Posts
2510
Following
665
Followers
1491
"I'm interested in all kinds of astronomy."
repeated
Edited 7 hours ago

Pretty unfortunate update on Fortra GoAnywhere MFT CVE-2025-10035 from the folks at @watchtowrcyber. Yikes. https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/

0
3
0
[RSS] [How to Become a Kernel Developer] Blog 2: Posted patches, what next?

https://www.linaro.org/blog/blog-2-posted-patches-what-next/
0
1
0
[RSS] Fast & Faulty - A Use After Free in KGSL Fault Handling

https://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/

#Qualcomm CVE-2024-38399
0
0
2
[RSS] Is Mouse Input Random Enough for Generating Secret Keys?

https://x41-dsec.de/security/research/news/2025/09/25/mouse-entropy/
0
2
3
repeated

i can finally share the google docs attack poc from my slides!!

blogpost coming later

(video 1/2 - the attack)

1
2
0
repeated

🔴 We just published our Black Hat Arsenal talk (part 1)!

It's a brief tutorial on:

1. using rev.ng from the CLI;
2. playing around with the decompiled code in VSCode;
3. finding bugs with clang static analyzer! 🦾

https://www.youtube.com/watch?v=_Ph_kQr064w

1
2
0
repeated

I didn't know how to explain it at the time but we have words for my bug report now: I used the SSDP RFC -> LLM-generated EBNF grammar -> vibe-coded Rust compiler for EBNF to Protobuf -> vibe-coded C++ frontend -> vibe-coded root cause -> vibe-coded report https://issues.chromium.org/issues/40070891

1
1
0
repeated

🏆 VB2025 Péter Szőr Award — Finalists Announced!

We're excited to reveal the three shortlisted finalists for this year’s Péter Szőr Award, selected by committee vote

The winner will be announced at the Gala Dinner this evening, Thursday 25 September, at VB2025 in Berlin.

0
2
0
repeated
Edited 10 hours ago

We need an internet archive outside the US! We can't put all our eggs in one basket.

Oh, wait: we *have* an internet archive outside the US. Let's support it.

And now they have an office - a physical presence!

https://flaminghydra.com/freedom-and-sharing-at-the-internet-archive-europe/

https://www.internetarchive.eu/

1
15
0
repeated

Inky Impression 用に額縁を設計してプリントして収めた。安っぽいけどだいぶフォトフレーム感が出た

1
1
0
repeated
repeated

So I just reported a very interesting bug in Outlook - took me a while to analyze and understand (part of) the root cause..

The bug allows to read the value of an MAPI property* and use it *directly* as a memory pointer. We know OOB (e.g. caused by integer overflow) bugs are not rare but they're all some sort of "offsets", not someone just read the value and directly use it as a pointer.. So basically you can set the DWORD 0xdddddddd in the email and Outlook would happily access memory at 0xdddddddd. Not sure what severity it could be as it's an OOB-read at first glance, but def. an interesting find for me.:)

Full details will be released after MSRC's review.

* https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/mapi-property-overview

2
1
0
repeated

System/38 project update. Edith is off the pallet and on her own wheels. WE REPEAT THE EDITH HAS LANDED.

https://www.gofundme.com/f/ibm-system-38-computer-rescue-and-restoration

1
1
0
repeated

The crates.​io team was notified of two malicious crates (with similar names as legitimate crates) which were actively searching file contents for Etherum private keys, Solana private keys, and arbitrary byte arrays for exfiltration. The malicious crates have been removed.

See the blog post for details: https://blog.rust-lang.org/2025/09/24/crates.io-malicious-crates-fasterlog-and-asyncprintln/

0
7
0
repeated

I wrote an article about what I wish juniors in cybersecurity would ask for and contribute when asking for a mentor and career guidance, in light of the terrible tech jobs market.

https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/

7
12
0
repeated

There's an vuln in Cisco IOS which allows RCE via SNMPv1 or v2 if you have the read-only community string and can send SNMP packets. Under active exploitation. CVE-2025-20352

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte

3
9
0
How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2

https://cookieplmonster.github.io/2025/04/23/gta-san-andreas-win11-24h2-bug/
1
2
4
[RSS] Why is Windows still tinkering with critical sections?

https://devblogs.microsoft.com/oldnewthing/20250924-00/?p=111624
0
0
1
repeated

stty

https://wizardzines.com/comics/stty/

(from The Secret Rules of the Terminal, out now! https://wizardzines.com/zines/terminal/)

2
2
0
Show older