Mangel Sánchez

Nuevo post sobre Microservicios. Daremos un "breve" repaso a algunos conceptos sobre microservicios, cómo funcionan, cómo se comunican entre ellos, ventajas, inconvenientes... y mucho más! link.medium.com/rSNRZQngU7 #arquitectura #software #microservicios #programación

‼️🚨 UPDATE: The TanStack npm attack is now a full campaign. 'Mini' Shai-Hulud has hit: - OpenSearch - Mistral AI - Guardrails AI -UiPath - Squawk packages across npm and PyPI The malware specifically targets AI developer tooling. It hooks into Claude Code (.claude/settings.json) and VS Code (.vscode/tasks.json) to re-execute on every tool event, long after the infected package is gone. npm uninstall does not fix this.

Not exactly the type of nurse you would want to find in the fog.... Happy International Nurse Day! #SILENTHILL

❗️ Linux is having a brutal week. Another local to root privilege escalation vulnerability just dropped: "Copy Fail 2: Electric Boogaloo." This is the third Linux LPE in a row, after Copy Fail and Dirty Frag. The PoC is public on GitHub. There is still no coordinated patch. openwall.com/lists/oss-secu…

⚠️ El "313 Team" tiene Ubuntu.com fuera de servicio con un DDoS y un intento de extorsión a Canonical. A la vez, circula un exploit público de Copy Fail: 732 bytes de Python para conseguir root en casi cualquier Linux. Sin repos no hay parche. Y el reloj corre.

Es tan real que hasta molesta 😂

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

INFILTRADO EN EL REAL STATE Ayer se emitió “Se Nos Ha Ido De Las Manos”, un programa documental donde retratamos desde dentro la locura del mercado inmobiliario, donde el beneficio económico manda por encima de todo. #TamayoVivienda

@SocketSecurity This is a daily occurrence at this point

🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline. We’ll continue updating our coverage as more details are confirmed. socket.dev/blog/bitwarden…

Anthropic's Mythos has been accessed by a small group of unauthorized users, raising questions about control of the AI model bloomberg.com/news/articles/…

Lovable has a mass data breach affecting every project created before november 2025. I made a lovable account today and was able to access another users source code, database credentials, AI chat histories, and customer data are all readable by any free account. nvidia, microsoft, uber, and spotify employees all have accounts. the bug was reported 48 days ago. its not fixed. They marked it as duplicate and left it open.

Jose Ramon Perez Aguera, CTO/CPO de @Mercadona Tech, sobre cómo reemplazaron Algolia (€9-15k/mes) por un desarrollo propio para la web de Mercadona 29 decisiones técnicas que la IA no tomó. Las tomó un equipo con experiencia. El resultado: +85% de mejora en ranking, 0% búsquedas sin resultados (antes 4%), y de $9-15K/mes a menos de $900/mes.

Desde que EEUU tomó el control del petróleo venezolano, ya no te acuerdas de Maduro. Hoy, de la nada, no sabes cómo ni por qué te comenzó a caer mal Petro; en un tiempo odiarás a Lula de la nada. Tranquilo, no es que seas un idiota manipulable, sólo eres un librepensador 👍

Que pena que no quiera asistir a la tradicional declaración de la renta

> rebase

Ya echaba yo de menos a esta gente!!!

¿Recordáis la turra que dio la derecha cuando la izquierda dijo que las protestas de Irán estaban promovidas por el Mossad y EEUU? ¿Lo recordáis?

Jueves santo: The Great War Viernes santo: Death By A Thousand Cuts Sábado santo: …Ready For It? Domingo de Resurrección: Look What You Made Me Do

La persona que inventó el tabaco:

No pienso en irme de esta red social nunca 😂😂