The art of being ungovernable

Welcome to this week's edition of the Threat Source newsletter. " It takes very little to govern good people. Very little. And bad people can't be governed at all. Or if they could, I never heard of it." ― Cormac McCarthy, No Country for Old Men Most of my career has been built on dichotomy:...

Astra Linux - уязвимость в ntfs-3g, containerd-app

NTFS-3G before version 75dcdc2 has a use-after-free issue in the ntfsuppercasembs function in libntfs-3g/unistr.c. NOTE: Discussions suggest that exploiting this vulnerability would be challenging...

CVE-2026-31676

In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPCCONNSERVICECHALLENGING. Check that state under statelock before running response verification and...

Uncovering Hybrid Cloud Attacks Part 1 – Addressing the Speed of Cloud Attacks

In this first part of the series, we’ll explain why effective response is so challenging and provide an overview of the problem...

CVE-2023-52890

NTFS-3G before 75dcdc2 contains a use-after-free in ntfs_uppercase_mbs (libntfs-3g/unistr.c). Exploitation is noted as challenging in the sources. A fixed version exists (75dcdc2); several advisories reference updates to remediate CVE-2023-52890. Connected documents associate the CVE with ntfs-3g...

CVE-2023-52890

NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging...

CVE-2023-52890

NTFS-3G before 75dcdc2 has a use-after-free in ntfsuppercasembs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging...

Step-by-Step Guide to Creating Your First Crypto Wallet

By Owais Sultan Entering the dynamic world of cryptocurrencies is pretty exciting. But one can easily get overwhelmed with the amount… This is a post from HackRead.com Read the original post: Step-by-Step Guide to Creating Your First Crypto Wallet...

Qakbot Takedown: The Road Ahead is Long and Winding

A long and challenging journey against cybercrime around the world...

Open-Source LLMs

In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didnt just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers...

[SECURITY] Fedora 21 Update: armacycles-ad-0.2.8.3.3-1.fc21

In this game you ride a lightcycle; that is a sort of motorbike that cannot be stopped and leaves a wall behind it. The main goal of the game is to make your opponents' lightcycles crash into a wall while avoiding the same fate. The focus of the game lies on the multiplayer mode, but it provides...

[SECURITY] Fedora 13 Update: maniadrive-1.2-22.fc13

ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nerv ous gameplay tracks almost never exceed one minute. Features: Complex car physics, Challenging "story mode", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks...

eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities

Advisory Name: Remote Command Execution in EGroupware Vulnerability Class: Remote Command Execution Release Date: 2010-03-09 Affected Applications: Confirmed in EGroupware 1.4.001+.002 and 1.6.001+.002. EGroupware Premium Line 9.1 and 9.2 is also affected. Other versions may also be affected...

Adam Shostack, Microsoft

I first met Adam well before he joined Microsoft and have interviewed and corresponded with him dozens of times over the years, and I’ve learned something new from every one of those conversations. Given that the goal of most interviews is to learn new information, you’d think that would be sort ...