RC RANDOM CHAOS

supply chain

39 posts

There is no Linear kernel CVE
Article

There is no Linear kernel CVE

Linear's speed comes from a local-first sync engine, not a kernel-memory exploit. The fabricated CVE framing is wrong. The real exposure is elsewhere.

A binary that hands kernel hooks to anyone
Article

A binary that hands kernel hooks to anyone

Zeroserve packages kernel-adjacent execution surface under userspace pipelines. The artifact crosses a privilege boundary the pipeline was not scoped to see.

Cooldown does not fix the resolver
Article

Cooldown does not fix the resolver

Bundler 2.6 cooldown defers new gem versions to interrupt published-and-pulled supply chain attacks. The resolver's trust model is the systemic exposure.

Korea's KCSC mandates server-side image parsers
Article

Korea's KCSC mandates server-side image parsers

Korea's mandatory AI image scanning forces every forum into a multi-layer parser and ML pipeline. The CVE surface and exploitation paths that result.

memcpy walks off the end of the receiver
Article

memcpy walks off the end of the receiver

rsync shipped six CVEs in January 2025. LLMs did not write new bugs - they compressed variant discovery, harness generation, and vulnerable deployment.

Meta ships ADB-enabled firmware to deprecated Portals
Article

Meta ships ADB-enabled firmware to deprecated Portals

Meta deprecated Portal devices with ADB enabled and patches stopped. Unpatched Android cameras and microphones now sit as permanent network exposure.

Netherlands restricts DigiD to European operator
Article

Netherlands restricts DigiD to European operator

Dutch government restricts DigiD operation to a European vendor. Jurisdiction changes. The single-vendor identity concentration risk does not.

340 million records, unverified seller
Article

340 million records, unverified seller

Technical analysis of plausible attack vectors behind the claimed OnlyFans 340M record leak, with detection signatures for each path.

Malicious VSCode extension shipped through official Marketplace
Article

Malicious VSCode extension shipped through official Marketplace

Technical analysis of a compromised VSCode extension reaching GitHub credentials: extension host privileges, MITRE ATT&CK mapping, telemetry gaps.

Megalodon hijacked 55,000 GitHub repos via token replay
Article

Megalodon hijacked 55,000 GitHub repos via token replay

Megalodon compromised 55,000+ GitHub repositories through PAT harvesting, pull_request_target abuse, and OAuth scope inheritance. Technical breakdown.

Your valid credentials are the breach.
Article

Your valid credentials are the breach.

Technical analysis of a coordinated GitHub Actions workflow compromise across 5,561 repositories, with detection guidance for audit log and EDR telemetry.

Malicious commits breached 5,561 repositories
Article

Malicious commits breached 5,561 repositories

5,561 GitHub repos received malicious CI/CD commits disguised as bot maintenance. The failure was identity enforcement, not exploit complexity.