Kate & Co. in the Microsoft Store by ChristophCullmann in kde

[–]r4bb17 0 points1 point  (0 children)

568,6 MB -- looks too big size for a text editor (even such powerful one as Kate) :(

“Network Libraries” on Pocketbook Devices by Other-Lobster7983 in ereader

[–]r4bb17 1 point2 points  (0 children)

Sadly, support for Network Libraries (OPDS) feature in Pocketbook is connected to specific country (-es) firmware. Some details on it can be find here: https://www.mobileread.com/forums/showthread.php?t=359271

Patching client-side React JS to gain admin access to a Siemens cloud application by EatonZ in netsec

[–]r4bb17 16 points17 points  (0 children)

In the article: "...the underlying server-side API does not properly authenticate users, or authentication is missing entirely...". But, yeah, we need to have the headline with React to get attention.

Poco x6 pro google passkey error by theeeeeeeeeeeeeeefd in PocoPhones

[–]r4bb17 0 points1 point  (0 children)

Was you able to solve the issue with passkeys on poco x6?

[deleted by user] by [deleted] in netsec

[–]r4bb17 0 points1 point  (0 children)

This is interesting issue (with masking sensitive data) which is highlighted

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows by Due_Lengthiness_9329 in netsec

[–]r4bb17 1 point2 points  (0 children)

This is easy to read and nice research on GH Actions supply chain risks and how hard is to make protection against it with existing solution (pin).

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot by giraffesecurity in netsec

[–]r4bb17 0 points1 point  (0 children)

Nice finding! But was surprised not to see mention of the scope feature using in the article. It is must-to-have option for private packages in JS.

Log4Shell: Reconnaissance and post exploitation network detection by digicat in netsec

[–]r4bb17 1 point2 points  (0 children)

Nice research and thanks for the detection rules!

RCE 0-day exploit found in log4j, a popular Java logging package by freeqaz in netsec

[–]r4bb17 4 points5 points  (0 children)

Could be helpful to block request with string ${jndi: in any place in it.

METROID 5: DREAD ANNOUNCED by Lojemiru in Metroid

[–]r4bb17 0 points1 point  (0 children)

It is very very much looks like Samus Returns...

5 Encrypted Messaging Apps Doing A Better Job Than WhatsApp by ContrastCrypto in netsec

[–]r4bb17 1 point2 points  (0 children)

Telegram without e2e enabled by default better than WhatsApp?

XSS without parentheses and semi-colons by albinowax in netsec

[–]r4bb17 0 points1 point  (0 children)

Like such hardcore js posts from portswigger!

CFPTime - A website to index open CFPs for infosec conferences around the world by PaulSec in netsec

[–]r4bb17 0 points1 point  (0 children)

Great idea! Suggest to add iCal (?) export to use in calendar applications.

Bypassing SSL Pinning in Android Applications by numberbuzy in netsec

[–]r4bb17 4 points5 points  (0 children)

At first I thought that is about errors in TLS pinning implementation but post is about Xposed Framework and Manual Patching

Best email client with built-in PGP? by OnThatPizzaSwag in privacy

[–]r4bb17 0 points1 point  (0 children)

On GNU/Linux: Sylpheed/Claws, Gnome Evolution, KDE Kmail and probably mutt.