Profile avatar
adulau.infosec.exchange.ap.brid.gy
Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff. The other side is at @a (photography, art and free software at large) […] [bridged from https://infosec.exchange/@adulau on the fediverse by https://fed.brid.gy/ ]
61 posts 83 followers 10 following
Prolific Poster
Posts 42 Comments 7

Don't forget! In vulnerability-lookup, you can quickly identify sighted vulnerabilities that are not yet published or are scheduled for publication soon (highlighted in yellow in the screenshot). This example is interesting, a pre-publication on GitHub […] [Original post on infosec.exchange]

submitted 4 hours ago • 0 comments

This is the most important comment I have heard this week — Poland’s Prime Minister Donald Tusk: “500 million Europeans are asking 300 million Americans to defend them against 140 million Russians […] Europe, if there is something we lack today, it is not economic or demographic power, but […]

submitted 1 day ago • 15 comments

Honestly, I don't know how Zelenksy didn't punch the cheetoh that whole time. That man has remarkable restraint. I have never been so embarrassed for our country. What a thug. "World War III," he says over and over, echoing Putin's sabre rattling throughout his invasion. Even sitting in the […]

submitted 3 days ago • 8 comments

Vulnerability CVE-2025-24085 has received a comment on Vulnerability-Lookup: Formal Vulnerability Disclosure for iPhone 15 Pro Max (iOS 18.3.1) http://vulnerability.circl.lu/comment/e2a22b2f-4064-4f7f-a7c5-6b9f4b3cd280 #VulnerabilityLookup #Vulnerability #Cybersecurity #bot

submitted 5 days ago • 0 comments

Super happy to see the open source sysdiagnose joining the hackathon.lu held in Luxembourg on April 8th and 9th, 2025. sysdiagnose is an open-source framework developed to facilitate the analysis of the Apple sysdiagnose files and especially the one generated on mobile devices (iOS / iPadOS) […]

submitted 7 days ago • 0 comments

I was looking for a parseable Wiktionary dump and discovered Kaikki.org, a digital archive and data mining group. They offer a massive, parseable dataset in JSONL format. 🔗 https://kaikki.org/dictionary/rawdata.html #opendata #opensource #wiktionary #dataset #datamining #ai #ml […]

submitted 8 days ago • 0 comments

Tout le monde n’a pas eu la chance de voir l’exposition Invader Space Station, installée dans le parking et l’ancien siège historique du journal Libération, situé rue Béranger à Paris... 👾 Lire la suite sur le Sillon […] [Original post on paperbay.org]

submitted 9 days ago • 0 comments

We imported the data from Black Basta Ransomware group leak into AIL and there are many interesting aspects. * The federation network of Matrix servers (see the screenshot) used to communicated among the affiliates/group(s). * Activities in the chat […] [Original post on infosec.exchange]

submitted 10 days ago • 0 comments

Anyone know of a publicly available data source for #SSH server key fingerprints in-the-wild, perhaps a repository modeled after @circl's https://d4-project.github.io/passive-ssh/ system? And I'm aware of DNS SSHFP RRs, not that. It doesn't have to be perfect or even updated that often, just […]

submitted 13 days ago • 0 comments

The famous library called Lacus behind @ail_project to perform web capture in headless mode, has been released as version 1.13.0 The new version has a mode to perform web capture with a headed browser. Thanks to @rafi0t for the continuous work on the […] [Original post on infosec.exchange]

submitted 13 days ago • 1 comment

The scary part is when frustration builds around a specific issue. While discussing with @cedric about the challenges with CPE values, I used @misp as an example, since we are also the software vendor. CPEs are messy because their creation sources vary […] [Original post on infosec.exchange]

submitted 18 days ago • 0 comments

A new bundle, Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf, has been published on Vulnerability-Lookup: http://vulnerability.circl.lu/bundle/9a35bcae-d831-491f-945c-1fbd54769c38 #VulnerabilityLookup #Vulnerability […]

