June 8, 2024

                June 8, 2024

            June 8, 2024

            June 8, 2024

another day, another BONTO https://t.co/blglxQOfYI pic.twitter.com/EgsIJ8yNaR
— not wint (@drilhistorian) June 6, 2024

Breaking News: William Anders, one of the first men to orbit the moon, has died at 90. He took the “Earthrise” photo from Apollo 8.https://t.co/KIgGmEeRrp
— The New York Times (@nytimes) June 8, 2024

Hypothesis: The beholder's mouth gets larger with each new edition.

Let's start with the original 1975 appearance on the cover of Supplement I: Greyhawk. pic.twitter.com/jUHJXxf1wJ
— Justin Alexander (@hexcrawl) June 7, 2024

Very cool to see Churchill immortalized as the thing he hated most: a brown guy https://t.co/GWVfEb2zVd
— jerf 🛹 (@jeffdsilva) June 6, 2024

Race conditions primitives on speculatively executed code paths (GhostRace)

Paper: https://t.co/VBfZa9Sbvr
Website: https://t.co/VBfZa9Sbvr
PoC: https://t.co/cNt3mTQyCT#ghostrace pic.twitter.com/AP1fURW7RJ
— 0xor0ne (@0xor0ne) June 8, 2024

Turns out speaking out works. 

Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually trying to encrypt the database they say. https://t.co/zRHLJT3l1y
— Kevin Beaumont (@GossiTheDog) June 7, 2024

Today @cloud11665 discovered a CSS injection vulnerability (or super cool customization feature) on GitHub.

* Reposted for issue correction
* Initially attributed discovery to wrong person

Video shared from @yacineMTB pic.twitter.com/B1ctuRh1MN
— vx-underground (@vxunderground) June 8, 2024

so umm... yea lets just say ... github has a css injection
😳 pic.twitter.com/9JD7nuV1B1
— cts 🌸 (@gf_256) June 7, 2024

Today following the CSS injection discovered by @cloud11665, internet nerds also discovered you can do CSS injection on the issues tab.

The attached link is defanged. Someone did a CSS injection on a raised issue, which resulted in the issue being essentially hijacked. When the…
— vx-underground (@vxunderground) June 8, 2024

Today following the CSS injection discovered by @cloud11665, security researcher @vmfunc discovered you can also create ReadMe files which force log people out of their GitHub profiles. Oh, and you can make IP grabbers!

GitHub has now become the wild west pic.twitter.com/2SQCRV0nal
— vx-underground (@vxunderground) June 8, 2024

GitHub employees chasing down the nerds who turned their website into nothing but anime, IP grabbers, thread hijacks, and goatse spam... on a Friday night 😂😂😂 pic.twitter.com/GxS82d7C38
— vx-underground (@vxunderground) June 8, 2024

GitHub has ruined Christmas. The CSS injection has been patched. pic.twitter.com/K7yWuo3w1G
— vx-underground (@vxunderground) June 8, 2024

The GitHub CSS Injection which was patched a few hours ago has already been bypassed.

Internet nerds are returning with wrath as they resume anime backgrounds and anime banners

We were asked not to show the bypass code to 340,000 people so it's not patched instantly ¯\_(ツ)_/¯
— vx-underground (@vxunderground) June 8, 2024

speak soon.

CVE-2024-4577, Argument Injection in PHP-CGI pic.twitter.com/FNGAed5SR5
— watchTowr (@watchtowrcyber) June 7, 2024

This bug

PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥https://t.co/EQdzNTihOm
— Orange Tsai  🍊 (@orange_8361) June 7, 2024

I’m sharing a fun tool I made - The Jolly Executioner is an API wrapper around Unix command execution with a bit of an opinion about security. My use case was for executing commands from a container on a Docker host but it could be used more widely.https://t.co/32ECamHrQ8 pic.twitter.com/hFUU6Z9Obs
— Dominic White 👾 (@singe) June 7, 2024

Wait this is the most realistic part https://t.co/a26fxfiwzI pic.twitter.com/9N6210E8ss
— evan loves worf (@esjesjesj) June 7, 2024

Blockchain developer loses over $48,000 after posting private key to Github

June 5, 2024 pic.twitter.com/ShmIetHjbv
— web3 is going just great (@web3isgreat) June 7, 2024

#otd in 1965, a nun named Mary Keller became the first woman to earn a computer science PhD in the US. She later helped developed #BASIC: https://t.co/CRC4wZ29N4 pic.twitter.com/VNWMLbMxG2
— MIT CSAIL (@MIT_CSAIL) June 7, 2024

1/ Whelp, Russia is legalizing hacking.

Russia's new "white hat hacker" bill sheds light on its cyber capabilities and challenges. The bill aims to legalize ethical hacking under state control.
— Robert Hansen (@RSnake) June 7, 2024

                  Thread by @RSnake on Thread Reader App – Thread Reader App
@RSnake: 1/ Whelp, Russia is legalizing hacking. Russia's new "white hat hacker" bill sheds light on its cyber capabilities and challenges. The bill aims to legalize ethical hacking under state control. 2/ The legisl...…            

                  Russia’s white hat hacker bill exposes cyber struggles and strengths
Opinion: The Kremlin’s nearly finalized white hat hacker rules expose the profound challenges facing Russia’s tech sphere — and Moscow’s path to cement its future.            

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: