Welcome to Friendica.Eskimo.Com
Home of Censorship Free Hosting
E-mail, Web Hosting, Linux Shell Accounts terminal or full remote desktops.
Sign Up For A Free Trial Here
Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
2025-06-24 15:31:52
2025-06-24 15:31:52
2025-06-24 15:31:41
19012099
2025-06-24 15:30:47
2025-06-24 15:30:47
2025-06-24 15:30:09
19012071
Basic Facts about GPUs
Link: damek.github.io/random/basic-f…
Discussion: news.ycombinator.com/item?id=4…
2025-06-26 09:08:33
2025-06-24 15:30:24
2025-06-24 15:30:20
19012067
In the face of war and violence that disrupts and even extinguishes the lives of people, paradoxically I look for humanity in the birds I see every day. Sometimes it’s in the ingenuity of a jay, or in the apparent playfulness of a hummingbird. It’s easy to forget that to survive, a hummingbird needs to find food every ten to fifteen minutes. A reminder that while we’re trying our best just to survive, there’s still time to pay attention to other things, even a brief moment of relief.
mas.to/@Jgbird/114739000968562…
Jerome G (@Jgbird@mas.to)
Attached: 1 image In the face of war and violence that disrupts and even extinguishes the lives of people, paradoxically I look for humanity in the birds I see every day.mas.to
like this
pernilla, Samuel Smith, John Hummel, Tony Langmach, Dan d'Auge, Khurram Wadee and whuffo like this.
2025-06-24 15:30:08
2025-06-24 15:30:06
2025-06-24 13:07:19
19012049
Function Health update:
I think I have all of the bookmarkers in from both sets of tests.
Turns out I have some work to do, and my general feeling that my bad diet, lack of sleep, stressed out life style and self-tyrannical attitude of just working harder at things is killing me.
And now I can see the evidence in my blood work.
I have a lot of work to do.
The app and process however have been great. And while it’s hard to be confronted with this info, it’s probably news I needed.
1/2
2025-06-24 15:29:58
2025-06-24 15:29:58
2025-06-24 15:29:03
19012045
Israeli Drone Strike Kills Three in Southern Lebanon amid Ongoing Violations tn.ai/3341509
Israeli Drone Strike Kills Three in Southern Lebanon amid Ongoing Violations
TEHRAN (Tasnim) – In a fresh act of aggression, the Israeli regime carried out a drone strike targeting a civilian vehicle in southern Lebanon, resulting in the martyrdom of three individuals, according to Lebanon’s Ministry of Health.Tasnim News Agency
2025-06-27 13:46:34
2025-06-24 15:29:58
2025-06-24 15:26:49
19012043
in reply to ssillyssadass
in reply to just_another_person
in reply to ssillyssadass
in reply to just_another_person
in reply to ssillyssadass
in reply to just_another_person
in reply to data1701d (He/Him)
in reply to just_another_person
in reply to data1701d (He/Him)
in reply to just_another_person
in reply to ssillyssadass
in reply to ssillyssadass
in reply to ssillyssadass
in reply to ssillyssadass
in reply to ssillyssadass
I could use some troubleshooting help for a Linux laptop
I was helping my friend install Mint on his laptop, it all went well and the installation finished, but the driver for the wi-fi module wouldn't turn on properly, or something. I assumed this was due to secure boot messing with the drivers, so I tried to disable it in the BIOS (it's an older laptop, no UEFI). But I have spent the last 3 hours trying and failing to open BIOS, and even GRUB. Nothing I try seems to work.
I tried all the function keys, as well as delete, escape, and enter, and the only thing I found is that F12 opens a boot options menu.
I tried holding and mashing shift throughout the boot procedure to get to GRUB.
I tried using the novo button (it's a Lenovo laptop) which did open a new menu allowing me to select a "BIOS options" button, but it just rebooted after showing me a few rolling lines of text.
I tried plugging in the installation media I used before, which does take me to it's GRUB, but choosing the UEFI options option there just causes a reboot.
I tried disconnecting the battery and the CMOS battery and waiting for 30 seconds in hopes of disabling fast boot, which didn't work.
I edited GRUB config files to change the timeout to 10 and the type away from hidden, which didn't do anything.
I disconnected the disk in hopes of it defaulting to the BIOS, which works for some laptops.
No option worked. I just cannot access BIOS or GRUB. I really don't know where to go next, and could use some help.
What's the model of the machine, or the the WiFi module?
It's a Lenovo 80JW, with a Broadcom BCM43162, from what I can see.
Broadcom chipsets are notoriously lacking in any sort of open driver operation or collaboration. I'd honestly just replace it with a $25 Intel chipset, but if you want to fight through it: help.ubuntu.com/community/Wifi…
You'll notice that your specific chipset isn't mentioned, but it might be different now, so I'd double check.
This entry was edited (1 month ago)
Does that mean that even with secure boot turned off I would have no more luck?
Also, USB dongles should work though, right?
Secure Boot has nothing to do with, Broadcom keeps their drivers completely closed, and just doesn't support this chipset anywhere except Windows.
USB dongles would work fine, but probably cost more than an internal module. It sounded from your post like you're fine with opening the machine and navigating the internals, so swapping the WiFi module would only take 5m.
Just stay away from Broadcom in general. Intel has the best performing WiFi chipsets at current, but Atheros and Realtek work just fine as well.
Otherwise agree, but I did run into pain with Realtek on my Thinkpad - the module would sometimes crash and disconnect entirely (on a PCI-e level) from the system.
I did manage to find a fix, but I would not recommend Realtek to someone.
That's less likely to be the chipset, and more likely to be crap hardware. The chipset wouldn't cause PCIe disconnect/interrupt issues, but shitty power handling in a laptop would. Can I wager it happened when plugging/unplugging power or ramping up CPU or GPU util? That was a thing on those Lenovo convertibles for years, but they did throw that shoddy consumer hardware into the Thinkpad line which made it go downhill fast.
You're right that it was power-related - one of the options was an ASPM modification - but the issue seemed to be common to this chipset accross laptop brands.
The fix I used came from this post: bbs.archlinux.org/viewtopic.ph…
My machine was a Thinkpad, but this article was also talking about problems on HP, Asus, etcetera. I think the 8852BE might just be cursed
To be fair, I was using an E series Thinkpad, but in my defense, the E series seems to have improved a lot in the past few years - this was luckily the only issue I've had. I've had much more difficult times with Linux on other laptops. Heck, even my desktop had more setup than this when I was first starting out, though it was because I was using a Broadcom Wi-Fi card, as I also dual-booted with a Hackintosh and macOS only supports Broadcom Wi-Fi chipsets.
Yeah, if you want to understand the dual-edged sword of Broadcom, just go look at the hardware support matrices of open source router platforms. NONE will support Broadcom, because they want to nab licensing for their drivers. You can't install a working ddrt, tomato, opensense, openwrt...etc on ANY Broadcom hardware platforms, but the manufacturers using them still are many.
It's finally starting to subside, but there was a decade where they ruled the wireless space. They refuse to capitulate on the open drivers issue though, it's insane.
I went an changed to an Intel AX200 I had lying around, though now I have problems with the wireless availability dipping in and out of service. Like the card is being constantly power cycled.
Check the section here that details disabling power management for the WiFi device: easylinuxtipsproject.blogspot.…
You also need to make sure you disable the internal card as well.
Speed Up your Mint!
Easy tips, tweaks and tricks for Linux Mint and Ubuntu, both for beginners and for advanced users. Complete starter's guide with simple how-to's.easylinuxtipsproject.blogspot.com
I was about to suggest disconnecting the disk until I read that you already tried that. What came up when you removed the disk? The fact that it doesn't go straight to ~~a boot device selection screen or ~~the BIOS is very curious.
This entry was edited (1 month ago)
Pretty sure secure boot is a UEFI feature so if the board only supports BIOS then there is no secure boot anyway.
If you haven't solved this yet I would try using the novo button again with your camera ready to get the text and see if it's useful. Beyond that, I'm not sure how to get into the bios. Assuming it still boots and doesn't have a soldered wifi card you could always get an AX210 for fairly cheap off of ebay. Should have good linux support.
Edit: Nvm the card suggestion, I see your comment on that.
This entry was edited (1 month ago)
If you can get into the system,
systemctl reboot --firmware-setup should tell your laptop to reboot into the UEFI ui
2025-06-24 15:29:02
2025-06-24 15:29:02
2025-06-24 15:28:51
19012036
Ο πόλεμος είναι μια πράξη βίας, και δεν υπάρχει όριο στην εκδήλωση αυτής της βίας. Καθένας από τους 2 αντιπάλους ακολουθεί το νόμο του άλλου, κι απ' αυτό προκύπτει μια αλληλεπίδραση, που ως έννοια οφείλει να φτάσει στα άκρα.
-Κλάουζεβιτς
-Κλάουζεβιτς
2025-06-24 15:25:08
2025-06-24 15:25:08
2025-06-24 15:24:59
19012010
globalissues.org/news/2025/06/…
Gaza: Over 400 Palestinians killed around private aid hubs, UN rights office says
At least 410 Palestinians have been killed by the Israeli military while trying to fetch from controversial new aid hubs in Gaza – a likely war crime – the UN human rights office, OHCHR, said on Tuesday.www.globalissues.org
2025-06-24 15:24:47
2025-06-24 15:24:47
2025-06-24 15:24:33
19012005
2025-06-24 21:39:09
2025-06-24 15:24:47
2025-06-24 15:23:25
19012004
The United States is at almost $1 Trillion Dollars — This is incredible! Will be discussing it soon with the Members of NATO.
