infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

[RSS] Python Wheel (Zip) Parser Differential Vulnerability v2.0

https://github.com/google/security-research/security/advisories/GHSA-w97x-xxj5-gpjx
this post | permalink
[RSS] Foxit, Epic Games Store, MedDreams vulnerabilities

https://blog.talosintelligence.com/foxi-and-epic-games/
this post | permalink
[RSS] On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025

https://www.synacktiv.com/en/publications/on-the-clock-escaping-vmware-workstation-at-pwn2own-berlin-2025
this post | permalink
CVE-2025-56005 - If you pass untrusted data in the `run_this_code` parameter of bar() of library foo then untrusted code gets executed. This is a vulnerability, because it's not documented that `run_this_code` will run code.

Developer resigned:
https://github.com/dabeaz/ply/commit/9d7c40099e23ff78f9d86ef69a26c1e8a83e706a

#cve #slop #FOSS
this post | permalink
I took a slip from my tea mug. It wasn't the rum I expected.

I'm deeply disappointed.
this post | permalink
[RSS] Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-1432

https://aisle.com/blog/firefox-webrtc-encoded-transforms-uaf-via-undetached-arraybuffer-cve-2025-14321
this post | permalink
@singe Right? I'm also glad we have oss-sec where these discussions can actually happen! I always recover some of my hope for humanity when Solar Designer enters even the most ridiculous thread in the most polite and level-headed way.
this post | permalink
[RSS] Dead Ends, Red Herrings, and Failures In Our Time

https://www.hoyahaxa.com/2026/01/dead-ends-red-herrings-and-failures-in.html

(ColdFusion research #fail)
this post | permalink
[RSS] Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn

https://www.thezdi.com/blog/2026/1/23/pwn2own-automotive-2026-day-three-results-and-the-master-of-pwn
this post | permalink
@mousey @jpm @Viss
this post | permalink
Next Page