Notes | Brutkey

Happy Patch Tuesday. Here's your emoji of the day.

The tired face emoji mixed with the party emoji.

cR0w
@cR0w@infosec.exchange

Vim with two nice CVEs. One is a UAF and the other is a double-free.

https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6

https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x

cR0w
@cR0w@infosec.exchange

@scottwilson@infosec.exchange They couldn't out crazy real life anymore and gave up.

cR0w
@cR0w@infosec.exchange

@scottwilson@infosec.exchange But really, the only thing I've heard was that the guy behind it got arrested for something. No confirmation, no details.

cR0w
@cR0w@infosec.exchange

If you run a massive international corporation with lots of money and you need another domain for something, please don't use something like a .xyz or .top or .cloud . It's a poor practice and you are in no place to criticize orgs that rightfully block those shady TLDs.

cR0w
@cR0w@infosec.exchange

A sev:CRIT ../ in Xerox in 2025.

https://nvd.nist.gov/vuln/detail/CVE-2025-8356

cR0w
@cR0w@infosec.exchange

Go hack more AI shit.

https://github.com/zed-industries/zed/security/advisories/GHSA-x34m-39xw-g2wr

cR0w
@cR0w@infosec.exchange

Another space vuln.

https://github.com/nasa/CryptoLib/security/advisories/GHSA-9qph-pxfm-q9g4

cR0w
@cR0w@infosec.exchange

Tomorrow is Patch Tuesday. Again. In case you were looking for a reason to call in sick or something.

cR0w
@cR0w@infosec.exchange

Are people seriously installing browser plugins to summarize the pages they visit using AI?!