2025-06-24 15:23:56
2025-06-24 15:23:56
2025-06-24 15:23:44
19011997
theguardian.com/society/2025/j…
Sadiq Khan joins growing Labour rebellion against disability benefit cuts
Exclusive: London mayor is most senior party figure to call for plans to be dropped, as Starmer vows to press aheadAletha Adu (The Guardian)
2025-06-24 15:23:25
2025-06-24 15:23:25
2025-06-24 15:23:15
19011993
novaramedia.com/2025/06/24/her…
Here’s How the Palestine Action Ban Could Affect You
Meeting with even two other people and expressing support for the protest group could land you in prison for up to 14 years if Yvette Cooper's proscription of it goes into effect. Simon Childs on what the ban could mean for you.Novara Media
2025-06-24 15:22:17
2025-06-24 15:22:17
2025-06-24 15:22:00
19011978
voxpoliticalonline.com/2025/06…
Labour Rebellion Snowballs Against Disability Cuts Bill
Opposition to Labour's disability benefit cuts is snowballing. More than 120 Labour MPs have signed — and the pressure could topple the bill.Mike Sivier (Vox Political)
2025-06-24 15:21:47
2025-06-24 15:21:47
2025-06-24 15:21:27
19011972
skwawkbox.org/2025/06/24/israe…
Israel breaches Trump ‘ceasefire’ with Iran within minutes (of course – just as it did daily in Gaza)
Zionist regime makes fool of Trump, to the surprise of no one, and says it plans to continue Israel breached US president Donald Trump’s claimed ‘agreement’ for a ceasefire betwee…SKWAWKBOX
2025-06-24 15:21:29
2025-06-24 15:21:29
2025-06-24 15:20:10
19011965
Finding a 27-year-old easter egg in the Power Mac G3 ROM
Link: downtowndougbrown.com/2025/06/…
Discussion: news.ycombinator.com/item?id=4…
2025-06-24 16:05:28
2025-06-24 15:21:04
2025-06-24 15:20:57
19011961
in reply to Michael
thedissenter.org/israels-ban-o…
Israel Expands Al Jazeera Ban To Foreign Broadcasters
The following article was made possible by paid subscribers of The Dissenter. Become a subscriber and support journalism that defends press freedom.Kevin Gosztola (The Dissenter)
The only democracy in the region 😀
2025-06-24 15:20:34
2025-06-24 15:20:33
2025-06-24 13:56:48
19011951
what Johnny said then - rings louder today - as the web of deceit spins faster and faster
2025-06-24 15:31:01
2025-06-24 15:20:24
2025-06-24 15:20:11
19011946
Good grief..no wonder the Tories are done for..
independent.co.uk/news/uk/home…
Ex-Tory councillor banned after saying white men should have black slaves
Andrew Edwards had initially claimed the voice recording was a ‘deep fake’Holly Evans (The Independent)
2025-06-24 15:20:13
2025-06-24 15:20:13
2025-06-24 15:19:06
19011944
08:33 Iranian National Security Council: Our operations pose no threat or danger to the friendly and brotherly nation of Qatar and its people english.masirahtv.net/news/359…
2025-06-24 15:19:17
2025-06-24 15:18:48
2025-06-24 15:18:35
19011928
tried updating systemd and the update process hung
in reply to woodland creature
tried updating systemd and the update process hung
do i kill it or just wait ....
2025-06-24 15:18:46
2025-06-24 15:18:46
2025-06-24 15:17:31
19011929
Both Israel and Iran wanted to stop the War, equally! It was my great honor to Destroy All Nuclear facilities & capability, and then, STOP THE WAR!
2025-06-24 15:18:34
2025-06-24 15:18:34
2025-06-24 13:00:00
19011926
Iceland is one of the most active volcanic regions in the world, but its seismic nature is part of a much broader geological history.
2025-06-24 15:19:58
2025-06-24 15:17:33
2025-06-24 15:17:12
19011919
I give up. Was this all the most dangerous playground brawl in the world?
2025-06-29 15:50:04
2025-06-24 15:16:30
2025-06-24 04:11:59
19011912
westword.com/news/hacked-denve…
in reply to 𝕕𝕚𝕒𝕟𝕒 🏳️⚧️🦋
Hacked Denver Traffic Boards Tell Drivers "Bring the Heat Fuck ICE"
"I know Denver is holding firm, but this was another f-word altogether."Bennito L. Kelty (Denver Westword)
like this
John Hummel and whuffo like this.
N. E. Felibata 👽 reshared this.
At the No Kings protest in Urbana, IL, there was a wonderful sign that read, "I PREFER MY ICE CRUSHED"
like this
Andrew Pam, stefani banerian, Michael Fenichel and hummingbird like this.
2025-06-26 09:28:52
2025-06-24 15:16:22
2025-06-24 06:16:29
19011908
like this
John Hummel and whuffo like this.
N. E. Felibata 👽 reshared this.
2025-06-24 15:15:19
2025-06-24 15:15:19
2025-06-24 15:15:11
19011899
hehe based
2025-06-24 15:15:11
2025-06-24 15:15:11
2025-06-24 15:15:07
19011896
2025-07-02 12:19:04
2025-06-24 15:14:52
2024-01-20 11:13:17
19011894
Happy #caturday everybody !
in reply to Louise Michel
in reply to Louise Michel
pernilla likes this.
N. E. Felibata 👽 reshared this.
ah t'es revenue faire un tour ! oui les nouvelles du monde ne sont pas très bonnes, ça ne va pas en s'arrangeant et c'est déprimant... Mais il faut garder le moral, profiter des petits moments de bonheur comme celui que tu as posté avec cette photo. Je t'envoie plein de bonnes vibs 😀))))))))))))))))))❤
2025-06-25 09:12:08
2025-06-24 15:12:54
2025-06-24 13:35:33
19011871
in reply to SnokenKeekaGuard
dorumon likes this.
Why would you kill a moth? It's so fuzzy and cute like a miniature plushie 😭
2025-06-24 15:12:52
2025-06-24 15:12:52
2025-06-24 13:24:16
19011870
2025-06-24 15:11:45
2025-06-24 15:11:45
2025-06-24 15:10:18
19011865
2025-06-24 15:11:27
2025-06-24 15:11:27
2025-06-24 13:29:35
19011860
Weatherman says it's going to be 38C, so put your seltzer in the fridge girls.
2025-06-24 21:39:14
2025-06-24 15:10:48
2025-06-24 15:09:47
19011847
nypost.com/2025/06/15/opinion/…
static-assets-1.truthsocial.co…
Nearly 1 million illegal immigrants have 'self-deported' under Trump, which has led to higher wages
DHS can’t arrest and deport 15.4 million illegal aliens, but if it simply enforces the law, many aliens will get the message and leave on their own — as hundreds of thousands apparently already hav…Andrew Arthur (New York Post)
2025-06-24 15:10:19
2025-06-24 15:10:19
2025-06-24 15:09:04
19011843
OIC Forms Ministerial Working Group To Respond to Attacks on Iran eir.news/2025/06/news/oic-sets…
OIC Forms Ministerial Working Group To Respond to Attacks on Iran
The Foreign Ministers of the Organization of Islamic Cooperation (OIC), with 57 member nations, the second largest international organization in the world after the United Nations, met in Istanbul, Türkiye over June 21-22 this past weekend.Gretchen Small (EIR News)
2025-06-24 15:10:06
2025-06-24 15:10:06
2025-06-24 15:10:06
19011840
Grover Furr Talks on Khrushchev Lied - April 3, 2011
2025-06-26 08:59:18
2025-06-24 15:07:53
2025-06-24 15:07:50
19011828
Dangerous Show: America on Stage
#cartoon by Muzaffar #Yulchiboev
like this
John Hummel and whuffo like this.
2025-06-24 15:07:49
2025-06-24 15:07:48
2025-06-24 13:38:51
19011823
2025-06-26 08:59:23
2025-06-24 15:07:45
2025-06-24 15:07:42
19011822
like this
Benedikt Bauer, Tony Langmach, Aladár Mézga, Torsten Appelhagen, Elias Schwerdtfeger and whuffo like this.
2025-07-01 18:06:48
2025-06-24 15:07:27
2025-06-24 15:07:23
19011818
like this
Kenny Chaffin, suseoddvibes, John Hummel, whuffo and samuel like this.
2025-06-26 09:00:30
2025-06-24 15:07:07
2025-06-24 15:07:02
19011810
like this
Kenny Chaffin, suseoddvibes, Stefan H., born at 322 ppmv and whuffo like this.
2025-06-26 09:02:00
2025-06-24 15:07:00
2025-06-24 15:06:55
19011809
Heute war es schon das zweite Mal, dass am Klavier im Bahnhof Südkreuz ein Mann saß, vom Aussehen her, Jacke, Hose, Füße ohne Socken in fragwürdigen Schuhen, vom Aussehen her einer auf der Straße. Und zum zweiten Mal saß er da an dem Klavier und spielte mit einer wunderschönen Eleganz und Leichtigkeit #Chopin. Als ich reinkam in die Halle, begrüßte mich der Minutenwalzer, und danach kam der da:Das sind so die Momente in der Stadt.
Chopin - Waltz Op. 64 No. 2 (Rubinstein)
Waltz No. 2 from Waltzes, Op. 64Arthur Rubinstein, pianoWaltz in C-sharp minor is the second work of Chopin's opus 64 and the companion to the Minute Waltz (...YouTube
like this
Stefan H., born at 322 ppmv, Aladár Mézga, Elias Schwerdtfeger and whuffo like this.
2025-06-24 15:05:54
2025-06-24 15:05:54
2025-06-24 15:05:53
19011804
Quand le patronat dépossède les ouvriers de leur savoir-faire ( Taylor ) - Danièle Linhart - À gauche
2025-06-24 15:02:13
2025-06-24 15:02:13
2025-06-24 15:02:03
19011762
@HebrideanHecate Any tweedmakers remain in Scotland?
2025-06-24 15:02:19
2025-06-24 15:01:30
2025-06-24 07:10:25
19011757
in reply to Klaus
Unknown parent
♲ Jost Maurin - 2025-06-24 06:31:14 GMT
Bauernverband will weniger #Mindestlohn für ausländische #Erntehelfer als für Deutsche. Landwirte sollten Saisonarbeitern aus dem europäischen Ausland nur 80 % des normalen Mindestlohns zahlen müssen, so die Unternehmerorganisation. taz.de/Mindestlohn-fuer-Ernteh… #Landwirtschaft
N. E. Felibata 👽 reshared this.
Ich würde dem Vorsitzenden des Bauernverbands sofür das Gehalt um 20% kürzen - will er bei anderen ja auch.
N. E. Felibata 👽 likes this.
2025-06-25 06:55:24
2025-06-24 15:01:28
2025-06-24 15:01:21
19011755
like this
M-J-Revenge ✮☮★━NOK 4 U 2━★☮✮, billyidle, Aladár Mézga, HU Art Sound (2) and Jochen bei Geraspora* like this.
