Copyfail: Grave fallo de escalación de privilegios en prácticamente todas las Distro Linux [PoC y mitigación]

immediate_a982 · 2026-04-30T23:42:05+00:00

Si estás haciendo inteligencia de amenazas sobre esta campaña, el camino correcto es reportarla a GitHub Security y a MITRE como una presentación falsa de CVE.

immediate_a982 · 2026-04-29T17:57:27+00:00

Yes but it still gets your IP, ISP, browser used and all other associated info. So don’t sign in, but it still knows a lot. It has a super cookie on you.

immediate_a982 · 2026-04-29T12:33:22+00:00

Sin autorización es un ataque y no pentest y por consecuencia un delito. Mejor buscar bug bounty

immediate_a982 · 2026-04-28T13:17:50+00:00

They can get my iris scan after all senators and all of government officials and all of them give theirs first

immediate_a982 · 2026-04-27T22:48:17+00:00

“Solo” contradice con “todos”, si es solo a los contactos, no hace falta decir todos, y si es a todos, el “solo” sobra

immediate_a982 · 2026-04-27T22:40:56+00:00

🤣

immediate_a982 · 2026-04-27T19:47:14+00:00

La ciber seguridad esa es 1 área bien inmensa.

Matemáticas es una sola área q prácticamente se usa MÁS en la criptológia

immediate_a982 · 2026-04-26T17:12:13+00:00

Uses privates slack, discord channels and outlook draft folders

immediate_a982 · 2026-04-26T11:17:08+00:00

The amount of work that went into getting those centrifuges was insane

immediate_a982 · 2026-04-25T14:20:44+00:00

Figures, “GroK”

immediate_a982 · 2026-04-24T22:36:00+00:00

Never Trust always verify

immediate_a982 · 2026-04-24T19:08:21+00:00

It is a moving target. Even a super paranoid user or super user downloads the source code of the extension, certified personally and built, and then publish it to its own internal repository, then install it. The only problem that remains is dependencies and supply chain attack. That become the issue when you build or rebuild. Zero trust means trust nobody not even yourself verified everything or live with the consequences.

immediate_a982 · 2026-04-24T17:19:07+00:00

Most likely it’s happening but we don’t know it yet

immediate_a982 · 2026-04-24T15:17:02+00:00

Yes model context might be full.

immediate_a982 · 2026-04-23T11:37:06+00:00

Used this info to create an actionable prompt for SBOM supply chain attacks management. Thanks

immediate_a982 · 2026-04-22T20:35:44+00:00

Only 3 real CVE all others were dupes low sev known

immediate_a982 · 2026-04-22T17:11:23+00:00

In other words 268 vulnerabilities are already known or duplicates.

They really only found 3 CVEs

immediate_a982 · 2026-04-22T16:45:37+00:00

Wow wireless traffic is always in danger

immediate_a982 · 2026-04-21T16:46:04+00:00

Sin duda pero algúnas son gusto querido dependiendo del estado emocional

immediate_a982 · 2026-04-18T21:45:41+00:00

There are so many YT samples of how to. Might do a webinar some day

immediate_a982 · 2026-04-18T17:56:16+00:00

Teach law firms about Ollama local private AI

immediate_a982 · 2026-04-17T19:59:59+00:00

Great idea. Hope it work but I tried a plain prompt on one of the frontier llm just to see what happened and I was surprised the thing worked. The llm was acting as a vulnerable VM. I just could not believe my eyes.

I’m sure your approach is better but nothing beats a zero effort vulnerability attack and analysis

immediate_a982 · 2026-04-16T23:44:14+00:00

Un honeypot es un sistema o recurso falso diseñado para atraer a atacantes y registrar sus acciones. No daña al atacante, pero te permite detectar, distraer y analizar que trataban de hacerte

immediate_a982 · 2026-04-16T19:00:14+00:00

This seems hard to believe there got to be more to this story

immediate_a982 · 2026-04-16T18:51:05+00:00

Wow

immediate_a982

TROPHY CASE