We've been hacked
pen.blahaj.zone
So we have some bad news. Some news I had hoped we’d never have to tell you. Unfortunately the blahaj zone instances have been hacked. ...

Blahaj.zone experienced a security breach and is handling it to properly reduce the risk of harm to their users. the current eta for their reture is in about 7 hours.

  • sylver_dragon@lemmy.worldEnglish
    0·
    13 days ago

    Then they transfered a file to /tmp/exp which was linux kernel CVE-2026-43500, nicknamed ‘Dirty Frag’, an RxRPC local privilege escalation. I had not patched these internal servers that nobody should have access to against this.

    Lessons Learned #1:
    Install your patches.
    “But I have a firewall!”
    That is not a sufficient control.
    Install.
    Your.
    Fucking.
    Patches!

    • frongt@lemmy.zipEnglish
      1·
      13 days ago

      “Should” is a four-letter word in fields like safety and security.