2025-06-24 15:01:04
2025-06-24 15:01:04
2025-06-24 15:00:58
19011750
givehim15.com/post/june-24-202…
GH15 prayer for June 24, 2025
Order Into Chaos, Light Into Darkness
Dutch Sheets
Order Into Chaos, Light Into Darkness | Give Him 15: Daily Prayer with Dutch | June 24, 2025
The set is now complete. Order your copies today! https://dutchsheets.mybigcommerce.com/Learn more about Give Him Fifteen here:Website: https://www.givehim15...YouTube
2025-06-24 17:06:59
2025-06-24 15:00:47
2025-06-24 15:00:34
19011743
Unknown parent
Trump: Israel and Iran came to me almost at the same time and asked for peace.
Both countries are winners.
Both countries are winners.
2025-06-26 09:39:30
2025-06-24 15:00:29
2025-06-24 15:00:13
19011738
whuffo likes this.
2025-06-24 15:00:12
2025-06-24 15:00:12
2025-06-24 15:00:05
19011735
"Behold, the Lamb of God, who takes away the sin of the world! This is he of whom I said, ‘After me comes a man who ranks before me, for he was before me.’ I myself did not know him; but for this I came baptizing with water, that he might be revealed to Israel."
— John The Baptist (John 1:29-31)
2025-06-24 15:00:07
2025-06-24 15:00:07
2025-06-24 14:59:03
19011733
DPRK Wrestlers Return Home kcna.kp/en/article/q/f6d7931a4…
2025-06-24 15:00:04
2025-06-24 15:00:04
2025-06-24 15:00:04
19011731
Work of April Joint Plenum of the C.C. and C.C.C. marxistleninists.org/Stalin/WA…
2025-06-24 14:59:43
2025-06-24 14:59:42
2025-06-24 05:36:05
19011725
in reply to LadyButterfly she/her
in reply to AllNewTypeFace
Tell me you’re not in Europe without saying you’re not in Europe
Was going to comment the same thing 😅
2025-06-24 14:59:10
2025-06-24 14:58:58
2025-06-24 14:31:30
19011716
Jony and Sam are both suddenly real quiet; wonder how their honeymoon is going
Oh
pivot-to-ai.com/2025/06/23/iyo…
*Nelson laugh*
h/t @davidgerard
Iyo vs. Io — OpenAI and Jony Ive get sued
In May, legendary Apple designer Jony Ive hooked up with OpenAI to announce an unspecified gadget. [WSJ, archive] To promote this complete vaporware, OpenAI released a video of Sam Altman and Ive b…Pivot to AI
2025-06-26 09:38:37
2025-06-24 14:58:36
2025-06-24 14:50:10
19011712
#TheArgyleSweater by #ScottHilburn on GoComics
gocomics.com/theargylesweater/…
The Argyle Sweater by Scott Hilburn for June 24, 2025 | GoComics
Read The Argyle Sweater—a comic strip by creator Scott Hilburn—for today, June 24, 2025, and check out other great comics, too!www.gocomics.com
like this
Susan ✶✶✶✶, Andrew Pam, Tony Langmach, John Hummel, HU Art Sound (2) and whuffo like this.
reshared this
billyidle and N. E. Felibata 👽 reshared this.
2025-06-24 14:57:02
2025-06-24 14:57:02
2025-06-24 14:56:55
19011697
Stephen McNallen, the founder of the Asatru movement here in the United States, produced a series of 17 different presentations and interviews with Odinist luminaries a few years ago called Gods, Folk and Destiny.
TalieVision maintains the complete list:
bitchute.com/playlist/n4lYXpZJ…
They're both informative and entertaining. I wish he had done more.
TalieVision is television for a Whiter future. It's a growing archive of almost 600 pro-White and White-friendly (mostly) full-length videos, featuring news, interviews, speeches, lectures, documentary films, concerts & other live performances, movies, and much more.
2025-06-24 14:56:56
2025-06-24 14:56:55
2025-06-24 14:51:14
19011686
Yet again, Apple has perfected design
2025-06-24 14:56:50
2025-06-24 14:56:48
2025-06-24 13:55:25
19011658
Unknown parent
Unknown parent
Unknown parent
in reply to WilhelmIII
I might die bros
Already 92F here and it's not yet 11AM.
Fuuuuuuuuuuuuck
I'm dreading the 50 yard walk to my shop.
2025-06-24 14:55:47
2025-06-24 14:55:47
2025-06-24 14:54:40
19011644
Chinese researchers have released QiMeng, the world’s 1st fully automated processor chip design system, making AI-designed chips a reality.
#china #technology #ai
QiMeng: Fully Automated Hardware and Software Design for Processor Chip
Processor chip design technology serves as a key frontier driving breakthroughs in computer science and related fields.arXiv.org
2025-06-24 14:55:31
2025-06-24 14:55:30
2025-06-24 14:42:38
19011641
in reply to verita84
Today's Trump video puts hin on the path to redemption
This entry was edited (1 month ago)
> Trump said he did not want to see regime change in Iran and strongly criticized U.S. ally Israel, saying the nation needs "to calm down."
2025-06-24 14:52:54
2025-06-24 14:52:54
2025-06-24 14:52:42
19011617
2025-06-24 17:57:40
2025-06-24 14:52:14
2025-06-24 14:52:06
19011606
in reply to UptownGirl
in reply to HunDriverWidow
in reply to UptownGirl
in reply to HunDriverWidow
in reply to UptownGirl
Want to join the B-2 bomber team? Here’s what it’ll take
defensenews.com/smr/global-str…
civil-war.net/how-hard-is-it-t…
My guess is that the average B-2 pilot is not 20 yrs old. Just saying.
Want to join the B-2 bomber team? Here’s what it’ll take
B-2 wings are increasingly bringing on pilots directly from Air Education and Training Command — and they have to keep training and developing their skills.Stephen Losey (Defense News)
UptownGirl reshared this.
@HunDriverWidow No, they are very experienced professionals, but even this article from 2019 states they are bringing them on right out of undergraduate pilot training. I wonder if it's tougher, now, to find candidates. And I'm thinking that to accomplish those protracted missions, successfully, they need stamina...and youth.
My late husband was a retired USAF fighter pilot. To be a pilot of this caliber, they are not 20 yrs old. 2019 was a long time ago in terms of a bird of this class.
UptownGirl reshared this.
@HunDriverWidow Yes, I know. We have USAF here, as well as other pilots. It was just a meme...and they do have to have stamina, as I'm sure you are aware.
I wasn't questioning you at all. I just thought the meme needed clarification as the widow of a fighter pilot & knowledge of all his training before going to Vietnam.
2025-06-24 21:39:20
2025-06-24 14:51:32
2025-06-24 14:50:33
19011596
foxnews.com/politics/trump-nom…
static-assets-1.truthsocial.co…
Trump nominated for Nobel Peace Prize over Iran-Israel ceasefire deal
Rep. Buddy Carter nominated President Donald Trump for the Nobel Peace Prize, citing his role in brokering a ceasefire between Israel and Iran and preventing Iran's nuclear ambitions.Elizabeth Elkind (Fox News)
2025-06-24 14:50:22
2025-06-24 14:50:22
2025-06-24 14:49:13
19011582
Funeral of martyrs of Israeli aggression against Iran en.mehrnews.com/photo/233564/F…
Funeral of martyrs of Israeli aggression against Iran
TEHRAN, Jun. 23 (MNA) – The funeral ceremony of a number of martyrs killed as a result of Israeli aggression against Iran was held at Behesht-e-Zahra Cemetery late on Sunday.Morteza Ahmadi Al Hashem (Mehr News Agency)
2025-06-24 14:50:04
2025-06-24 14:50:04
2025-06-24 14:50:04
19011572
revolutionary literature ciml.250x.com/archive/literatu…
2025-06-24 21:39:27
2025-06-24 14:49:31
2025-06-24 14:48:54
19011567
foxnews.com/politics/trump-nom…
Trump nominated for Nobel Peace Prize over Iran-Israel ceasefire deal
Rep. Buddy Carter nominated President Donald Trump for the Nobel Peace Prize, citing his role in brokering a ceasefire between Israel and Iran and preventing Iran's nuclear ambitions.Elizabeth Elkind (Fox News)
2025-06-24 21:39:31
2025-06-24 14:48:32
2025-06-24 14:47:25
19011551
2025-06-24 21:39:37
2025-06-24 14:47:45
2025-06-24 14:46:26
19011538
2025-06-24 14:47:18
2025-06-24 14:47:17
2025-06-24 13:39:17
19011532
Israel has subverted our government and embedded themselves 100x worse than they did in Iran, yet people want you to talk about literally ANYTHING else.
“Pay no attention to the man behind the curtain!”
Nick Fuentes on his America First Show on Rumble last night
2025-06-24 14:47:17
2025-06-24 14:47:17
2025-06-24 14:47:01
19011529
Nano-Vllm: lightweight vLLM implementation built from scratch: github.com/GeeeekExplorer/nano…
#linux #update #release #foss #nanovllm #llm #server
#linux #update #release #foss #nanovllm #llm #server
GitHub - GeeeekExplorer/nano-vllm: Nano vLLM
Nano vLLM. Contribute to GeeeekExplorer/nano-vllm development by creating an account on GitHub.GitHub
2025-06-24 14:46:19
2025-06-24 14:46:18
2025-06-24 12:37:02
19011508
in reply to Antonio Nazzareno Pellegrini
in reply to redwhitebluedude
in reply to Antonio Nazzareno Pellegrini
in reply to karnage
in reply to Stefanie 🇮🇱
Might as well give the Falklands(Malvinas) to Argentina.
@redwhitebluedude
Truly sad.
I'm reading that the HMS Queen Elizabeth & HMS Prince of Wales turned tail & fled towards the Suez Canal afore Operation Midnight Hammer began in full.
Spatooey!
@redwhitebluedude @redwhitebluedude @spinmaven @Stefanie @Donjanusgjrdrm
🚨 BREAKING:
Trump on Iran-Israel:
“We basically have two countries that have been fighting so long and so hard that they don’t know what the f*ck they’re doing”
This is what I voted for.
😎 🇺🇸 💪
@redwhitebluedude @spinmaven @Donjanusgjrdrm
It seems to be real.
Israel knows exactly what they're doing, so for that reason I didn't like what he said. But I trust Trump, so am accepting there was a method to the madness.
> Israel knows exactly what they're doing
Fine, but don't drag the US into it.
