true. Looking forward to learning and bringing my ideas to the table. 🎉
English