Jimbow

25.2K posts

Jimbow

@ukjimbow

IT Security, Network, Web App, Mobile App Pentester. F1 and Arsenal FC fan.

London, England Katılım Şubat 2009

730 Takip Edilen581 Takipçiler

Jimbow retweetledi

Clandestine@akaclandestine·23h

🚨 Critical Linux Kernel Vulnerability Alert Qualys has disclosed ssh-keysign-pwn: a 6-year race condition in __ptrace_may_access() that lets unprivileged local users read root-owned files. A privileged process (e.g. ssh-keysign or chage) opens sensitive FDs. During do_exit(), after exit_mm() (mm=NULL) but before exit_files(), pidfd_getfd() can steal those FDs. Impact: • Theft of host SSH private keys → real impersonation & MitM risk until keys are rotated • Full read access to /etc/shadow → offline password cracking Affected: All kernels before 31e62c2ebbfd (May 14, 2026) — Ubuntu, Debian, Arch, CentOS, Raspberry Pi OS and more. Immediate action required: Apply the kernel patch NOW. 🔗 PoC: github.com/0xdeadbeefnetw… 🔗 Patch: git.kernel.org…/31e62c2ebbfd 🔗 Full analysis: Phoronix & Qualys oss-security #LinuxSecurity #KernelVulnerability #CyberSecurity #InfoSec #OpenSSH #PrivilegeEscalation #ThreatIntelligence #Linux #CyberThreat #PatchNow

English

192

651

65.8K

Jimbow@ukjimbow·1d

@UK_Daniel_Card Ha, nice one!!

English

mRr3b00t@UK_Daniel_Card·1d

👀👀👀👀👀 Alex has been on this like a hawk!

Alex Greenland@ajrgd

SCOOP: Within the last hour, Wes Streeting's leadership campaign website wesforleader.com now redirects to his personal constituency site wesstreeting.org, landing on his About Me page (wesstreeting.org/about). His personal site has no details on his widely expected Labour leadership bid. It appears to be a calculated move to hide the campaign site while he finalises his leadership bid and secures sufficient endorsements. Wes resigned as health secretary just before 1pm on Thursday, but as yet, he has not publicly announced his intention to run for Labour leader and prime minister. This removal action is also likely to be a response to the noteworthy campaign details I discovered and exclusively reported being disclosed in site metadata. This redirection adds to the wealth of growing evidence that wesforleader.com is official and authorised by Wes for his leadership campaign. -- There is, however, a notable flaw in the manner that Wes's team have removed the site from public view. It is not a takedown; it is really just concealed from your average user. The redirect is unconventional as it is not a 3xx server-side redirect, but is performed on the client side, once the site has loaded. This means campaign HTML and metadata continue to be delivered to the user's browser, and the information remains inspectable by clicking "view page source".

English

1.4K

Jimbow@ukjimbow·3d

@BigIsk @TrekMovie Agree!

English

Tim Iskra@BigIsk·3d

@TrekMovie "The Inner Light", one of the best episodes ever.

English

599

TrekMovie.com@TrekMovie·3d

Happy birthday to Richard Riehle, the prolific character actor who played 3 different roles on Star Trek: He was Seamus in Voyager's Fairhaven program, Batai in TNG's "The Inner Light," and Jeremy Lucas in Enterprise's "Cold Station 12" and "The Augments." #StarTrek

English

690

88.9K

Jimbow retweetledi

Connor Humm@TikiTakaConnor·6 May

Arsenal weren’t manufactured by an oligarch or bankrolled by a state, they earned every bit of it the right way, and that’s why it means so much more during these moments of joy. They stuck by the manager and these are the rewards. Classiest club, forever and always.

English

543

1.5K

9.6K

1.4M

Jimbow retweetledi

Rachel Tobac@RachelTobac·4d

Whoa, Instructure (who owns Canvas) says they came to an agreement with the cyber criminals (typically this means a ransom was paid) in exchange for the stolen data being deleted instead of leaked and criminals ceasing all extortion requests from customers. Huge development.

Rachel Tobac@RachelTobac

Canvas is hacked and stressing out 230+ Million students, teachers and staff during finals. What does this mean and how do we stay safe? What are the next steps for the 8,800 affected schools during finals. Answered below in my video:

English

203

1.8K

241.8K

Jimbow@ukjimbow·6 May

@DarrenArsenal1 @afcDW Because you "believe" :)

English

238

Darren@DarrenArsenal1·6 May

@afcDW I booked in November Havent a clue why i did so early But i did!

English

4.9K

Dan Critchlow@afcDW·6 May

The “how do we get there, I don’t know” in the Budapest chant is always so appropriate for Champions League finals. In my case I’m getting an overnight train arriving the morning of the game, booked last week because I believe in the boys.

English

435

23.9K

Jimbow@ukjimbow·6 May

@DarrenArsenal1 I can imagine some fans are thinking of driving due to flights being potentially cancelled.

English

18.8K

Jimbow@ukjimbow·6 May

@DarrenArsenal1 @ArmouryAFC I'll take it. My bday.