2025-06-24 14:45:02
2025-06-24 14:45:02
2025-06-24 14:44:49
19011498
Starship: The minimal, fast, and customizable prompt for any shell: starship.rs/
#linux #update #release #foss #terminal #shartship #prompt
#linux #update #release #foss #terminal #shartship #prompt
Starship: Cross-Shell Prompt
Starship is the minimal, blazing fast, and extremely customizable prompt for any shell! Shows the information you need, while staying sleek and minimal.starship.rs
2025-06-24 14:44:55
2025-06-24 14:44:55
2025-06-24 14:44:42
19011495
Posted on TS
2025-06-24 14:40:11
2025-06-24 14:40:11
2025-06-24 14:39:08
19011460
NATO pushes 5 pct defense spending goal as summit opens in The Hague global.chinadaily.com.cn/a/202…
2025-06-24 21:39:37
2025-06-24 14:39:47
2025-06-24 14:38:00
19011457
Mike Huckabee has been a GREAT Ambassador to Israel. Thank you Mike!
2025-06-24 14:38:04
2025-06-24 14:38:04
2025-06-24 14:38:04
19011440
The Unity Congress of the R.S.D.L.P. marx2mao.com/Lenin/UC06.html
2025-06-24 14:37:41
2025-06-24 14:37:41
2023-11-18 05:42:26
19011434
This entry was edited (7 months ago)
2025-06-24 14:35:44
2025-06-24 14:35:44
2025-06-24 14:11:46
19011413
in reply to Partisan Night Slut
We're just misrepresented, goy!
That's also pretty high on the f scale there, bub. (All psycho analytics are for the purpose of political, soft warfare, to keep the right wing illegal, perfected in the Soviet Union, brought to us by the escapees, and instituted by Ewan Cameron and mk ultra docs)
2025-06-24 15:01:47
2025-06-24 14:35:32
2025-06-24 14:35:23
19011408
in reply to HunDriverWidow
Anyone wonder when our lives will ever become "supposedly" normal again. Whatever normal we thought we were living in? Just curious.
Anyone wonder if they will live to see that day? Just curious.
In rural PA, we are trying to get back to normal. It's a little easier if you are around farms, Mennonites, Amish. Idk what the cities will do.
I guess the same as the rest of us- read the Bible, live like our grandparents did and be mostly fine.
I guess the same as the rest of us- read the Bible, live like our grandparents did and be mostly fine.
2025-06-24 14:41:46
2025-06-24 14:34:48
2025-06-24 14:13:20
19011402
earth.com/news/common-parasite…
Common parasite may be affecting your brain without symptoms - Earth.com
Toxoplasma gondii, a parasite, is silently affects brain signaling - possibly altering neural balance even in people without symptoms.Rodielon Putol (Earth.com)
2025-06-24 14:31:43
2025-06-24 14:31:42
2025-06-24 14:00:05
19011323
in reply to Skunkle, Potentially Dangerous Taxpayer
in reply to Ice fren
We'll eventually get them all. It's just taken some time. We're on to mop up the survivors of Alderaan next.
This entry was edited (1 month ago)
Used up her 9th life
that would make it 6,000,009.
2025-06-24 14:30:59
2025-06-24 14:30:59
2025-06-24 13:32:31
19011316
A one-and-a-half-year-old Palestinian baby was shot by Israeli forces near a Gaza Humanitarian Foundation (GHF) aid site while in her mother's arms.
The GHF has become a death trap for tens of thousands of starving Palestinians, with hundreds shot dead while trying to reach aid distribution points.
#Gaza #SaveGaza #StopIsrael #SanctionIsrael #BDS #starvation #warcrime
#palestine #Israel #Politics #Genocide #PeaceNow #StopTheWar #CeasefireNow @palestine @israel
2025-06-24 14:30:47
2025-06-24 14:30:47
2025-06-24 14:30:09
19011308
SourceHut moves business operations from US to Europe
Link: lists.sr.ht/~sircmpwn/sr.ht-de…
Discussion: news.ycombinator.com/item?id=4…
2025-06-24 15:39:32
2025-06-24 14:30:32
2025-06-24 14:09:25
19011303
Unknown parent
2025-06-24 14:30:17
2025-06-24 14:30:17
2025-06-24 14:29:06
19011301
Interview: Lessons from China’s Ascent socialistchina.org/2025/06/23/…
Interview: Lessons from China's Ascent - Friends of Socialist China
Embedded below is an interview with Friends of Socialist China co-editor Carlos Martinez on the CGTN Radio podcast The Bridge, hosted by Jason Smith.Friends of Socialist China
2025-06-24 14:30:04
2025-06-24 14:30:04
2025-06-24 13:50:41
19011292
BREAKING: Hospital sources in Gaza report 71 people killed in a series of Israeli massacres in the Gaza Strip since dawn today, including 50 aid seekers.
#starvation #FoodAsWeapon #Gaza #SaveGaza #StopIsrael #SanctionIsrael #BDS
#palestine #Israel #Politics #Genocide #PeaceNow #StopTheWar #CeasefireNow @palestine@a.gup.pe @israel @palestine@lemmy.ml
2025-06-24 14:29:02
2025-06-24 14:29:02
2025-06-24 14:28:54
19011273
FDA, CDC advisers say lost pregnancies higher than expected following early mRNA vaccination
freerepublic.com/focus/f-chat/…
Comments from below the link above, check them all:
"They should sue the government and the drug companies..."
justthenews.com/politics-polic…
FDA, CDC advisers say lost pregnancies higher than expected following early mRNA vaccination
Lower-than-expected pregnancy loss following flu vaccine, however. HHS wants 18-month hold on FOIA litigation related to vaccines including for COVID, litigant's lawyer says.Greg Piper (Just The News)
2025-06-24 14:28:04
2025-06-24 14:28:04
2025-06-24 14:28:04
19011242
Economic Manuscripts: Marx's Economic Manuscripts of 1861-63 hiaw.org/defcon6/works/1861/ec…
2025-07-24 12:13:01
2025-06-24 14:27:18
2025-06-20 15:52:37
19011216
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Latte macchiato
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
in reply to Kevin Beaumont
Unknown parent
Unknown parent
Unknown parent
in reply to cR0w
Unknown parent
Unknown parent
Unknown parent
Unknown parent
Unknown parent
Unknown parent
Unknown parent
Citrix Netscaler customers - keep calm and patch CVE-2025-5777 from Tuesday.
It allows unauth memory reads, has similarities to CitrixBleed (CVE-2023-4966) as may allow session token theft.
An update on CVE-2025-5777, explaining why orgs should identify systems and patch.
doublepulsar.com/citrixbleed-2…
CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 - DoublePulsar
Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 You may have missed it, as the original CVE on 17th June 2025 referred…Kevin Beaumont (DoublePulsar)
Worth noting that every write up says this vuln applies to the management interface - but that isn’t true, it’s because the initial CVE entry was wrong, and nobody does CVE entry updates in write ups.
This entry was edited (1 month ago)
A bit more on this. theregister.com/2025/06/24/cri…
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
: Why are you even reading this story? Patch now!Jessica Lyons (The Register)
I hope nobody is still misled by the pre-correction CVE into thinking that this is just a 'mitigate by controlling access to management interface like you should probably do anyway' thing that they can just defer to lower priority maintenance.
Relatively severe either way; but that teensy little correction was not loud enough for how dramatically an otherwise plausible mitigation turned out to be useless.
Citrix on this one:
"At this time, there have been no reports or indications that the vulnerabilities described in CTX693420 (CVE-2025-5349 and CVE-2025-5777) are being actively exploited in the wild. However, due to the critical severity of these issues (CVSS scores of 8.7 and 9.3), We strongly recommends that affected customers apply the updated patches immediately to mitigate any potential risks."
NHS Digital's cyber alert database has been updated too. digital.nhs.uk/cyber-alerts/20…
I highly recommend bookmarking this site for the alerts, they're really good at filtering noise:
E.g. if you select 'high' category, there's only one a month on average
Citrix just published a new Bulletin for CVE-2025-6543 (CVSS 9.2)
They don't even have an RSS/Atom feed, what a shame.
ReliaQuest are reporting with medium confidence that CitrixBleed2, Electric Boogaloo, is being exploited in the wild HT @CyberLeech reliaquest.com/blog/threat-spo…
Threat Spotlight: CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds - ReliaQuest
CVE-2025-5777 poses serious threats to Citrix Netscaler devices—discover recommended actions to block exploitation and protect accounts from Citrix Bleed 2.ReliaQuest
This entry was edited (1 month ago)
My view on that is I don’t have the data to back it up (because Citrix haven’t provided any way to identify exploitation, including to customers), but if true and the threat actor is running those tools with that provider, it’s probably a ransomware group again.
Citrix blog on CVE-2025-5777 and some other ones netscaler.com/blog/news/netsca…
NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777
Over the past two weeks, Cloud Software Group has released builds to address CVE-2025-6543 and CVE 2025-5777, which affect NetScaler ADC and NetScaler Gateway if they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR an …Anil Shetty (NetScaler Blog)
If you see this GitHub PoC for CVE-2025-5777 doing the rounds:
github.com/mingshenhk/CitrixBl…
It’s not for CVE-2025-5777. It’s AI generated. The links in the README still have ChatGPT UTM sources.
The PoC itself is for a vuln addressed in 2023 - ChatGPT has hallucinated (made up) the cause of the vuln using an old BishopFox write up of the other vuln.
GitHub - mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-: 详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件
详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件. Contribute to mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC- development by creating an account on GitHub.GitHub
Evidence if anybody cares
I’ve heard that Citrix are complaining me billing this CitrixBleed 2 is causing them reputational damage, and isn’t related in any way to CitrixBleed.
For the record - it was a dumb joke name to attraction attention for patching. I know it isn’t exactly the same cause.
But, ya know, it is a memory disclosure vuln which reveals sensitive info, and it does require ICA sessions be reset.. which only happened before with CitrixBleed.
but they're good with the "Electric Boogaloo" subtitle?
What about "Electric Bugaloo?" Lmao I bet they love that
I would say that increasing licensing prices 240% in a Broadcom style does them more reputational damage than this
I expect technical details of CVE-2025-5777 exploitation to become available next week.
Further suggestions CVE-2025-5777 details will release next week. xcancel.com/Horizon3Attack/sta… via horizon3.ai
Only Pentesting Platform Proven in Production | Horizon3.ai
Continuously assess, fix, and verify your security posture. Securing enterprises across many attack surfaces.Horizon3.ai
This entry was edited (1 month ago)
I've published my scan in progress of CVE-2025-5777 patching status, listing IPs, hostnames, Citrix Netscaler build numbers and if they're vulnerable to CitrixBleed2.
