zachlatta

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

hackermondev

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

chamlis

2bwm-doc=0.3-r2
2bwm=0.3-r2
6tunnel-doc=0.13-r2
6tunnel=0.13-r2
7zip-doc=23.01-r0
7zip=23.01-r0
R-dev=4.4.0-r0
R-doc=4.4.0-r0
R-mathlib=4.4.0-r0
R=4.4.0-r0

hackermondev

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

izabera

This is from man bash:

A pipeline is a sequence of one or more commands separated by one of the control operators | or |&. The format for a pipeline is:

[ time [ -p ]] [ ! ] command [ [ | | |& ] command2 ... ]

This is the only place in which ! can appear. It never prefixes commands, it prefixes pipelines.

rendello

/*
Copyright (c) 2024 Rendello

Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM

DjMaxd

////////////[!DISCLAIMER!]////////////
90-70% of Bloodlight lore is collected here.

Information taken from the author's X.com (https://x.com/00_Homura), PillowFort (https://www.pillowfort.social/02_Homura) and RetroSpring (https://retrospring.net/@H0mura).

Most information is provided in Q/A format without user names or separations. The only separations are my "map legend" and an empty paragraph between pieces of lore.

Also, some information is provided simply in the form of copied text under the author’s posts.

The main focus was on the world setting and Mother Almonde. So there is either no information on some characters at all, or just a little bit.

timothyham

A Short IPv6 Guide for Home IPv4 Admins

This guide is for homelab admins who understand IPv4s well but find setting up IPv6 hard or annoying because things work differently. In some ways, managing an IPv6 network can be simpler than IPv4, one just needs to learn some new concepts and discard some old ones.

Let’s begin.

First of all, there are some concepts that one must unlearn from ipv4:

Concept 1

NoobGajen

First of all, uninstall the eos-hooks package, which keeps changing the data of /etc/os-release from a hook while installing base packages.

sudo pacman -R eos-hooks

Reinstall the base package group:

sudo pacman -Syyu --noconfirm archlinux-keyring bash bzip2 lsb-release coreutils file filesystem findutils gawk gcc-libs gettext glibc grep gzip iproute2 iputils licenses pacman pciutils procps-ng psmisc sed shadow systemd systemd-sysvcompat tar util-linux xz linux

sgammon

There appears to be a string encoded in the binary payload:
https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115

Which functions as a killswitch:

https://piaille.fr/@zeno/112185928685603910

Thus, one workaround for affected systems might be to add this to `/etc/environment`:

```