submitted 20 days ago • 0 comments

A new bundle, February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs), has been published on Vulnerability-Lookup: http://vulnerability.circl.lu/bundle/85f9fd3a-b2ef-443b-b091-2cad7418236f #VulnerabilityLookup […]

submitted 20 days ago • 0 comments

When my colleague @terrtia showed me this article "Scoop: Heritage Foundation plans to ‘identify and target’ Wikipedia editors" 🔗 https://forward.com/news/686797/heritage-foundation-wikipedia-antisemitism I immediately thought about the WikiScanner project from Virgil Griffith. Then my […]

submitted 20 days ago • 0 comments

During the hackathon.lu, we thought about making large datasets available locally to enable participants to conduct experiments or develop new open-source security tools. A full Common Crawl dataset will be accessible, along with extensive passive DNS dumps. If you think of a large open […]

submitted 23 days ago • 0 comments

Just, wow. @mmasnick has an important piece about the Trump administration's threat to pull funding from the National Center for Missing and Exploited Children (NCMEC) unless they remove all referenced to LGBTQ+ issues starts "deadnaming" trans kids. "After years of screaming “save the […]

submitted 23 days ago • 3 comments

🚀 Kunai pushes further integration with MISP! This week, we've made significant progress in bridging Kunai with @misp to enhance threat intelligence sharing. Our focus has been on developing kunai-to-misp, a new tool available at […] [Original post on infosec.exchange]

submitted 25 days ago • 0 comments

Dark Distillation: Backdooring Distilled Datasets without Accessing Raw Data. Ken Thompson's 'Reflections on Trusting Trust' remains highly relevant in today's LLM landscape. #ai #llm #cybersecurity #research 🔗 https://arxiv.org/pdf/2502.04229v1

submitted 25 days ago • 0 comments

I was wondering why a specific onion address / url is the most queried on our Tor onion lookup service for verification. It seems that many potential customers of Oxycodone are searching for alternatives on the dark market. Wondering if an automatic event […] [Original post on infosec.exchange]

submitted 26 days ago • 0 comments

If you are curious about the old Zyxel vulnerabilities which won’t be patched and want to look at the sightings. #zyxel #vulnerability #cve 🔗 https://vulnerability.circl.lu/bundle/d3075493-7100-4a9c-9b70-41f0581a825c

submitted 26 days ago • 0 comments

Just came across a diagram on LinkedIn titled 'The Modern SOC Platform.' It looks more like a compilation of products and services that could be used in a SOC rather than a structured approach. Having seen so many different SOCs and operational models […] [Original post on infosec.exchange]

submitted 26 days ago • 0 comments

A new bundle, Threat Actors Use CVE-2019-18935 to Deliver Reverse Shells and…, has been published on Vulnerability-Lookup: http://vulnerability.circl.lu/bundle/a4c1e6ab-1786-4631-8cc9-dfa00c7171a6 #VulnerabilityLookup #Vulnerability #Cybersecurity #bot

submitted 29 days ago • 0 comments

A computer coup to take control of the federal infrastructure of the United States, it sounded like a bad story from a sci-fi book. But it seems we are in the middle of it... https://www.wired.com/story/elon-musk-government-young-engineers/

submitted 29 days ago • 0 comments

Pachyderms are meeting at #fosdem2025! ❤️ PostgreSQL

submitted 29 days ago • 3 comments

Vulnerability Report – January 2025 With significant improvements in gathering sightings and vulnerability information in recent weeks, vulnerability-lookup has become a great resource for automatically generating vulnerability threat landscape reports […] [Original post on infosec.exchange]

submitted 31 days ago • 0 comments

If you look at the number of papers coming out of China on LLMs and FPGAs, it's clear something is brewing. This could turn into good news in the long run. #llm #fpga #ai

submitted 34 days ago • 0 comments

If you're wondering why free software and open source remain at the forefront of innovation and the long-term source of creativity, it seems the Deepseek CEO gets it... 🔗 https://stratechery.com/2025/deepseek-faq/ #opensource #freesoftware #ai #llm

submitted 35 days ago • 2 comments

Do you think this is fair? "Problems that only trigger using legacy dependencies are not considered security problems." https://github.com/curl/curl/pull/16086 #curl