The scan isn't finished yet so these are only about a quarter of the results - unfortunately my coding skills are shite and it's really slow - should be finished over weekend or early next week.
Also, the SSL certificate hostnames are separated by comma which throws out CSV - sorry, I'll fix that later.
github.com/GossiTheDog/scannin…
scanning/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt at main · GossiTheDog/scanning
Contribute to GossiTheDog/scanning development by creating an account on GitHub.GitHub
If anybody is wondering btw it's 4047 definitely vulnerable (so far) from 17021 scanned instances - so 24% unpatched after about 3 weeks.
But scan is still running obvs so the vuln number will keep growing.
If anybody likes stats
- Of the 42 identified NHS Netscalers so far, 37 are patched🥳 The NHS are really good at this nowadays.
- Of the 65 identified .gov.uk Netscalers so far, only 48 are patched 😅 All of the unpatched are councils, which are obviously severely budget constrained in many cases - I'm also not sure they actually know they're supposed to be patching.
I wish they'd just put autoupdates on these things for orgs who can't manage it manually. 5 Min downtime at midnight local timezone wouldn't hurt much - 1 month downtime because of ransomware compromise really will...
First exploitation details for CVE-2025-5777 - the Netscaler vuln - are out. labs.watchtowr.com/how-much-mo…
If you call the login page, it leaks memory in the response 🤣
I don’t want to specify too much extra technical info on this yet - but if you keep leaking the memory via requests, there’s a way to reestablish existing ICA sessions from the leaked memory.
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)
Before you dive into our latest diatribe, indulge us and join us on a journey. Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great.Sina Kheirkhah (@SinSinology) (watchTowr Labs)
From watchtowr: "As we have discussed previously, we have a moral compass next to one of our favourite magnets, and we use it to guide our decision-making process."
wow that’s wild! how can that even happen? Wait… i do NOT want to know… alone thinking about the code that could do such a thing hurts
that's an impressively bad implementation error to have on the login page.
Will the cybercommunity keep CVE alive in some form?
would this take 3 out of 6 months to find perl developers or am I thinking of a different vulnerability?
Updated scan results for CVE-2025-5777: github.com/GossiTheDog/scannin…
It's still partial due to bugs, but about 18k servers.
scanning/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt at main · GossiTheDog/scanning
Contribute to GossiTheDog/scanning development by creating an account on GitHub.GitHub
Thank god everyone patched this before the weekend 🫨😭
CVE-2025-5777 is under active exploitation, since before the WatchTowr blog.
is it time to don’t panic yet?
CVE-2025-5777 (Citrix Netscaler vuln) has been under active exploitation since mid June, with people dumping memory and using this to try to access sessions.
TTPs to hunt for:
- In Netscaler logs, repeated POST requests to *doAuthentication* - each one yields 126 bytes of RAM
- In Netscaler logs, requests to doAuthentication.do with "Content-Length: 5"
- In Netscaler user logs, lines with *LOGOFF* and user = "*#*" (i.e. # symbol in the username). RAM is played into the wrong field.
This entry was edited (4 weeks ago)
Horizon3 have a good write up here, I don't think they were aware this is already being exploited for almost a month: horizon3.ai/attack-research/at…
Worth noting I was only able to find exploitation activity due to the WatchTowr and Horizon3 write ups - Citrix support wouldn't disclose any IOCs and incorrectly claimed (again - happened with CitrixBleed) that no exploitation in the wild. Citrix have gotta get better at this, they're harming customers.
CVE-2025-5777: CitrixBleed 2 Exploit Deep Dive by Horizon3.ai
Explore the CVE-2025-5777 vulnerability in Citrix, dubbed CitrixBleed 2. Learn how it works, attack details, and defensive steps from Horizon3.ai experts.Jimi Sebree (Horizon3.ai)
Just to be super clear, although Citrix claim that CitrixBleed 2 is in no way related to CitrixBleed, it allows direct session token theft - Citrix are wrong. Horizon3 have the POC and it's already being exploited - Citrix were also wrong.
"Not the most novel thing in the world… but this is much much worse than it initially appears. Take a look at the following video where you’ll see that it’s possible to receive legitimate user session tokens via this vector. "
was CitrixBleed the one that Citrix issued a patch for that didn't actually fix the vulnerability in like Nov 2023?
Exploitation IOCs for CVE-2025-5777 aka CitrixBleed 2, these are actively stealing sessions to bypass MFA for almost a month. Some are also doing Netscaler fingerprint scanning first.
64.176.50.109
139.162.47.194
38.154.237.100
38.180.148.215
102.129.235.108
121.237.80.241
45.135.232.2
HT @ntkramer and the folks at @greynoise
Look for lots of connections to your Netscaler devices over past 30 days. More IPs coming as also under mass exploitation. More IPs: viz.greynoise.io/tags/citrixbl…
This entry was edited (4 weeks ago)
My own honeypot only sees activity from Private VPN. No fingerprinting first. Most POST /p/u/doAuthentication.do, some POST /nf/auth/doAuthentication.do. User-Agent: "Vuln3rableVuln3rable..."
2025-07-07
190.60.16.26
103.27.203.82
45.9.249.58
185.94.192.162
128.1.160.146
200.110.153.22
2025-07-06
193.37.253.202
200.110.153.22
217.138.222.66
82.221.113.209
80.239.140.197
This entry was edited (4 weeks ago)
More from @greynoise telemetry - they now push CVE-2025-5777 (CitrixBleed 2) exploitation to June 23rd. I can push it back further, blog incoming.
I wrote up a thing on how to hunt for CitrixBleed 2 exploitation
doublepulsar.com/citrixbleed-2…
CitrixBleed 2 exploitation started mid-June — how to spot it
CitrixBleed 2 — CVE-2025–5777 — has been under active exploitation to hijack Netscaler sessions, bypassing MFA, globally for a month. At the time, I noted the similarities to CitrixBleed, and noted…Kevin Beaumont (DoublePulsar)
"I wrote this vuln back on June 24th..."
Pretty sure that's not what you meant ;)
Pretty sure that's not what you meant ;)
There’s 7 more IPs on GreyNoise exploiting CitrixBleed 2 today, all marked as malicious. viz.greynoise.io/query/tags:%2…
“Citrix declined to say if it's aware of active exploitation”
It is aware. arstechnica.com/security/2025/…
Critical CitrixBleed 2 vulnerability has been under active exploit for weeks
Exploits allow hackers to bypass 2FA and commandeer vulnerable devices.Dan Goodin (Ars Technica)
does anybody hear that statement and think anything other than “Citrix is aware that there is widespread, active exploitation. They just don’t want to admit it because it makes them look bad”?
First Victims in Switzerland and Germany
borncity.com/blog/2025/07/09/i…
Ameos-Klinikverbund: IT-Ausfall Folge eines Hacker-/Cyberangriffs
Ich kann nun eine weitere Informationen zu den IT-Ausfällen bei Ameos-Kliniken und Einrichtungen beitragen. Nachdem ich über die IT-Probleme berichtete…Günter Born (Borns IT- und Windows-Blog)
I believe Citrix may have made a mistake in the patching instructions for CitrixBleed2 aka CVE-2025-5777.
They say to do the instructions on the left, but they appear to have missed other session types (e.g. AAA) which have session cookies that can be stolen and replayed with CitrixBleed2. On the right is the CitrixBleed1 instructions.
The net impact is, if you patched but a threat actor already took system memory, they can still reuse prior sessions.
Tell anybody you know at Citrix.
This entry was edited (3 weeks ago)
oh my g-d they did it again
Obviously this is a Ripley Protocol type of situation; but is it known how long the session cookies would be expected to remain valid if not explicitly purged? Configurable and wide variation in plausible values? Life of connection until manual or enforced disconnect? Fixed or very likely default number of minutes after successful authentication?
CISA have modified the CVE-2025-5777 entry to link to my blog 🙌 I’m hoping this gets more visibility as a bunch of us can see from Netflow ongoing threat actor Netscaler sessions to.. sensitive orgs.
CVE-2025-5777 aka CitrixBleed 2 has been added to CISA KEV now over evidence of active exploitation.
Citrix are still declining to comment about evidence of exploitation as of writing.
This is how Citrix are styling Citrix Bleed 2 btw. In the blog there’s no technical details or detection details or acknowledgement of exploitation. They also directly blame NIST for their CVE description.
From Netflow I can see active victims - including systems owned by the US federal government - so strap in to see where this goes.
This entry was edited (3 weeks ago)
this feels very much like a corp Comms team in crisis management mode, thinking obfuscation will make the situation better. It's a natural reaction, but not one that helps mitigation.
A brutally honest 'we screwed up, here is what we can share without making the situation worse' along with some willingness to offer hotfixes rather than full releases is the better path forward.
On the plus side, I did get to read their latest Tolly report for lolz
This entry was edited (3 weeks ago)
How are you monitoring this traffic? I remember you making a similar statement on the Ingram Micro case.
#Alt4You #AltText two screen captures from Citrix website, the other one from Akamai website. The first one says:
"Can I fix these vulnerabilities using Web Application Firewall signatures?
No, it is not possible to fix the vulnerabilities with Web Application Firewall signatures.
The second one, posted later, says:
"App & API Protector mitigation
In response to CitrixBleed 2, the WAF Threat Research Team released a new Rapid Rule on July 7, 2025, with a default action set to "Alert":
- 3000967-Citrix NetScaler Memory Disclosure Detected (CVE-2025-5777)".
"Can I fix these vulnerabilities using Web Application Firewall signatures?
No, it is not possible to fix the vulnerabilities with Web Application Firewall signatures.
The second one, posted later, says:
"App & API Protector mitigation
In response to CitrixBleed 2, the WAF Threat Research Team released a new Rapid Rule on July 7, 2025, with a default action set to "Alert":
- 3000967-Citrix NetScaler Memory Disclosure Detected (CVE-2025-5777)".
This entry was edited (3 weeks ago)
Some CitrixBleed2 IOCs; this is a cluster of what appears to be China going brrr, going on for weeks.
