[{"channel_id":1463575034,"post_id":1452,"date":1780671764000,"forwards":"1","views":"17","text":"Estamos en directo en G33K TEAM","text_length":31},{"channel_id":1463575034,"post_id":1451,"date":1780399370000,"views":"47","text":"https:\/\/www.linkedin.com\/posts\/tuxed_devops-sysadmin-opensource-ugcPost-7467532690863538176-fEvK\/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAz-X-IBN3-w2dEQ_2HNpsDTZ4Nr0ypXvEw<\/a>","text_length":184,"media":{"root":"\/001\/qwUAAPphPFcAAAAAn72KgvHl2P0","webpage":{"url":"https:\/\/www.linkedin.com\/posts\/tuxed_devops-sysadmin-opensource-ugcPost-7467532690863538176-fEvK?rcm=ACoAAAz-X-IBN3-w2dEQ_2HNpsDTZ4Nr0ypXvEw","type":"photo","title":"#devops #sysadmin #opensource #linux #ssh #zellij #devbox #nix #ai #automation #mcp | Aitor Roma","site_name":"LinkedIn","display_url":"es.linkedin.com\/posts\/tuxed_devops-sysadmin-opensource-activity-7467532734123450368-5PtB","description":"\ud83d\ude80 Acabo de publicar \ud835\udc1d\ud835\udc1e\ud835\udc2f\ud835\udc1b\ud835\udc28\ud835\udc31-\ud835\udc1a\ud835\udc22, un cockpit open source para trabajar por SSH en un VPS con un entorno moderno, reproducible y preparado para IA.\n\nLa idea es simple: entrar en un servidor nuevo y no tener que configurar otra vez shell, terminal, aliases, agentes IA, memoria, herramientas DevOps y perfiles de trabajo.\n\nViene preparado con \ud835\udc03\ud835\udc1e\ud835\udc2f\ud835\udc1b\ud835\udc28\ud835\udc31\/\ud835\udc0d\ud835\udc22\ud835\udc31, \ud835\udc19\ud835\udc1e\ud835\udc25\ud835\udc25\ud835\udc22\ud835\udc23, \ud835\udc19\ud835\udc2c\ud835\udc21 y toda la suite de \ud835\udc06\ud835\udc1e\ud835\udc27\ud835\udc2d\ud835\udc25\ud835\udc1e\ud835\udc26\ud835\udc1a\ud835\udc27 \ud835\udc0f\ud835\udc2b\ud835\udc28\ud835\udc20\ud835\udc2b\ud835\udc1a\ud835\udc26\ud835\udc26\ud835\udc22\ud835\udc27\ud835\udc20 de Alan Buscaglia, con \ud835\udc0f\ud835\udc22 \ud835\udc29\ud835\udc2b\ud835\udc1e\ud835\udc1c\ud835\udc28\ud835\udc27\ud835\udc1f\ud835\udc22\ud835\udc20\ud835\udc2e\ud835\udc2b\ud835\udc1a\ud835\udc1d\ud835\udc28 y \ud835\udc04\ud835\udc27\ud835\udc20\ud835\udc2b\ud835\udc1a\ud835\udc26 \ud835\udc1c\ud835\udc28\ud835\udc26\ud835\udc28 \ud835\udc26\ud835\udc1e\ud835\udc26\ud835\udc28\ud835\udc2b\ud835\udc22\ud835\udc1a \ud835\udc29\ud835\udc1e\ud835\udc2b\ud835\udc2c\ud835\udc22\ud835\udc2c\ud835\udc2d\ud835\udc1e\ud835\udc27\ud835\udc2d\ud835\udc1e \ud835\udc2f\u00ed\ud835\udc1a \ud835\udc0c\ud835\udc02\ud835\udc0f.\n\nTambi\u00e9n incluye perfiles `base`, `ai`, `devops` y `full`, para instalar solo lo que necesitas seg\u00fan el tipo de servidor.\n\nNo voy a hacerte escribir \u201c\ud835\udc03\ud835\udc04\ud835\udc15\ud835\udc01\ud835\udc0e\ud835\udc17\u201d para poder instalarlo \ud83d\ude04\n\nTe dejo el enlace directamente aqu\u00ed:\n\nhttps:\/\/lnkd.in\/eUv6QXBA\n\n\u00bfT\u00fa tambi\u00e9n acabas configurando el mismo entorno una y otra vez?\n\n#DevOps\u00a0\u00a0#SysAdmin\u00a0\u00a0#OpenSource\u00a0\u00a0#Linux\u00a0\u00a0#SSH\u00a0\u00a0#Zellij\u00a0\u00a0#Devbox\u00a0\u00a0#Nix\u00a0\u00a0#AI\u00a0\u00a0#Automation\u00a0\u00a0#MCP","thumbs":{"m":{"w":320,"h":240,"hash":"C15_QeOtS7cfhBMJqhaADQ&ts=1781404250"},"x":{"w":800,"h":600,"hash":"-OY4rwJzbh1X4BbjsK3i6Q&ts=1781404250"},"y":{"w":960,"h":720,"hash":"fX6rhRfLKsJbn4SPNF1a1w&ts=1781404250"},"i":{"bytes":"AeACg|DKzSUUUAFFLtO0Nj5ScZ96SgAooooAKKjooAk4oqOigCSio6KAP\/\/Z"}}}}},{"channel_id":1463575034,"post_id":1450,"date":1779474187000,"views":"98","text":"A todos. Vulnerabilidad cr\u00edtica en Hestia. Si ten\u00e9is activada la web terminal, \u00a1\u00a1\u00a1 desactivadla AHORA !!!
v-delete-sys-web-terminal<\/pre>https:\/\/app.opencve.io\/cve\/CVE-2026-43633<\/a>","text_length":174,"media":{"root":null,"webpage":{"url":"https:\/\/app.opencve.io\/cve\/CVE-2026-43633","type":"article","title":"CVE-2026-43633 - Vulnerability Details - OpenCVE","site_name":"app.opencve.io","display_url":"app.opencve.io\/cve\/CVE-2026-43633","description":"HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted data into HTTP headers that are processed by the PHP session handler but incorrectly deserialized by the Node.js web terminal component as trusted session values, resulting in arbitrary command execution on systems with the web terminal feature enabled."}}},{"channel_id":1463575034,"post_id":1449,"date":1779462173000,"forwards":"1","views":"32","text":"Estamos en directo en G33K TEAM","text_length":31},{"channel_id":1463575034,"post_id":1448,"date":1779281402000,"forwards":"2","views":"48","text":"\u26a0\ufe0f Sigue la oleada de vulnerabilidades cr\u00edticas en servidores Linux y servicios web durante mayo 2026.<\/b>

