scriptjunkie (Matt)

@UK_Daniel_Card Excellent choices

I went for a bike ride & shitposted 🤣🤣🤣🤣 (I did more than this but the meme is too funny)

Wake me up when mythos can exploit bluekeep. 🥱 x.com/MyChickenNinja…

I'm never buying a calculator from the UK again 😭

This door in Westminster Abbey, London is: Older than the Incan empire Older than the Aztec empire Older than the Maori in NZ Older than the Zulu in SA Older than the Lakota in the Plains Older than Islam in India Older than the Turks in Turkey Older than Horses in America

Mullvad exit IPs are surprisingly identifying tmctmt.com/posts/mullvad-…

The npm ecosystem would be devastated, which would incidentally also solve our supply chain risks. And the Olive Garden CEO might be imprisoned for the rest of his life, which is perhaps fair for locking inexpensive oversized pasta dishes behind such a slow order site.

If your site takes 15 seconds to load or log in and has 100,000 user visits in a year, then the CEO should be mandated to spend 15*100k seconds, or 17 days in jail next year. Our time is now your time.

This is just... I barely even know what to say. This has to be one of the absolute worst (meaning: most incredibly ridiculous) vulnerabilities in a major vendor product in the last decade. Cisco's devs literally just forgot to invoke the authentication check.

One of the craziest quotes of all-time to put in an email

@weirdnik 🥲

@scriptjunkie1 I admire your spirit, but nobody has the grit to write a decent worm these days, even Shellshock didn't get one.

I appreciate everyone dropping linux privesc 0days in the current AI renaissance, but to really make it feel like the good ol days someone needs to drop a weaponized pre-auth SMB or RDP RCE. We haven't had a good Windows worm in AGES.

I feel the traditional "responsible disclosure" concept has been broken since its inception. you can argue that forcing everyone's hand by dropping (weaponized) bugs/exploits is reckless/harmful behavior or blablabla but I feel you have to keep in mind everyone's stakes/motivation in the game are different. one thing I guess we can agree on: people sit on bugs/exploits all the time. sometimes because ZDI promises a big bag of money at the end of the rainbow that magically evaporates and sometimes because they don't want to disclose these things and use them tactfully for their own advantage/goals. I've always felt forcing this acceleration will (hopefully) get the software landscape in better shape, faster. albeit in a messy way. the noise it creates however could be a good signal for people to get an idea of the overall security posture of a piece of software, as well as get a good idea of how a vendor handles disclosures that don't follow their made up fairytale non-enforceable policies. (that typically don't come with any kind of silver lining) back then, you could be damn sure that another horde of teenagers grep'd the same src tree for memcpy and was probably also sitting on an exploit. today the same applies, anyone can out-slop you producing the next linux LPE after brad tweets out a commit ID remember: as a researcher you don't own the vendor anything. you don't own the public anything either. if you did this work for free its yours to publish in whatever way suits your needs, agenda or overall quirkiness. :)

I just reverse engineered the YellowKey BitLocker bypass Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick. This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.

@lucasaganronald Paul will be out of his teens in 4 months, Gout in 19 months. That's a significant difference at that age. I don't think the training approaches are so far apart.

Today I listened to the interview of the biggest upcoming talent in athletics, 18-year-old Australian sprinter Gout Gout and he and his coach constantly repeated how slowly they approach his progression. Gout Gout: “It’s crazy to think about how you want to run as fast as possible but you don’t want to overload too much when you’re a teenager ‘cause then that messes up the rest of your career. Like, you know, you got all the time in the world.” His track coach Di Sheppard, said, “If I tried to make him super quick now, I’d break him. Can’t you have a sprinter’s approach to sprinting? Just the fact that he is a kid and has so much more physical development. Like he only really hit puberty in the last 12-18 months basically.” And now let’s compare it to 19-year-old Paul Seixas, who shows up in all the statistics and is one of the youngest to ride the Tour, and he already wants to go for GC. Paul Seixas: "I'm going for the General Classification. I'm not going to waste time in the first week chasing stage wins. That's where I'm going to gain a lot of experience.” “For now, I can't even imagine drawing a comparison to Tadej. I'm going to fight to be the best I can be and try to be on his level, even if it's only early in the Tour. But we'll see; nothing is impossible. I would rather be on the podium in Paris than win a stage or wear the yellow jersey.” “I need to work on threshold training in the coming weeks. I hope to be even better… and that will make a significant difference, particularly regarding my endurance. I am still very young… I can still make physical improvements.” I don’t say which approach is worse as we are speaking about two different sports and disciplines, I just found it interesting and I want to hear your opinion on it. 📷: paraic.hogan & jamesbungaphoto

Security is an economic decision. For a fixed cost, within @XBOW, which model has the best odds of crafting an exploit? GPT-5.5 > Mythos > Opus 4.6 on real OSS web vulns. Curves below.

CVE-2026-40361 (msrc.microsoft.com/update-guide/v…), patched today, is a critical 0-click UAF/RCE bug in Microsoft Outlook that I discovered back in Q1. You definitely want to patch this sooner rather than later. The danger of such 0-click bugs in Outlook is that they are triggered as soon as the victim reads or previews the email - no clicking of links or attachments is required. Since the bugs reside in Outlook's email rendering engine, it is difficult to mitigate or block (though specifically setting Outlook to render emails only in plain text format is a valid mitigation). Fun fact about the discovery: after the discovery of the #BadWinmail bug a decade ago, I wanted to run an experiment in Q1 to see if I could find another 0-click RCE in Outlook. The result? It wasn't easy — I even built a dedicated system for it — but I eventually found this one. :) To understand why such bugs are so critical, check out the #BadWinmail video demo I released a decade ago: youtube.com/watch?v=ngWVbc…. They share the same attack vector (though #BadWinmail was a working exploit, while this one was a PoC). Essentially, anyone could compromise a CEO or CFO just by sending an email. The threat perfectly bypasses enterprise firewalls and is delivered directly to the inbox. Furthermore, note that Outlook (Classic) lacks an application sandbox, making this attack vector even more dangerous. Regarding defense and detection: if you are concerned about Outlook 0-click 0-days, my EXPMON system (pub.expmon.com) provides cutting-edge detection against such advanced threats. When I designed the original system in 2020/2021, I developed this functionality specifically considering the impact of #BadWinmail. The system accepts .eml or .msg formats, and email samples are deeply tested within an Outlook sandbox. For enterprise users, emails can be "dumped" from the mail server, and EXPMON can be deployed in a private network. Contact me for more details. P.S. I just noted that the title of the Microsoft Security Update (msrc.microsoft.com/update-guide/v…) lists this as a Microsoft Word bug, which may or may not be entirely accurate. I demonstrated this bug to MSRC by showing that it works in a real, live Outlook + Exchange Server environment. My bet is that because the bug resides in wwlib.dll — a shared DLL used heavily by both Outlook and Word — it likely affects both Outlook (via email) and Word (via a document file). Regardless of the title, it is a genuine Outlook 0-click RCE. #CVE-2026-40361 #PatchTuesday #Outlook #0click #EmailSecurity #EnterpriseSecurity #expmon #ThreatIntel #ExploitDetection

Two new 0days - Bitlocker bypass and CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability x.com/ChaoticEclipse…

I don't know which answer is worse. 😅

@velofacts These guys on a rest day. Man. I need some more w/kg

Some rest day efforts. #dailystrava

Scoop: Chinese Professor Sues Southern Methodist University (@smu) over Discrimination by Indian Professors "The Accounting Department granted tenure to 100 percent of Indian-origin candidates, while denying tenure to 100 percent of non-Indian candidates." link in comment 👇