Notices by cR0w :cascadia: (cr0w@infosec.exchange)

@32x33 Can't breach a system that's blue screened. Checkmate haters.

WTF? I hate phishing training so much.

https://mastodon.social/@Firr/114490502536328063

@badsamurai Hell yes. Let's add some more headers:

X-ThreatSim-ID
X-ThreatSim-Header
X-Phishtest
X-PhishMe
X-PhishMeTracking
X-PHISH

@mttaggart @catsalad Counterpoint: :blobcatyes:

Friday EOD 8-K 😆

On May 5, 2025, Global Crossing Airlines Group Inc. (the “Company”) learned of unauthorized activity within its computer networks and systems supporting portions of its business applications, which the Company determined to be the result of a cybersecurity incident.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1846084/000095017025068004/jetmf-20250505.htm

Holy shit, Seagate, you okay?

This is the reference in the CVE: https://xxx/

sev:CRIT 10.0 - AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Issue in my product in blah version x on y allows bad person to break

https://nvd.nist.gov/vuln/detail/CVE-2025-4475

@ryanc @0xabad1dea Or needlepoint. I like that quote a lot.

Partner: Hey you're on that furry website all the time, maybe you can tell me what this means.

Me: What furry site? I don't go to furry sites.

Partner: The one with the tooting and stuff.

Me: Mastodon? The fediverse is not a furry websi- ... Yeah, okay. What's the question?

@Viss Our best local place was out of a trailer and shut down and everyone was bummed, but then they opened up a brick and mortar store. I haven't been there yet but I'm excited for them.

@darfplatypus @Viss It makes me nervous that they'll lose what made it so good but still optimistic. I think people are making that transition better than they used to.

Public disclosure of a few command injection vulns in Rundeck 5.8.0 and 5.11.1 ( which is the latest version on the Rundeck site ) and IDK, probably others.

https://insinuator.net/2025/05/full-disclosure-multiple-rundeck-job-command-injections/

Bug bounties. lol.

Edit to fix the markdown from the copy / paste.

• February 04, 2025: Initial contact attempt by ERNW via Mail stating it cannot accept the terms and conditions of HackerOne .
• February 10, 2025: Contact attempt by ERNW.
• February 11, 2025: Contact attempt by ERNW.
• February 11, 2025: PagerDuty Security Team states only reports via HackerOne are accepted.
• February 12, 2025: ERNW states it cannot accept the terms and conditions.
• February 14, 2025: Contact attempt by ERNW.
• February 26, 2025: Contact attempt by ERNW.
• March 04, 2025: Contact attempt by ERNW.
• March 27, 2025: Contact attempt by ERNW.
• May 05, 2025: Contact attempt by ERNW stating that the disclosure timeline is exceeded. Public Disclosure by ERNW.

So is the DoJ going to "find" that Chris Krebs has been collaborating with CN or UA?

@adisonverlice Notes written in red crayon with his name spelled wrong.

@adisonverlice I imagine "evidence" will look something like this.

@grey @darfplatypus I know. He already doxxed himself.

How I picture y'all.

@i0null @darfplatypus We can all be raccoons.

@GossiTheDog those low-bid outsourced service desks though

#directoryTraversalMemes