En las \u00faltimas semanas se han publicado:

- CVE-2026-31431<\/b>\u2192 \u201cCopy Fail\u201d (Kernel Linux)
- CVE-2026-43284 \/ CVE-2026-43500<\/b> \u2192 \u201cDirty Frag\u201d
- CVE-2026-46300<\/b> \u2192 \u201cFragnesia\u201d
- CVE-2026-42945<\/b> \u2192 Vulnerabilidad cr\u00edtica en NGINX Rewrite  
https:\/\/socprime.com\/es\/blog\/cve-2026-42945-vulnerabilidad-critica-reescritura-nginx\/<\/a>

Tambi\u00e9n se han publicado varias vulnerabilidades cr\u00edticas en PHP:

- CVE-2026-6722<\/b> \u2192 RCE en PHP SOAP Extension (CVSS 9.8)
- CVE-2026-7261<\/b> \u2192 Use-after-free en SoapServer (CVSS 9.8)
- CVE-2026-6104<\/b> \u2192 Buffer over-read en mbstring
- CVE-2026-7262<\/b> \u2192 DoS en SOAP apache:Map
- CVE-2026-7258<\/b> \u2192 Vulnerabilidad en urldecode()

Y adem\u00e1s:

- CVE-2026-41940<\/b> \u2192 Actualizaci\u00f3n cr\u00edtica de seguridad en cPanel\/WHM WP2  
https:\/\/support.cpanel.net\/hc\/en-us\/articles\/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026<\/a>

\u26a0\ufe0f Muchas de estas vulnerabilidades afectan a servidores expuestos a Internet y permiten desde denegaciones de servicio hasta ejecuci\u00f3n remota de c\u00f3digo y escalada de privilegios.

