I need to confirm, but I think there’s another strategy to exploit a file UAF. You have to do what’s shown here https://t.co/8vEoH5gh9F but instead of spraying /etc/passwd, spray page tables (the file content, I think only comes from the buddy allocator), without cross-cache!

— Javier P Rufo (@javierprtd) January 26, 2025

Over 1/3rd of Nvidia sales go to China, probably ~$40B last year.

The Singapore backdoor is real: Nvidia even says “shipments to Singapore are insignificant” while 22% of billings last qtr were to Singapore. pic.twitter.com/AGeArCgTI1

— Sheel Mohnot (@pitdesi) January 25, 2025

In the XZ backdoor a bitmap-trie is used for searching strings. But the simplest way to serialize the tree is to record it as S-expression. And if the branches are shuffled, we get polymorphism as a side effect pic.twitter.com/PxPmoEN5Tc

— herm1t (@vx_herm1t) January 26, 2025

Jia wanted stealth both in file and in memory. As funny as it sounds, this negatively impacted performance. If he had used a generating automaton instead, maybe no one noticed. And the code would be much simpler pic.twitter.com/nA32bceQ9O

— herm1t (@vx_herm1t) January 26, 2025

LOLC2 - a collection of C2 projects that operate exclusively through legitimate services, I'm probably missing some projects let me know !

🌐 https://t.co/q9tYyggQ7h

🐙 https://t.co/6FvJuPBEd2

— mthcht (@mthcht) January 26, 2025

Interesting feature of using AI assistants on social media: live fact-finding (fact-checking). I wonder what makes this thing embedded on certain posts, and not others. Perhaps people should vote for it (like for context notes?) Helpful to clarify issues that are not settled. pic.twitter.com/gDuWwnOcEO

— Lukasz Olejnik (@lukOlejnik) January 27, 2025

absolute fucking banger, literally changed my life 🐻https://t.co/yXZNBbBAJ1

h/t @matthewdunwoody @ItsReallyNick https://t.co/lSHkVrPYKm

— J⩜⃝mie Williams (@jamieantisocial) January 26, 2025