English

Darren@DarrenArsenal1·6 May

@ArmouryAFC From your mouth...

English

479

Darren@DarrenArsenal1·6 May

The noise, feeling, vibe at the last two games is something never seen in that ground. Truly spine tingling at final whistle.

English

1.1K

18.6K

Jimbow@ukjimbow·5 May

@DarrenArsenal1 @TomCantonMedia Priorities Darren! :)

Español

509

Darren@DarrenArsenal1·5 May

@TomCantonMedia first call at 6am this morning on a zoom to china and the guy wanted to know about the game today!

English

100

10.4K

Tom Canton@TomCantonMedia·5 May

So, who else didn’t sleep?

English

119

128

1.9K

76.8K

Jimbow retweetledi

Iceman@herrmann1001·3 May

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity #oppo

English

104

628

450.8K

Jimbow@ukjimbow·2 May

@DarrenArsenal1 👀

QME

133

Darren@DarrenArsenal1·2 May

Viktor will have a barnstormer today!

English

771

36.5K

Jimbow@ukjimbow·2 May

@DarrenArsenal1 hi Darren, do you know when the young gunners membership opens up for next season? Thanks!

English

Jimbow@ukjimbow·26 Nis

@BSidesLondon @FVT :(

QAM

105

BSides London@BSidesLondon·26 Nis

We’re deeply saddened to share that Thomas Fischer @FVT has passed away after a long battle with cancer. A Director of @BSidesLondon since 2013, Thomas helped shape our community into what it is today. Our thoughts are with his wife, family, & friends. He will be greatly missed.

English

Jimbow retweetledi

Feross@feross·23 Nis

Heads up! Bitwarden CLI v2026.4.0 was compromised in the ongoing Checkmarx supply chain campaign. Attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline to ship malicious code. We'll update this post as more details are confirmed. socket.dev/blog/bitwarden…

English

427

1.4M

Jimbow@ukjimbow·19 Nis

@InfoSec_Rome @DanhausenAD Nice!

English

R0man.Emp1re@InfoSec_Rome·18 Nis

@DanhausenAD got his #blimphausen !!!!🔥🔥🔥 #wrestlemania

English

Jimbow retweetledi

The New York Times@nytimes·17 Nis

From @TheAthleticFC: New Jersey Transit confirmed on Friday that World Cup match goers will be charged $150 for a return rail trip from New York's Penn Station to MetLife Stadium in New Jersey this summer. Tickets are ordinarily priced at $12.90. nyti.ms/4sHcLzR

English

432

497

2.6K

3.5M

Jimbow@ukjimbow·16 Nis

@DarrenArsenal1 Enjoy :)

English

144

Darren@DarrenArsenal1·16 Nis

Sweet taste of progress this morning

English

9.7K

Jimbow@ukjimbow·14 Nis

@DarrenArsenal1 @DavidAFC68 Someone made it better.

English

Jimbow retweetledi

BridgeMind@bridgemindai·12 Nis

CLAUDE OPUS 4.6 IS NERFED. BridgeBench just proved it. Last week Claude Opus 4.6 ranked #2 on the Hallucination benchmark with an accuracy of 83.3%. Today Claude Opus 4.6 was retested and it fell to #10 on the leaderboard with an accuracy of only 68.3%. A 98% increase in hallucination. bridgebench.ai just confirmed that Claude Opus 4.6 has reduced reasoning levels and is nerfed.

English

475

659

6.6K

Jimbow retweetledi

Charlie Miller@0xcharlie·11 Nis

While I do agree you shouldn’t freak out that AI is finding so many vulnerabilities (we’ve gone through this before with early fuzzers, afl, etc) I disagree that AI will find all the vulns. And as long as there are a few lingering vulns, nothing changes.

Perry E. Metzger@perrymetzger

The reaction people are having to AIs that can find bugs in code is fascinating. Finally, we have the capacity to fix the crisis in computer security we’ve had for decades, and everyone is treating it like it’s a tragedy. A central mistake here is that people regard this as “no one will ever be safe again” rather than “there will be a brief period when we get rid of most of the problems.” People seem to be acting as though there will always be more security holes for these systems to find, forever, and so there can never be safety, but that’s not the way this works at all. There are not an infinite number of computer security bugs in existence. It is only felt that way because we haven’t had the ability to carefully audit absolutely everything. There are also techniques that we could never afford to use before, like formal verification, that will let us vanquish a lot of the problems forever, but which require AI to really take advantage of because they are simply too labor-intensive for human beings. This is not the beginning of some era of permanent insecurity where no one can ever feel safe again. It’s the end of a long period of insecurity where no one had any safety. The problem is, certain companies are hyping this as “these tools are too dangerous to let anyone have!” Which of course means that people won’t be able to audit their own code to get rid of their bugs before they release software. Hopefully that too is also temporary. It would indeed be tragic if it wasn’t.

English

13.9K

Keşfet

@UK_Daniel_Card @BigIsk @TrekMovie @DarrenArsenal1 @afcDW @ArmouryAFC @TomCantonMedia @elonmusk