38.154.237.100
38.54.59.96
Updated CitrixBleed2 scan results of vuln/not vuln
github.com/GossiTheDog/scannin…
github.com/GossiTheDog/scannin…
scanning/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt at main · GossiTheDog/scanning
Contribute to GossiTheDog/scanning development by creating an account on GitHub.GitHub
CISA is giving all civilian agencies 1 day to remediate CitrixBleed 2. It is encouraging all other organisations in the US to do this too.
therecord.media/cisa-orders-ag…
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
The one-day deadline issued by CISA on Thursday appears to be the shortest one ever issued. Federal civilian agencies are typically given three weeks to patch bugs added to the known exploited vulnerability catalog.Jonathan Greig (The Record)
Set up lab of Netscalers just now & owned them.
Two learnings:
1) the default logging isn’t enough to know if you’ve been exploited. So if you’re wondering where the victims are, they don’t know they’re victims as checks will come back clean unless they increased logging before. FW logs w/ IOCs fall back option.
2) the Citrix instructions post patch to clear sessions don’t include the correct session types - ICA will just reconnect as you (threat actor) still have the valid NSC_AAAC cookie.
This entry was edited (3 weeks ago)
If you ask Citrix support for IOCs for CVE-2025-5777 and they send you a script to run that looks for .php files - they’ve sent you an unrelated script, which has nothing to do with session hijacking or memory overread.
So… could there possibly exist another Citrix 0day that this script looks for?
Right script, different CVE? 😁
Right script, different CVE? 😁
this one is for CVE-2025-6543
Updated CitrixBleed 2 scan results: github.com/GossiTheDog/scannin…
It's down from 24% unpatched to 17% unpatched
The results are partial still, the actual numbers still vuln will be higher.
scanning/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt at main · GossiTheDog/scanning
Contribute to GossiTheDog/scanning development by creating an account on GitHub.GitHub
This entry was edited (3 weeks ago)
Imperva WAF have added detection and blocking for CitrixBleed 2 this weekend.
They see it being widely sprayed across the internet today - almost 12 million requests, log4shell level.
The only major vendor I’ve seen who hasn’t added a WAF rule is Citrix - they sell a WAF upsell module for Netscaler, but failed to add detection for their own vulnerability.
This entry was edited (3 weeks ago)
"The only major vendor I’ve seen who hasn’t added a WAF rule is Citrix - they sell a WAF upsell module for Netscaler, but failed to add detection for their own vulnerability." WHAAAAAAAA
Updated Citrix scan results will go on Github in a few days, I've found a bug in the scan results setup which should add ~33% more hosts when fixed.
Spoiler:
CitrixBleed 2 update.
- Citrix have finally, quietly admitted exploitation in the wild -- by not commenting to press and then editing an old blog post and not mentioning it on their security update page.
- Orgs have been under attack from threat actors in Russia and China since June
- It's now under spray and pray, wide exploitation attempts.
doublepulsar.com/citrixbleed-2…
CitrixBleed 2 situation update — everybody already got owned
The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence. So they get to hope nothing too bad happened, I guess. The reason for this is the exploitation activity…Kevin Beaumont (DoublePulsar)
Perhaps time to refer to it using the more appropriately descriptive word... Wild.
This vulnerability is WILDLY EXPLOITED.
As a bonus "exploited in the wild" can be changed to "wild exploitation observed".
Citrix Netscaler internet scan still running, it's found another 1k vulnerable instances so far - will probably update Github later today or tomorrow morning.
It looks like we're back up to 18% of boxes being still vulnerable when the new list is out. It looks like a lot of orgs are patching from my list.
this is probably a silly question, but are you scanning netblocks most likely to have affected devices first? Eg I'm guessing not a lot likely in AWS, GCP, Azure, China, residential, etc address spaces.
New CitrixBleed 2 scan data:
raw.githubusercontent.com/Goss…
+7000 extra hosts added this round, host list is so large you need to use the raw view to see it.
Next set of data publication likely Friday, a month since the patch became available.
3832 orgs/hosts still unpatched.
are you using the PoC exploit to determine if systems are vulnerable or basing it off timestamps to infer build numbers instead?
GreyNoise blog just out about #CitrixBleed2, they see exploitation from IPs in China from June 23rd targeting specifically Netscaler appliances greynoise.io/blog/exploitation…
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public
GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.www.greynoise.io
I’m fairly certain the threat actor is Chinese and they reversed the patch to make the exploit.
Citrix continue to be MIA. They still have no detection guidance for customers, and haven’t told customers the extent of the issue.
With the #CitrixBleed2 patch data I publish it's possible to view the history on Github for each new scan and see when hosts change from vuln to patched.
It's proving incredibly effective at getting orgs to patch. I tried private notifications via HackerOne and such for CitixBleed1 in 2023 and it took months to get orgs to patch. Putting the data public brings accountability for orgs who later get breached - so there's a rush to patch.
It's definitely interesting and may need a scale out.
Definitely. Refreshing transparency.
providing the data to cyber insurers to wash against their customer base.
Not sure how often the list is updated, but the orgs I emailed 24h ago are still listed as vulnerable.
Citrix have a blog out about hunting for #CitrixBleed2
netscaler.com/blog/news/evalua…
It's what was in my earlier blog - look for invalid characters in the username field and duplicate sessions with different IPs
This entry was edited (2 weeks ago)
we gettin' there!
This bit is still incomplete in the patching instructions btw - if it's a HA pair you need to additionally reset other session types or you're still vulnerable to session hijack after patching.
I'm still trying to get Citrix to update the instructions.
The Dutch Public Prosecution Office have shut down their Citrix Netscaler and removed all internet access, Dutch media speculating CitrixBleed 2 exploitation.
techzine.eu/news/security/1331…
Justice minister David van Weel told MPs in a briefing that it appears the weakness had been used by third parties to access the department systems.
The justice ministry said the department had applied Citrix’s recommended patches, but these failed to fully eliminate the flaw. dutchnews.nl/2025/07/prosecuti…
Dutch Department of Justice offline after Citrix vulnerability - Techzine Global
Public Prosecution Service offline after security breach: hackers may exploit vulnerability in digital environment. Crisis meeting leads to complete internet shutdown.Berry Zwets (Techzine)
Again to reiterate the point in the thread - Citrix’s patching instructions don’t include - for example - resetting AAA sessions when AAA cookies are stealable with the vulnerability. So we’re going to see orgs caught with Citrix’s pants down.
Here’s the Dutch gov letter and my translation.
This entry was edited (2 weeks ago)
ctrl+c , Fortinet, ctrl+v
it's too early to be winning the memewars bro. Give the rest of us some hope before you crush it.
Update on the situation at The Hague and the shutdown of the Dutch Public Prosecution Service internet access, NCSC Netherlands issued an update today saying all orgs should hunt for CitrixBleed 2 activity, citing my blog.
They also advise clearing all session types, not just the ones Citrix say in their security advisory.
advisories.ncsc.nl/advisory?id…
This entry was edited (2 weeks ago)
it strikes me that clearing _all sessions_ should be standard procedure for this kind of gear.
Updated #CitrixBleed2 scans github.com/GossiTheDog/scannin…
Fields - IP, SSL certification hostnames, Netscaler firmware, if vulnerable to CVE-2025-5777
I've had a few orgs contest that they're not vulnerable and the scan is wrong. I've assisted each org, and in each case they've been wrong - they'd patched the wrong Netscaler, the passive HA node etc.
scanning/CVE-2025-5777-CitrixBleed2-ElectricBoogaloo-patching.txt at main · GossiTheDog/scanning
Contribute to GossiTheDog/scanning development by creating an account on GitHub.GitHub
I've been working with @shadowserver btw, their scan results for #CitrixBleed2 now show far more vulnerable systems. Their scanning is independent of mine, logic is improving, more orgs will get notifications. I'm going to try getting victims for notification across too.
Yes, we have improved the detections now. Thanks for the collaboration on that.
I might move the Dutch Public Prosecution Service (OM) Citrix Netscaler incident out to a different thread, but the latest update an hour ago from local media is that they are still without internet and remote access, and they're working on several alternatives to continue criminal trials.
I expect we're going to see a wave of Netscaler incidents over the coming months, although how many will publicly disclose is another issue - the Dutch are culturally transparent.
nltimes.nl/2025/07/18/dutch-pr…
Dutch prosecutor disconnects internal systems from internet over vulnerability
The Public Prosecution Service (OM) has disconnected all internal systems from the internet. The reason for this is a warning from the National Cyber Security Centre (NCSC) that there is "a vulnerability" in the system that gives users access to the …NL Times
The Canadian government cyber centre are this weekend recommending all orgs review historic logs for #CitrixBleed2 compromise, and reset all user sessions cyber.gc.ca/en/alerts-advisori…
Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 – Update 2 - Canadian Centre for Cyber Security
Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 – Update 2Canadian Centre for Cyber Security
Looks like Arctic Wolf referenced your info as well! arcticwolf.com/resources/blog/…
Meanwhile still have yet to hear from Citrix…😭
Updates on Actively Exploited Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway I Arctic Wolf
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777.Andres Ramos (Arctic Wolf Networks)
Referenced Double Pulsar article.
You fuckin’ legend!!
The Dutch Public Prosecution Service (OM), which took their systems offline due to #CitrixBleed2 on Friday, are saying they will be offline for weeks. nos.nl/artikel/2575857 HT @moartn
Openbaar Ministerie mogelijk nog weken afgesloten van internet
Het OM koppelde zijn systemen vorige week los van het internet na vermoedens van een cyberaanval.NOS Nieuws
This entry was edited (2 weeks ago)
#Alt4You #AltText news article from NOS:
Public Prosecution Service may be closed off from the internet for weeks
The Public Prosecution Service (OM) expects that it may be closed off from the internet for weeks to come. Last week, the Public Prosecution Service disconnected its systems after suspicions of a hack.
This means that Public Prosecution Service employees cannot be reached by email and cannot log in remotely. That already had consequences for lawsuits last week. Public prosecutors could not look into the files, so the papers had to be printed.
Officers can now consult a number of files, but do not work in them, as spokesperson said. "They can read the files, but not edit or print them, for example." The spokesperson could not say whether this will affect lawsuits scheduled for today or the coming weeks.
Public Prosecution Service may be closed off from the internet for weeks
The Public Prosecution Service (OM) expects that it may be closed off from the internet for weeks to come. Last week, the Public Prosecution Service disconnected its systems after suspicions of a hack.
This means that Public Prosecution Service employees cannot be reached by email and cannot log in remotely. That already had consequences for lawsuits last week. Public prosecutors could not look into the files, so the papers had to be printed.
