Notices by cR0w (cr0w@infosec.exchange), page 4

Satya, sobbing: You can't just keep calling everything slop just because it's shit and made with shit AI.

Me, pointing at office dot com: SLOP

@prettygood @badsamurai @Mustardfacial Honestly, if you already have it, I wouldn't change it out. There aren't many good options in general so if it works, it works.

Go hack more Ubiquiti shit.

https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9

https://www.cve.org/CVERecord?id=CVE-2026-21633

https://www.cve.org/CVERecord?id=CVE-2026-21634

Did you do it? Did you hack the Ubiquiti shit? Good. Here's more.

https://community.ui.com/releases/Security-Advisory-Bulletin-059-059/0c0b7f7a-68b7-41b9-987e-554f4b40e0e6

https://www.cve.org/CVERecord?id=CVE-2026-21635

@badsamurai You know, I don't get them as much here as I expected. More legitimate questions like "Why do you hate Ubiquiti?" and "How dare you compare Ubiquiti to Tesla?!"

@prettygood @badsamurai @Mustardfacial Presumably because it used to be a Tesla / Musk meme that was modified for Ubiquiti because Ubiquiti is the Tesla of networking.

RE: https://infosec.exchange/@patrickcmiller/115807271030587157

No. Please. I beg you all. Don't push more software into critical infrastructure. :crow_plead:

LMAO.

https://www.cve.org/CVERecord?id=CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

#directoryTraversalMemes

Perfect 10 RCE in n8n. 🥳

https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp

Zed editor vulns.

https://github.com/zed-industries/zed/security/advisories/GHSA-cv6g-cmxc-vw8j

https://github.com/zed-industries/zed/security/advisories/GHSA-29cp-2hmh-hcxj

@mattly I expect there are a lot of undiscovered / unpublished vulns in all plugin ecosystems. Just look at the issues with the well-funded ones.

@reverseics So what software are you going to buy and destroy while arrogantly harassing researchers?

@reverseics The dream.

@briankrebs

@reverseics @briankrebs The worst part is I was already preparing to put up another one on another website so it was an easy copy paste slop job.

@codinghorror @Sempf You better run.

Go hack more MCP shit.

https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/

@huronbikes It's almost like vibe-coding an entire class of product was a bad idea.

RE: https://infosec.exchange/@patrickcmiller/115681402579901898

This had made many people very angry and has been widely regarded as a bad move.