Senselessly Tooted Disinformation

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

libpng CVE-2026-25646: Heap buffer overflow in `png_set_quantize`

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

this post | permalink

Pillow CVE 2021-25289: Fix OOB write with invalid tile extents

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

this post | permalink

Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/

/via @badsectorlabs

this post | permalink

@gsuberland @invoxiplaygames.uk Calling this RCE is at least consistent with MS's own taxonomy (see previous Office vulns). CVSS UI:R is also a meaningful datapoint for those parsing their feed.

this post | permalink

@G33KatWork MS be like

this post | permalink

[RSS] Shellcode as 'XML'

https://tmpest.dev/shellcode_as_xml.html

this post | permalink

[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5

https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15

this post | permalink

[RSS] Intego X9: When your macOS antivirus becomes your enemy

http://blog.quarkslab.com/intego_lpe_macos_1.html

this post | permalink