EXPLOIT WARNING

Extremely suspicious activities today from catbox.moe after being down last night 12 hours, and requiring new account credentials today after California servers seized or invaded.

Catbox.moe is now suddenly sending illegal jpg malformed byte streams! (via WebP tricks not honoring HTTP protocols)

I never once in history got a possible zer0-day fake jpg masquerading as a webP UNTIL HOURS AGO!!!!!!

CATBOX SUDDENLY BEING USED TO SEND MALFORMED JPGS!!! New July 21 2021 zero day revealed!

https://vulners.com/zdi/ZDI-21-893

WebP has again and again every year, including last summer, been used to exploit Windows 10 computers remotely. Last Summer again!!!!

And two defects on All macs and iOS including one in May and a 0-day revealed today July 21 2021, AFTER catbox.moe 12 hour mystery outtage and then mysteriously started sending malformed webP.

JPG and PNG have had almost no remote exploits since 2012, unlike the deep state spooks exploiting WebP.

I have no doubt WebP has more unrevealed CIA zer0-days in it.

August 2020 : Microsoft Windows WebP Image Extention RCE (August 2020) : https://www.tenable.com/plugins/nessus/140596

If you had your browser set to broadcast lack of support for WebP shit, you were safe all through 2020.

July 21 2021? Yep more exploitable defects for macintosh too :

https://vulners.com/zdi/ZDI-21-893

That revelation from anonymous on July 22 2021 , half a day ago, is UNPATCHED ON ALL MACS using latest safari !!!!

And its already been leveraged by CIA/FBI/MOSSAD all last month.

In May 2021 another defect on Macs : "ZDI-21-598" discovered suing fuzzing tools that repair internal checksums after fuzz.

https://en.wikipedia.org/wiki/Fuzzing

And its only known on this site here, and wherever I deem worthy to warn cyber-punks like vulners.com

Servers swapping byte streams from jpg to mystery files is dangerous... it is how .exe files, .pdf zero days, and similar payloads can get delivered into target machines.

The CIA/FBI has no doubt COUNTLESS remote exploit zero-day ways to hack citizens using the mammoth over-engineered JPEG XR file container : https://en.wikipedia.org/wiki/JPEG_XR but to get a target suspect to open and decode a JPEG XR requires them to be tricked into accepting a WebP (https://en.wikipedia.org/wiki/WebP)

In my Firefox I have set all thee spots to force unacceptance of Webp shit files :

In my Firefox I have set all thee spots to force unacceptance of Webp shit files :

about:config, remove "image/webp," from image.http.accept

in about:config remove "image/webp," from network.http.accept.default.

third step (most drastic) :

also in about:config set "FALSE" image.webp.enabled

"silent image swap to WebP" was a foolish feature of saving bytes on Reddit.com, but webp and its DRM nonsense and user tracking salted internal data, needs to be banned.

Normally in 2021 , image.webp.enabled is set True for kikery, and normally in 2021 image.http.accept and network.http.accept.default allow this abomination.

Catbox seemingly honored that until very recently, today, also coinciding with zer0 day today revelation for all newest Apple devices.