Si gestion\u00e1is VPS, servidores Linux, HestiaCP, cPanel, NGINX, Apache o stacks PHP, es muy recomendable revisar actualizaciones y mitigaciones cuanto antes.

\ud83d\udce9 Si necesit\u00e1is ayuda revisando, mitigando o securizando servidores pod\u00e9is contactarme por Telegram:
@tuxed<\/b><\/a>","text_length":1394,"media":{"root":"\/012\/qAUAAPphPFcAAAAAxriAQSts96w","webpage":{"url":"https:\/\/socprime.com\/es\/blog\/cve-2026-42945-vulnerabilidad-critica-reescritura-nginx","type":"photo","title":"CVE-2026-42945: Falla Cr\u00edtica de Reescritura en NGINX","site_name":"SOC Prime","display_url":"socprime.com\/es\/blog\/cve-2026-42945-vulnerabilidad-critica-reescritura-nginx","description":"Descubra c\u00f3mo CVE-2026-42945 puede provocar ca\u00eddas de trabajadores de NGINX y posible ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de una falla de reescritura de m\u00f3dulo existente desde hace mucho tiempo","author":"SOC Prime Team","thumbs":{"m":{"w":320,"h":187,"hash":"vQMA6O1SKD6aWv2qLHvpXw&ts=1781404250"},"x":{"w":800,"h":468,"hash":"nwCDIFdNzRmSOm_egiHdrg&ts=1781404250"},"y":{"w":820,"h":480,"hash":"--qfaMg3FZauIP8e-G-iYA&ts=1781404250"},"i":{"bytes":"AYACg|DHUKRycUnepEiLrncg9icUpgIQN5kfbjdzQAqKuMseKkdAU3jkYxR5RRdwkjOOwbNSR7fK5GM072KUOYijhZ2wvHuTRUyp5kbRofmPQDvzRUuRbgl0KauFGMZ\/GneaP7v60UUzIcJRg4GDUgY+WH4x2oooZrDcWN\/3o2\/L070UUVDNkf\/Z"}}}}},{"channel_id":1463575034,"post_id":1447,"date":1778334624000,"views":"9","text":"\ud83c\udfe6 Institutional ETH Staking \u2014 Private Access<\/b>
The vault the whales don't want you to know about<\/i>

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

While most people chase memecoins, smart money is quietly stacking stETH rewards<\/b> through institutional-grade infrastructure.

RockSolid AutoPlus Beta Circle<\/b> just opened a private window for early adopters \u2014 powered by Lido V3 stVaults<\/b>, the backbone of serious DeFi yield.

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

\ud83d\udc8e Exclusive Beta Perks:<\/b>
\u251c \u2705 Verified beta access (free)
\u251c \ud83d\udd25 Up to 10% APY<\/b> on your staked ETH
\u251c \ud83d\udcc8 Automatic stETH rewards, compounding daily
\u251c \ud83d\udd12 Institutional-grade vault security
\u2514 \ud83c\udf9f Your invite code: RS-2471-STETH<\/code>

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

\u23f3 This invite expires in 48 hours.<\/b>
No fees. No lock-up. Just connect your EVM wallet and you're in.

\ud83d\udc49 Claim Your Spot \u2192 lido-vault.network<\/a>

Limited access. Once it's gone, it's gone.<\/i>","text_length":844},{"channel_id":1463575034,"post_id":1446,"date":1778334449000,"views":"9","text":"\ud83c\udfe6 Institutional ETH Staking \u2014 Private Access<\/b>
The vault the whales don't want you to know about<\/i>

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

While most people chase memecoins, smart money is quietly stacking stETH rewards<\/b> through institutional-grade infrastructure.

RockSolid AutoPlus Beta Circle<\/b> just opened a private window for early adopters \u2014 powered by Lido V3 stVaults<\/b>, the backbone of serious DeFi yield.

