Posts

Hello, Today we will walkthrough another CVE (CVE-2026-42155) that I discovered in OpenMage LTS, a popular open-source e-commerce platform (yes using AI). This vulnerability is a cryptographic entropy collapse in the API session generation mechanism, which can lead to predictable session tokens and potential unauthorized access. In summary, the vulnerability arises from a 17 years old code snippet that was used to generate session tokens for API requests using a non-cryptographic method. The session tokens are generated using a combination of the current time and a unique identifier, which can be predicted by an attacker. This allows an attacker to potentially guess valid session tokens and gain unauthorized access to the API. ...

We are in 2025, and we are close to the end of the file for Windows 10. While there is Windows 11, many Windows 10 users are unable to upgrade to Windows 11 due to requirements issues or issues with Windows 11 itself (e.g, bugs). So, regardless of that discussion and the increased thoughts of Linux and the hate for Windows, I have been a Linux user for some years and have used it in the past as a daily drive for some time. I will share my own experience and what issues I have faced and how to go around them when you are planning to use Linux. ...