Buenos días!
Friday assorted links:
LND: Excessive Failback Exploit #2 – Matt Morehouse
A variant of the excessive failback exploit disclosed earlier this year affects LND versions 0.18.5 and below, allowing attackers to steal node funds. Users should immediately upgrade to LND 0.19.0 or later to protect their funds.
🔗 https://morehouse.github.io/lightning/lnd-excessive-failback-exploit-2/
---
LND: Infinite Inbox DoS – Matt Morehouse
LND 0.18.5 and below are vulnerable to a denial-of-service (DoS) attack that causes LND to run out of memory (OOM) and crash or hang. Users should upgrade to at least LND 0.19.0 to protect their nodes.
🔗 https://morehouse.github.io/lightning/lnd-infinite-inbox-dos/
---
LND: Replacement Stalling Attack – Matt Morehouse
A vulnerability in LND versions 0.18.5 and below allows attackers to steal node funds. Users should immediately upgrade to LND 0.19.0 or later to protect their funds.
🔗 https://morehouse.github.io/lightning/lnd-replacement-stalling-attack/
---
Denial of Service and Source Code Exposure in React Server Components – React
Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. These new vulnerabilities do not allow for Remote Code Execution. The patch for React2Shell remains effective at mitigating the Remote Code Execution exploit.
🔗 https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
---
Size of Life
Explore the scale of living things, from an amoeba to a blue whale.
🔗 https://neal.fun/size-of-life/
bordalix
npub1vt…28cxv
2025-12-12 07:00:04 UTC
Author Public Key
npub1vt803quxxq32fuwkp42g2lyaw2t9qupvnl3z0vyc3s9kudkyhn8qt28cxvSeen on
wss://nos.lolPublished at
2025-12-12 07:00:04 UTCEvent JSON
{
"id": "3f0a11dc46fd8e753c1a99f8a8bf8f851ebfff34d9d79051324cb55571957af7",
"pubkey": "62cef883863022a4f1d60d54857c9d729650702c9fe227b0988c0b6e36c4bcce",
"created_at": 1765522804,
"kind": 1,
"tags": [],
"content": "Buenos días!\n\nFriday assorted links:\n\nLND: Excessive Failback Exploit #2 – Matt Morehouse\n\nA variant of the excessive failback exploit disclosed earlier this year affects LND versions 0.18.5 and below, allowing attackers to steal node funds. Users should immediately upgrade to LND 0.19.0 or later to protect their funds.\n\n🔗 https://morehouse.github.io/lightning/lnd-excessive-failback-exploit-2/\n\n---\n\nLND: Infinite Inbox DoS – Matt Morehouse\n\nLND 0.18.5 and below are vulnerable to a denial-of-service (DoS) attack that causes LND to run out of memory (OOM) and crash or hang. Users should upgrade to at least LND 0.19.0 to protect their nodes.\n\n🔗 https://morehouse.github.io/lightning/lnd-infinite-inbox-dos/\n\n---\n\nLND: Replacement Stalling Attack – Matt Morehouse\n\nA vulnerability in LND versions 0.18.5 and below allows attackers to steal node funds. Users should immediately upgrade to LND 0.19.0 or later to protect their funds.\n\n🔗 https://morehouse.github.io/lightning/lnd-replacement-stalling-attack/\n\n---\n\nDenial of Service and Source Code Exposure in React Server Components – React\n\nSecurity researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. These new vulnerabilities do not allow for Remote Code Execution. The patch for React2Shell remains effective at mitigating the Remote Code Execution exploit.\n\n🔗 https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components\n\n---\n\nSize of Life\n\nExplore the scale of living things, from an amoeba to a blue whale.\n\n🔗 https://neal.fun/size-of-life/",
"sig": "17ffe2c3f2c7033ed627a8071660017e9e90436a4a241ccce5d3bdf164ce46f6f219096b62f6ac283ad072dfe3c0f08bd156df71a1e366406632db99dba3f411"
}