submitted 38 days ago • 3 comments

A new open-source security project "cocktail party" joined the hackathon.lu event, a two-day in-person hackathon held in Luxembourg on April 8th and 9th, 2025. Feel free to join us with your open-source security project! 🔗 […] [Original post on infosec.exchange]

submitted 38 days ago • 0 comments

A new bundle, CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications, has been published on Vulnerability-Lookup: http://vulnerability.circl.lu/bundle/bd1f7e06-4107-433a-9fa6-fbf3db5cfa34 #VulnerabilityLookup #Vulnerability […]

submitted 39 days ago • 0 comments

Vulnerability CVE-2024-54507 has received a comment on Vulnerability-Lookup: Proof Of Concept http://vulnerability.circl.lu/comment/25c99b1c-5ba6-4c88-bac6-3ad6c5e525b4 #VulnerabilityLookup #Vulnerability #Cybersecurity #bot

submitted 39 days ago • 0 comments

AIL Project v6.0.1 released with improved usability in social network monitoring and many bugs fixed. #opensource #osint #darkweb #threatintelligence #threatintel 🔗 https://ail-project.org/blog/2025/01/23/AIL-v6.0.1.released/ @ail_project

submitted 39 days ago • 0 comments

AIL Project v6.0.1 released with improved usability in social network monitoring and many bugs fixed. #opensource #osint #darkweb #threatintelligence #threatintel 🔗 https://ail-project.org/blog/2025/01/23/AIL-v6.0.1.released/ @ail_project

submitted 39 days ago • 0 comments

Interesting approach to CVE allocation: announcing End-of-Life (EOL) versions of Node.js. I haven't notice this practice before. Not entirely sure about the objective. Does this mean the Node.js team plans to restrict CVE creation for older, unmaintained […] [Original post on infosec.exchange]

submitted 41 days ago • 0 comments

🔥 Kunai v0.5.0: Sharpened and Forged for Peak Performance! 🔥 We're happy to announce that Kunai v0.5.0 is now available, freshly forged with new features and enhancements designed to boost your system observability. 🔍 Get More Visibility Than Ever: - Start Event: Understand your agent's […]

submitted 41 days ago • 0 comments

This 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity. We aim to convene diverse developer groups to collaborate on complex programming challenges within […] [Original post on infosec.exchange]

submitted 43 days ago • 1 comment

I see a lot of discussions about Jack Dorsey coming to #FOSDEM. These debates are quite fascinating and not new, they’ve always been part of the broader free software and open source movements (which are far from monolithic). Personally, I believe we should welcome funding from any source, but […]

submitted 46 days ago • 0 comments

Many assume that an onion address with a strange name and a leak always belongs to a threat actor. But sometimes, it's just a frustrated security researcher sharing findings to push for fixing vulnerable infrastructure. #vulnerability #leak #infosec

submitted 46 days ago • 0 comments

I'm always surprised to see academic papers claiming to have installed and used software I wrote or know very well, only to describe functionalities or behavior that don't exist. How do such papers pass so easily through conference or journal peer review? I suppose the same thing happens in […]

submitted 47 days ago • 0 comments

6 vulnerabilities discovered in rsync server, including one critical flaw that allows remote code execution (RCE) on the server. Anonymous rsync servers are affected. 🔗 https://vulnerability.circl.lu/bundle/d938dc28-6877-40db-ad5f-25f3051288e6 #rsync #vulnerability #vulnerabilities #cve […]

submitted 48 days ago • 0 comments

After years of discussions about sovereignty at the EU level regarding CPUs and GPUs, we are now seeing the consequences of the lack of proactive action on this critical issue. You can't leverage AI effectively if you lack access to the essential hardware needed to achieve your objectives. 🔗 […]

submitted 48 days ago • 0 comments

Looking back at it, maybe Myspace Tom was a good friend after all, given he sold the company and just went travelling with his money instead of trying to overthrow democracy.

submitted 53 days ago • 0 comments