Officers can now consult a number of files, but do not work in them, as spokesperson said. "They can read the files, but not edit or print them, for example." The spokesperson could not say whether this will affect lawsuits scheduled for today or the coming weeks.
@moartn infosec.exchange/@aristot73/11…
Aristotelis Tzafalias (@aristot73@infosec.exchange)
The Netherlands faced a significant Citrix related incident in 2019. The Dutch Safety Board investigated... report linked below. It is now 2025, and another Citrix related incident has led to the NL public prosecutor office going offline.Infosec Exchange
There’s a bit more in situation at the OM on Netscaler here: volkskrant.nl/binnenland/openb…
The OM say they patched quickly (and my scan data backs this up - they patched around June 24th) however it appears somebody got in (or took a session cookie) before patching took place and now they’re trying to contain the situation.
Openbaar Ministerie mogelijk nog weken afgesloten van internet, probeert impact op rechtszaken te beperken
Het Openbaar Ministerie blijft mogelijk nog weken afgesloten van het internet. Donderdag haalde het OM alle interne systemen offline vanwege een gat in de beveiliging van bepaalde software.Daan de Vries (DPG Media)
The NCSC are strongly advising orgs to follow the advice on my blog re #CitrixBleed2, in hindsight I probably shouldn’t have drawn the logo in MSPaint and titled a section “China goes brrrr”.
TBF China _does_ go brrrr.
You'll be remembered for the yolo cowboy styled action advice regardless.
But I would be more impressed if you leveled up towards Notepad and started doing ASCII art instead.
I think this thread exposes something about the cybersecurity industry and org posture btw - it almost all runs on Windows and EDR telemetry, hence why there’s little info on this from vendors (Netscaler is closed box appliance - they’re flying blind) and why orgs aren’t seeing anything, they don’t know how without vendors.
I keep contacting orgs and they have no idea they are compromised or how to investigate.
I'm really torn on whether to check into whether some third parties used by my clients are affected. I have no agreements with those entities and no special IT contacts so at best I'd be cautioning my clients about something they can't address and contacting the third parties as Joe Random User saying 'hey, you been hacked'
even many of those that do understand where to look don't have adequate logging around these features to definitively say whether or not they have been exploited. Your post about how all the attention is on SharePoint while the news is pretty quiet about this was pretty spot on.
if you’re in any way responsible for security of your own org, or customers’ orgs - you have to monitor for vuln news on every public facing vendor (esp remote access) you have in use - on a daily basis. I don’t understand why some haven’t yet come to terms with that. It’s one of the reasons I check your feed every morning..
'Appliances'(at least in general) seem to be in a particularly dire place. Not only are they represented as being suitable for use without heavy oversight; they tend to be in deeply rough shape as linux systems, old, weird, and mutilated compared to a normal distro install; but not actually that hardened(and vendors tend to be prickly about the idea of you having a look). This is Enterprise Security; not a $150 chromebook, after all.
The Dutch Public Prosecution Service #CitrixBleed2 incident rolls on - NRC report on an email from the Director of their IT service, where they say “It is clear that it’s a massive and dramatic incident”.
nrc.nl/nieuws/2025/07/22/digit…
Digitale werkomgeving OM inderdaad gehackt, onderzoek moet uitwijzen welke informatie is gestolen
Cybercrime: Het Openbaar Ministerie is gehackt. Het zou nog weken kunnen duren om het netwerk veilig te stellen, blijkt uit een interne toelichting van het hoofd ict. Er is aangifte gedaan en melding gemaakt van een eventueel datalek.Rik Wassens (NRC)
knowing the dutch govt's general approach to IT I'm pretty confident this is not the last thing we'll hear about getting hacked :/
my old boss once said that security appliances are mostly half a dozen shitty perl scripts and a web page and I think he was being generous
no you totally should have 👍❤️
you really should keep an eight year old with a pack of markers on retainer to make your logos really pop.
you were the first to do an mspaint logo for a vulnerability? if now anyone publishes with a paint logo it will just be a weak attempt at copying your style. A good way to detect fearmongering.
your name was in our newspaper on saturday. Electronic version volkskrant.nl/binnenland/inter…
Link in online article goes to 'CitrixBleed 2 situation update — everybody already got owned'
Interne systemen Openbaar Ministerie offline vanwege gat in softwarebeveiliging
Vanwege potentieel misbruik van een ‘kwetsbaarheid’ in bepaalde software heeft het Openbaar Ministerie (OM) donderdagavond alle interne systemen offline gehaald. Mogelijk zit een Chinese groep achter de hack.Jasper Daams (DPG Media)
latest news is that the OM might be offline for weeks: nos.nl/artikel/2575857
Openbaar Ministerie mogelijk nog weken afgesloten van internet
Het OM koppelde zijn systemen vorige week los van het internet na vermoedens van een cyberaanval.NOS Nieuws
Can you share how you get the firmware versions? We are a nessus shop and it cannot detect the damn version - really frustrating 😠
quite a bit, in fact - after all it's neither Ivanti nor Fortinet ... 😈
It's obviously not ideal; but I do like seeing organizational willingness to just pull out the shears and apply them to the uptime wires if that is potentially what it takes; rather than insisting that access must remain even if some of it is pretty definitely not ours.
Interesting, the IOCs from support were totally different (look for .php files in the web root).
another day, another example of full disclosure working better than the alternatives lol
"it looks like a lot of orgs are patching from my list" eek! Organisations hane so little knowledge of what they have that it takes you to tell them?
Looks like the two-digit billion dollar corp that closed my report as "informative, we don't see the issue here" still hasn't updated yet.
is this scan still running or has it now completed?
The great thing about "as far as I know"/"not as far as I know" class statements, unlike almost all other types of statements, is that you can increase their accuracy through the easy work of knowing less rather than the arduous task of knowing more.
It's epistemology's any% speedrun strat.
They must be thinking it is gossip...
I had a look at network traffic from today and some of them are proxy exit nodes; some do broad IoT scanning.
Two of them really stick out as they seem to exclusively target Citrix endpoints: 78.128.113.30 and 38.54.59.96
Thanks so much for this info and for all the info provided prior to this. I was able to confirm with our Citrix team two weeks ago that we were patched already, and I'm just getting emails this week from higher ups to look into this, so I'm very much ahead of the game.
Aside from social media, is there anywhere you suggest keeping an eye on daily for vulnerability info?
seeing the first hits from one of the mentioned IPs on 6/20.
Great artwork as always.
I'm glad to see my image contribution is still going strong with new iterations 😅
(original: fosstodon.org/@husjon/11130838…)
(original: fosstodon.org/@husjon/11130838…)
husjon.dev (@husjon@fosstodon.org)
Attached: 1 image @GossiTheDog@cyberplace.social Patch appliedFosstodon
why is all the citrix software such a complete nightmare
@privateger It's honestly darkly impressive. ICA vs. RDP was a pretty compelling beatdown at one time; but that was a no, of course I'm not that old, time ago; and basically everything they've touched since is a matter of indifference or distaste.
Normally I'd jump straight to blaming the private equity knackers; but in this case I can see why they were headed to the bone mill.
I absolutely love how little of this I understand, but that it makes me go back through the whole thread, and now I've learned a whole new thing to be concerned about.
thanks for validating my patching teams good work.
The hostnames field can be properly CSV'd by something like perl -pe 's/,/,"/; s/(,[^,]*,[^,]*$)/"$1/'
(Assuming a unix-ish shell. With cmd.exe you probably have to turn the inner " into ^" and the outer ' into ".)
This entry was edited (1 month ago)
use tab delimited. Almost no data contains tabs, much better than csv
Thank you for the list of scan results. Was the first day you ran the scan July 6, or have you been doing it for longer?
They should quit whining and do something about their crappy code + thank you for trying to get people to do something about it! Heck they should be sending you $$$
Vibe coder strikes again.
Is it normal for the IoCs section to just be "we are committed to transparency" followed by "If you encounter issues when updating your affected builds or need access to IoCs, please contact Citrix Customer Support"?
Thanks!
#RSS alert feed: digital.nhs.uk/feed/cyber-aler…
Other #NHS feeds: digital.nhs.uk/about-nhs-digit…
As a heads up to those that are affected, there's strong indicators that this is now live and dangerous / being exploited.
Now, I'm no computer security expert, but wouldn't threat actors immediately jump on any major new flaw with that high of a CVSS score? Just because they haven't been caught doesn't mean they're not there.
This entry was edited (1 month ago)
the internal name of NetFailure at one place I frequented never really went away. That and FortiDamager….
FOAF (essentially hearsay) will let you know when there's something more.
I was sent this for reference:
reliaquest.com/blog/threat-spo…
Threat Spotlight: CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds - ReliaQuest
CVE-2025-5777 poses serious threats to Citrix Netscaler devices—discover recommended actions to block exploitation and protect accounts from Citrix Bleed 2.ReliaQuest
I also like Cloud Software Group does not provide forensic analysis; however, customers can contact Citrix Customer Support to get access to IoCs.
And
Does CVE 2025-6543 constitute a zero day vulnerability?Cloud Software Group became aware of limited exploitation activity before the patch was released.
@cR0w the only IOCs they will release is via a technical support request for CVE 2025-6543 and is literally a script that looks for a handful of vulnerable conditions and file types in locations they shouldnt be. No public IPs, domains, filenames, etc
@cR0w forgot about this but might help some people patching this week now that there is an official notice. Patching defaults some CSP setting to "on" which can cause blank login pages after updating. Citrix engineer we talked to last week stated they were getting inundated with calls about it. It extended our downtime by about an hour until a team member figured it. Never roll back, power through!
support.citrix.com/support-hom…
support.citrix.com/support-hom…
38.154.237.100 is a definite yes (I looked at past 24h)
Isn't 'asleep at the wheel' kind of our thing?
is that what we're calling it instead of blackout drunk?
2025-06-24 15:04:02
2025-06-24 14:25:33
2025-06-24 14:25:20
19011202
Posted on Truth Social
CeceDuBois reshared this.
2025-06-24 14:25:04
2025-06-24 14:25:03
2025-06-24 14:09:48
19011195
2025-06-24 14:33:58
2025-06-24 14:24:32
2025-06-24 01:20:05
19011188
in reply to TJ of the Side-Eye
in reply to Richard
Unknown parent
In the same conversation, this lady told me she doesn't eat fruits, vegetables, rice or meat. Also, she always orders the same thing when she goes to a restaurant.
It's nice to see someone with worse eating habits than me.