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

\ud83d\udc8e Exclusive Beta Perks:<\/b>
\u251c \u2705 Verified beta access (free)
\u251c \ud83d\udd25 Up to 10% APY<\/b> on your staked ETH
\u251c \ud83d\udcc8 Automatic stETH rewards, compounding daily
\u251c \ud83d\udd12 Institutional-grade vault security
\u2514 \ud83c\udf9f Your invite code: RS-2471-STETH<\/code>

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

\u23f3 This invite expires in 48 hours.<\/b>
No fees. No lock-up. Just connect your EVM wallet and you're in.

\ud83d\udc49 Claim Your Spot \u2192 lido-vault.network<\/a>

Limited access. Once it's gone, it's gone.<\/i>","text_length":844},{"channel_id":1463575034,"post_id":1445,"date":1778333879000,"views":"11","text":"\ud83c\udfe6 Institutional ETH Staking \u2014 Private Access<\/b>
The vault the whales don't want you to know about<\/i>

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

While most people chase memecoins, smart money is quietly stacking stETH rewards<\/b> through institutional-grade infrastructure.

RockSolid AutoPlus Beta Circle<\/b> just opened a private window for early adopters \u2014 powered by Lido V3 stVaults<\/b>, the backbone of serious DeFi yield.

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

\ud83d\udc8e Exclusive Beta Perks:<\/b>
\u251c \u2705 Verified beta access (free)
\u251c \ud83d\udd25 Up to 10% APY<\/b> on your staked ETH
\u251c \ud83d\udcc8 Automatic stETH rewards, compounding daily
\u251c \ud83d\udd12 Institutional-grade vault security
\u2514 \ud83c\udf9f Your invite code: RS-2471-STETH<\/code>

\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501

\u23f3 This invite expires in 48 hours.<\/b>
No fees. No lock-up. Just connect your EVM wallet and you're in.

\ud83d\udc49 Claim Your Spot \u2192 lido-vault.network<\/a>

Limited access. Once it's gone, it's gone.<\/i>","text_length":844},{"channel_id":1463575034,"post_id":1444,"date":1778252720000,"forwards":"1","views":"14","text":"Estamos en directo en G33K TEAM","text_length":31},{"channel_id":1463575034,"post_id":1443,"date":1777978382000,"forwards":"1","views":"146","text":"\ud83d\udea8 \u00bfTu servidor est\u00e1 protegido contra CVE-2026-31431?<\/b> \ud83d\udea8

Ofrezco servicio de parcheo y securizaci\u00f3n de servidores y VPS<\/b> para mitigar esta vulnerabilidad cr\u00edtica.

\u2714\ufe0f An\u00e1lisis r\u00e1pido
\u2714\ufe0f Aplicaci\u00f3n de parches
\u2714\ufe0f Hardening b\u00e1sico
\u2714\ufe0f Verificaci\u00f3n final de seguridad

Evita riesgos, accesos no autorizados o ca\u00eddas de servicio.

\ud83d\udce9 Cont\u00e1ctame directamente en @tuxed<\/b><\/a> y lo revisamos cuanto antes.","text_length":390},{"channel_id":1463575034,"post_id":1442,"date":1777581271000,"forwards":"1","views":"36","comments":"2","text":"\ud83d\udea8 [SECURITY ALERT] Vulnerabilidad cr\u00edtica en Linux (posible root)<\/b> \ud83d\udea8

Hola a todos, comparto esto porque puede afectar a servidores con HestiaCP<\/b> \ud83d\udc47

\ud83d\udc49 https:\/\/copy.fail\/<\/a>

\u26a0\ufe0f Qu\u00e9 pasa<\/b>
Se ha detectado una vulnerabilidad en el kernel de Linux (\u2265 2017<\/b>) que permite:
- Escalada de privilegios<\/b>
- Acceso root desde un usuario sin permisos<\/b>

\u26a0\ufe0f Estado<\/b>
- Actualmente sin parche oficial<\/b>

\ud83d\udee0\ufe0f Mitigaci\u00f3n temporal<\/b>
Se recomienda desactivar el m\u00f3dulo afectado (algif_aead<\/b>):
echo "install algif_aead \/bin\/false" > \/etc\/modprobe.d\/disable-algif.conf
rmmod algif_aead 2>\/dev\/null || true<\/pre>Y a\u00f1adir blacklist en GRUB:
sudo sed -i 's\/GRUB_CMDLINE_LINUX="\/GRUB_CMDLINE_LINUX="initcall_blacklist=algif_aead_init \/' \/etc\/default\/grub
sudo update-grub
sudo reboot<\/pre>\ud83d\udccc Nota En algunas distros puede ser necesario hacerlo directamente en GRUB.

