UnLocoPoco

joined 1 week ago
sorted by: new top controversial old
22
PSN Single-Letter Username Glitch: What Actually Broke (thecybersecguru.com)
submitted 16 hours ago* (last edited 14 hours ago) by UnLocoPoco@lemmy.world to c/technology@lemmy.world
3 comments fedilink
 

PSN briefly allowed users to claim single-letter Online IDs like A, B, X, and Z, even though Sony’s public username rules require 3–16 characters. It looks less like a planned feature and more like a validation failure somewhere in PSN’s identity stack, showing why client-side checks are never enough and why all platforms need consistent server-side validation across APIs, account services, and databases.

7
CVE-2026-53435: Jenkins Deserialization Chain, PoC & Patch (thecybersecguru.com)
 

cross-posted from: https://lemmy.world/post/48197919

A newly disclosed Jenkins vulnerability, tracked as CVE-2026-53435, is now being actively exploited in the wild. The flaw allows an authenticated attacker with relatively low privileges to POST a malicious config.xml file, abuse Jenkins’ deserialization handling, and route requests through Stapler to access sensitive files on the Jenkins controller.

The issue affects Jenkins weekly versions up to 2.567 and LTS versions up to 2.555.2. Successful exploitation can lead to arbitrary file read, user impersonation, Script Console access, and possible exposure of SSH keys, credentials, and internal Jenkins secrets. Administrators are urged to upgrade immediately to Jenkins weekly 2.568 or LTS 2.555.3, review logs for suspicious createView requests, and audit users with View/Configure, Item/Configure, or Agent/Configure permissions.

Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy in c/cybersecurity@infosec.pub
[–] UnLocoPoco@lemmy.world 4 points 2 days ago

Update: seems like there's a 2nd wave of attack..a bit more sophisticated than the initial wave..has begun. Code is more obfuscated

Meta Removes Face-Recognition System From Its Smart Glasses, Is Mad About it in c/technology@lemmy.world
[–] UnLocoPoco@lemmy.world 3 points 1 week ago

On the internet every company does User profiling mainly for advert purposes...its impossible to escape these days but what's most concerning about glasses was face data was pretty easily made available by the user...still advert and tracking cookies can be blocked...but meta glass camera? Which is basically one of its most highpoint feature? I doubt anyone will heights to block it physically considering that they cost an arm and a leg

Meta Removes Face-Recognition System From Its Smart Glasses, Is Mad About it in c/technology@lemmy.world
[–] UnLocoPoco@lemmy.world 22 points 1 week ago (2 children)

Wait...does this mean every time someone wearing a meta glass looked at me...rather its camera looked at me, meta stored my face for profiling purposes regardless of me being an user of meta Apps or not?? This is so messed up. Initially I thought that only friends of meta users used to get profiled via face recognition....wtf..but again it's meta...violated multiple privacy laws and as such....so not a surprise tbh