(I'm not a fussy eater - I fail to always plan a balanced meal.)
wtf is left? Bread?
Pasta and milkshakes. That woman certainly knew her milkshakes.
2025-06-24 15:36:31
2025-06-24 14:22:24
2025-06-24 14:22:12
19011158
Unknown parent
in reply to Spartacus
in reply to baskin 🇵🇸
in reply to Spartacus
Unknown parent
Unknown parent
in reply to Spartacus
Unknown parent
Unknown parent
in reply to Spartacus
Unknown parent
Unknown parent
in reply to Spartacus
in reply to Spartacus
in reply to baskin 🇵🇸
in reply to Spartacus
in reply to Spartacus
in reply to Spartacus
in reply to Spartacus
Unknown parent
in reply to Spartacus
in reply to baskin 🇵🇸
in reply to Spartacus
in reply to Spartacus
in reply to Spartacus
in reply to Spartacus
in reply to Spartacus
in reply to Spartacus
- Πάνω από 900 συλλήψεις στο Λεκανοπέδιο ρε γκουμουνι.
- Τι? Greek Mafia?
- Χειρότερο ρε πλεμπες.
Χωρίς εισιτήριο στα ΜΜΜ.....
#δεν_σας_έχουν_για_μαλακες_είστε
@Feleki όχι απέλαση ρε άσχετο γκουμουνι.
Καταναγκαστικά έργα μέχρι να ξεχρεωσουν την ζημιά που προκάλεσαν
Καταναγκαστικά έργα μέχρι να ξεχρεωσουν την ζημιά που προκάλεσαν
νομιμότητα ΠΛΕΜΠΑΙΟΙ, ας είχατε λιμουζίνα
This entry was edited (1 month ago)
θα πάνε να ψηφίσουν όταν χρειαστεί για να μην έρθει ο κομμουνισμός και τους πάρει τα σπίτια. @Feleki
όπως έχω ξαναπεί, το 90% των απεχόντων είναι εν δυνάμει ψηφοφόροι της ΝΔ και πιο πέρα, αλλιώς δεν θα ήταν αδιάφοροι. @Feleki
οκ νόμιζε ότι θες, αλλά η κοινωνία των αδιάφορων τριγύρω μας είναι εντελώς διαφορετική, νομίζεις εσύ ότι ο χιπστεράς που πάει για μπάνιο αντί να ψηφίσει, ο σκυλάς που κάθεται για καφέ κλπ κλπ θα πάει και θα ψηφίσει κάτι άλλο από ΝΔ; @Feleki
Παω να φτιαξω μια τουρτα ανανα γιατι εμεις η μεσαια ταξχαχα....ταξη ετσι περναμε την ωρα μας. @baskin
προφανώς αλλά εγώ δεν ελπίζω στην συμμετοχή για αλλαγή, μετά από 30 χρόνια σε συλλογικότητες και μέσα στην μικρογραφία της χώρας που λέγεται επαρχία, βλέπεις την καθολική πραγματικότητα. Ο αδιάφορος και ο "δεν βαριέσαι όλοι ίδιοι είναι" ή "θα πάνε μώρε οι άλλοι να ψηφίσουν", δεν υπάρχει περίπτωση να αλλάξει κανένα εκλογικό αποτέλεσμα. @Feleki
2-2.5μύρια παίρνει η δεξιά από την μεταπολίτευση και μετά. Δεν λέει τίποτα αυτό όμως γιατί τι θα κάνει αυτός που δεν ψηφίζει. @Feleki
This entry was edited (1 month ago)
Τέλος για τις προσλαμβάνουσες, δυστυχώς στις μεγάλες πόλεις χάνεις κάθε επαφή με τον κοινωνικό ιστό και ζεις στο bubble σου. Η αφαίρεση και η ανάλυση πιο διαχειρίσιμων μοντέλων λέει πολλά για το σύνολο. @Feleki
This entry was edited (1 month ago)
και στις τελευταίες εκλογές 2μύρια πήρε, ποτέ δεν πήγαν όλοι να ψηφίσουν, δεν ισχύει αυτό. @Feleki
This entry was edited (1 month ago)
σε κάθε περίπτωση και το κλείνω εδώ, ο μη πολιτικοποιημένος ΠΑΝΤΑ ιστορικά πάει δεξιά, δεν πάει από την άλλη, οπότε ψάξτε κάτι άλλο από το ευσεβή πόθο να πάνε να ψηφίζουν οι μαλάκες που είναι γεμάτη η χώρα και απλά βαριούνται. @Feleki
οκ θα μας πεις και ότι όσοι δεν κατεβαίνουν για την Γάζα στον δρόμο είναι "καλοι" και όχι απλά συνένοχοι μαλάκες. Άλλά ντάλα είναι να νομίζεις ότι η αποχή φταίει που βγαίνει η δεξιά, άμα θες να ρίξουμε το επίπεδο. Ούτε εγώ θα σε πείσω. @Feleki
This entry was edited (1 month ago)
Μπορείς να νομίζεις ότι θες, δικαίωμα σου, περίμενε να μας σώσει η αποχή. Εγώ απλά λέω ότι δεν. @Feleki
@baskin
Το ξεκαθαρίσαμε αυτό.
Ο καθένας νομιζει ότι θελει.
Εδώ υπάρχουν ακόμα FlatEarthers ανάμεσα μας.
Και εγώ δεν είπα ότι θα μας σώσει η αποχή, αν ψηφίσει.
Είπα ότι το 42,5 του Κούλη θα ήταν 28% η 32%
Αν έκανε η όχι κυβέρνηση με αυτά τα ποσοστά είναι άγνωστο αλλά τουλάχιστον δεν θα είχε αυτοδυναμία.
Ελπίζω τώρα να έγινε κατανοητό.
@Feleki
Το ξεκαθαρίσαμε αυτό.
Ο καθένας νομιζει ότι θελει.
Εδώ υπάρχουν ακόμα FlatEarthers ανάμεσα μας.
Και εγώ δεν είπα ότι θα μας σώσει η αποχή, αν ψηφίσει.
Είπα ότι το 42,5 του Κούλη θα ήταν 28% η 32%
Αν έκανε η όχι κυβέρνηση με αυτά τα ποσοστά είναι άγνωστο αλλά τουλάχιστον δεν θα είχε αυτοδυναμία.
Ελπίζω τώρα να έγινε κατανοητό.
@Feleki
και ποιος σου λέει ότι η παραπάνω συμμετοχή θα αλλάξει τα ποσοστά; Δηλαδή όποιος απέχει αν πάει θα ψηφίσει κάτι άλλο από Κούλη για να πέσει το ποσοστό; Το ποσοστό βγαίνει επί των ΨΗΦΙΣΑΝΤΩΝ όχι επί των εγγεγραμμένων. Το ποσοστό του Κούλη θα ήταν 28% αν οι παραπάνω που θα ψήφιζαν ψήφιζαν κάτι άλλο και όχι Κούλη. Οκ με τα μαθηματικά τώρα; @Feleki
This entry was edited (1 month ago)
ε για να πέσει το ποσοστό της ΝΔ, ΠΡΕΠΕΙ οι παραπάνω που απέχουν να ΜΗΝ ΨΗΦΙΣΟΥΝ ΝΔ όταν πάνε να ψηφίσουν, ok; @Feleki
This entry was edited (1 month ago)
τι σχέση έχει η συσπείρωση με το αν ο απέχοντας θα ψηφίσει κάτι άλλο από ΝΔ, έχεις μπλέξει άσχετα πράματα, τέσπα άσε το, δεν πα να ψηφίσουν 10.000.000 η ΝΔ θα βγει, αυτή είναι η κοινωνία των παρτάκηδων ραγιάδων. @Feleki
άντε πάλι, και ποιος σου λέει ότι οι άλλοι που δεν πάνε, όταν πάνε θα ψηφίσουν κάτι άλλο πέραν από ΝΔ; Η συσπείρωση ΠΟΤΕ δεν τους υπολογίζει. Κρίνεις με την συσπείρωση τα ποιοτικά χαρακτηριστικά του απέχοντα; @Feleki
ε ναι και εγώ βαρέθηκα αλλά με το πήγαν όλοι οι δεξιοί γελάμε, πήγαν οι δεξιοί που γενικά ψηφίζουν και σου ξαναλέω, ο παρτάκιας που πάει παραλία αντί να ψηφίσει, τον έχεις για αριστερό δηλαδή; @Feleki
πρώτα από όλα να κοιτάξεις να βγάζεις 2.500.000 από τους εγγεγραμμένους για να υπολογίζεις την αποχή, αλλά εγώ σου μιλάω από την αρχή για ποιοτικά χαρακτηριστικά της κοινωνίας των αδιάφορων που απέχουν. Αν ελπίζεις ότι δεν θα ψηφίσουν ΝΔ αν και όποτε πάνε τότε θα μείνεις με την ελπίδα. @Feleki
2025-06-24 14:25:32
2025-06-24 14:22:23
2025-06-24 14:22:13
19011157
in reply to woodland creature
in reply to woodland creature
in reply to woodland creature
element on android has strange delays in posting messages to synapse whereas nheko works instantly. really odd behavior
this only started after a recent update
element still works but when joining a room it's initially slow posting messages, then it figures something out and works fine thereafter. sketchy behavior
oh well i don't have time to mess with it right now
2025-06-24 14:20:12
2025-06-24 14:20:12
2025-06-24 14:19:09
19011118
PCHR: Lives of children in Gaza at risk due to deprivation of therapeutic, infant formula milk #Palestine english.palinfo.com/news/2025/…
Consider The Raven
in reply to Consider The Raven • • •Function Health Cont:
They will have a doctor review my results and give me some recommendations. I’m already working a plan with Grok.
Finding these issues BEFORE they manifested as a serious life threatening health condition may have added years to my life span.
The trick will be not reacting to this the same way I normally do, just adding more things and working harder at it.
I’ve sacrificed rest in exchange for learning more and getting more done. I’ll have to learn to relax.
2/2
Peaceandprosperity
in reply to Consider The Raven • • •it's hard to learn to relax. But one thing that I've learned to do is pick a couple of hobbies that can keep me occupied but also relax. So I garden, do a daily yoga routine, pray, and I either cold plunge or sauna daily. I stay busy but I also am way healthier than I've ever been.
Life is a journey my brother.
Scott D Hansen
in reply to Consider The Raven • • •Partisan Night Slut
in reply to Consider The Raven • • •