No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE
https://modzero.com/en/blog/no-leak-no-problem/
#HackerNews #NoLeakNoProblem #ROPChain #RCE #SecurityResearch #ASLR #Exploit
A theoretical way to circumvent Android developer verification
https://enaix.github.io/2025/10/30/developer-verification.html
#HackerNews #AndroidDevelopment #Circumvention #SecurityResearch #DeveloperVerification #HackerNews
Tim Chambers
boosted
Finding thousands of exposed Ollama instances using Shodan
https://blogs.cisco.com/security/detecting-exposed-llm-servers-shodan-case-study-on-ollama
#HackerNews#Finding#Exposed#Instances#Shodan#Ollama#Cybersecurity#SecurityResearch
Cory Doctorow
boosted
🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.
🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code
The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂
Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.
Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus
#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability
🍔 Just collabed with @BobTheShoplifter on a MASSIVE SECURITY BREACH: We exposed how Restaurant Brands International (Burger King, Tim Hortons, Popeyes) left their drive-thru systems etc completely vulnerable.
🎯 What we found:
• Unauthenticated API access to ALL drive-thru locations globally
• Drive-thru voice recordings of customers accessible
• Employee PII exposed.
• Bathroom feedback systems with zero auth
• Hardcoded passwords in client-side code
The scope was insane - we could access any drive-thru system globally. Even listen to your actual drive-thru orders 👂
Credit to RBI for lightning-fast response once disclosed, but the privacy implications were staggering.
Full technical breakdown: https://bobdahacker.com/blog/rbi-hacked-drive-thrus
#InfoSec#CyberSecurity#ResponsibleDisclosure#Privacy#GDPR#API#GraphQL#SecurityResearch#VulnDisclosure#RestaurantBrands#BurgerKing#TimHortons#Popeyes #vulnerability
Finding thousands of exposed Ollama instances using Shodan
https://blogs.cisco.com/security/detecting-exposed-llm-servers-shodan-case-study-on-ollama
#HackerNews#Finding#Exposed#Instances#Shodan#Ollama#Cybersecurity#SecurityResearch