\ud83d\udea8 Recomendaci\u00f3n Si tienes servidores con HestiaCP (o cualquier Linux expuesto), mejor aplicar la mitigaci\u00f3n cuanto antes.

\ud83d\udcac Si alguien tiene m\u00e1s info o confirmaci\u00f3n oficial, estar\u00eda bien centralizarlo aqu\u00ed \ud83d\udc4d","text_length":1032,"media":{"root":"\/00e\/ogUAAPphPFcAAAAAeoXZGrj3lqo","webpage":{"url":"https:\/\/copy.fail","type":"photo","title":"Copy Fail \u2014 732 Bytes to Root","site_name":"Xint","display_url":"copy.fail","description":"CVE-2026-31431. 100% Reliable Linux LPE \u2014 no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.","author":"Xint","thumbs":{"m":{"w":320,"h":168,"hash":"HBBBfV_e8nQ8KnIs5fssiA&ts=1781404250"},"x":{"w":800,"h":420,"hash":"DI7YM_jnBX6epYORlDPDoQ&ts=1781404250"},"y":{"w":1200,"h":630,"hash":"_wRYnhq-rEH9pVuXlGXAnQ&ts=1781404250"},"i":{"bytes":"AVACg|DWd0QAu6qDxyafUUsfmFTkgjPTHf61WawUk4LYIPXHWgC5uUMFyNx7Z5pQwOcHp1quLcBACWJxyfU5yf51LDEIlwCT9aelhElFFFIYlFFFABS0UUAFFFFAH\/\/Z"}}}}},{"channel_id":1463575034,"post_id":1440,"date":1777043094000,"forwards":"1","views":"42","text":"Estamos en directo en G33K TEAM","text_length":31},{"channel_id":1463575034,"post_id":1439,"date":1776438134000,"forwards":"1","views":"37","text":"Estamos en directo en G33K TEAM","text_length":31},{"channel_id":1463575034,"post_id":1438,"date":1776188932000,"forwards":"2","views":"187","text":"Esta canci\u00f3n est\u00e1 inspirada en los escritos de Jordi Murg\u00f3, especialmente en su publicaci\u00f3n sobre \u201cSOUL.md<\/a>\u201d.

Su forma de explorar la identidad, la conciencia y el concepto de \u201calma\u201d en sistemas digitales me impact\u00f3 mucho y fue el punto de partida para crear esto.

Gracias, Jordi, por inspirar ideas que van m\u00e1s all\u00e1 del c\u00f3digo.","text_length":329,"media":{"root":"\/012\/ngUAAPphPFcAAAAAxriAQSts96w","audio":{"duration":299,"is_voice":false,"performer":"aitorroma","title":"Crustaceo","file_name":"Crustaceo.mp3","mime_type":"audio\/mpeg","size":6764460,"thumbs":{"m":{"w":320,"h":320,"hash":"x3g_UI0bbxiVzTS6O6-biw&ts=1781404250"},"i":{"bytes":"AoACg|DMxnAqaNcYzUSjkVMoOQDmgReYgw4+XpWa4Oau7D5fSq7pk8d6LhYgAwcfmaKVhhjRQFgGPlq1B83zN0WqQPSrKSsYigHftSY0y3xjdn8c1FN8hyO9Q\/P6GlklJjCsMbehpWHe5G2N5oqMnk0U7CuNUFmAFW41CjFFFUST4j29Tn6VDIoIooqSmVGBVsGiiimI\/9k="}}}}},{"channel_id":1463575034,"post_id":1437,"date":1775833347000,"forwards":"1","views":"28","text":"Estamos en directo en G33K TEAM","text_length":31}]