<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: traekfuglene</title><link>https://news.ycombinator.com/user?id=traekfuglene</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Sat, 04 Jul 2026 09:58:13 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=traekfuglene" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by traekfuglene in "Ask HN: What are you working on? (May 2026)"]]></title><description><![CDATA[
<p>Striga (<a href="https://www.striga.ai/" rel="nofollow">https://www.striga.ai/</a>) - Source code auditing built on artificial intelligence. Auditing source code with local LLMs, ensuring full data sovereignty. The latest noteworthy discovery - Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 (CVE-2026-23918)</p>
]]></description><pubDate>Mon, 11 May 2026 14:29:06 +0000</pubDate><link>https://news.ycombinator.com/item?id=48095473</link><dc:creator>traekfuglene</dc:creator><comments>https://news.ycombinator.com/item?id=48095473</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=48095473</guid></item><item><title><![CDATA[CSRF and LDAP injection found and fixed in pac4j security framework]]></title><description><![CDATA[
<p>Article URL: <a href="https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html">https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47611851">https://news.ycombinator.com/item?id=47611851</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Thu, 02 Apr 2026 09:05:09 +0000</pubDate><link>https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html</link><dc:creator>traekfuglene</dc:creator><comments>https://news.ycombinator.com/item?id=47611851</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47611851</guid></item><item><title><![CDATA[New comment by traekfuglene in "Exploiting a 32-year-old buffer overflow in GNU telnetd (CVE-2026-32746)"]]></title><description><![CDATA[
<p>Pre-auth buffer overflow in telnetd's SLC handler, sitting in the codebase since 1994. We used Striga, our AI-driven source code auditing platform, to reproduce the exploitation path and work out the byte constraints. The writeup covers the math for GOT overwrite on 32-bit and why the same approach is probably impossible on 64-bit.</p>
]]></description><pubDate>Wed, 01 Apr 2026 12:13:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=47599804</link><dc:creator>traekfuglene</dc:creator><comments>https://news.ycombinator.com/item?id=47599804</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47599804</guid></item><item><title><![CDATA[Exploiting a 32-year-old buffer overflow in GNU telnetd (CVE-2026-32746)]]></title><description><![CDATA[
<p>Article URL: <a href="https://www.striga.ai/research/pre-auth-rce-in-gnu-inetutils-telnetd">https://www.striga.ai/research/pre-auth-rce-in-gnu-inetutils-telnetd</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47599803">https://news.ycombinator.com/item?id=47599803</a></p>
<p>Points: 7</p>
<p># Comments: 1</p>
]]></description><pubDate>Wed, 01 Apr 2026 12:13:49 +0000</pubDate><link>https://www.striga.ai/research/pre-auth-rce-in-gnu-inetutils-telnetd</link><dc:creator>traekfuglene</dc:creator><comments>https://news.ycombinator.com/item?id=47599803</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47599803</guid></item><item><title><![CDATA[New comment by traekfuglene in "Taking Down the Internet's Most Popular HTTP Client with a Single JSON Key"]]></title><description><![CDATA[
<p>We used Striga to discover a high-severity vulnerability in axios, the most downloaded HTTP client in JavaScript. Any Node.js service that forwards user-controlled JSON through axios can be crashed with a single request. CVE-2026-25639. Patched in 1.13.5.</p>
]]></description><pubDate>Fri, 27 Mar 2026 10:25:57 +0000</pubDate><link>https://news.ycombinator.com/item?id=47540916</link><dc:creator>traekfuglene</dc:creator><comments>https://news.ycombinator.com/item?id=47540916</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47540916</guid></item><item><title><![CDATA[Taking Down the Internet's Most Popular HTTP Client with a Single JSON Key]]></title><description><![CDATA[
<p>Article URL: <a href="https://www.striga.ai/research/crashing-axios-with-proto">https://www.striga.ai/research/crashing-axios-with-proto</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=47540915">https://news.ycombinator.com/item?id=47540915</a></p>
<p>Points: 10</p>
<p># Comments: 1</p>
]]></description><pubDate>Fri, 27 Mar 2026 10:25:57 +0000</pubDate><link>https://www.striga.ai/research/crashing-axios-with-proto</link><dc:creator>traekfuglene</dc:creator><comments>https://news.ycombinator.com/item?id=47540915</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47540915</guid></item></channel></rss>