Wikimedia Foundation Challenges UK Online Safety Act Regulations | Wikimedia Foundation
https://alecmuffett.com/article/113724
#AgeVerification #OnlineSafety #surveillance #wikipedia

WAFFLED: Exploiting Parsing Discrepancies to Bypass Web Application Firewalls [PDF]

https://arxiv.org/pdf/2503.10846v1

[RSS] Remembering Chiptunes, the Demoscene and the Illegal Music of Keygens

https://hackaday.com/2025/07/20/remembering-chiptunes-the-demoscene-and-the-illegal-music-of-keygens/

[RSS] The case of the invalid instruction exception on an instruction that should never have executed

https://devblogs.microsoft.com/oldnewthing/20250718-00/?p=111390

[RSS] Trigon: exploiting coprocessors for fun and for profit (part 2)

#iOS

https://alfiecg.uk/2025/07/16/Trigon.html

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.

https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/

In case you feel like singing into a megaphone: please don't!

#activism #ProTip

JavaScript broke the web (and called it progress), https://www.jonoalderson.com/conjecture/javascript-broke-the-web-and-called-it-progress/.

> Everything’s optimised for developers – and hostile to everyone else.

> This isn’t accidental. It’s cultural. We’ve created an industry where complexity is celebrated. Where cleverness is rewarded. Where engineering sophistication is valued more than clarity, usability, or commercial effectiveness.

And still. Was told I’m an idiot when I was saying it’s getting too complex. Now this is the result.

#javascript #web

@flacs Dell Longitude

Cry and sob hysterically at every occasion, especially when confronted by government clerks.

A Microsoft ouchy on a Saturday, oh my:

https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/

Active exploitation already happening...

#sharepoint, #threatintel

One of my coworkers refers to Open Source as “the most incredible thing humanity has ever accomplished.” When he says that, he’s not making a socioeconomic or political statement, nor is he ignoring technical shortcomings. Rather, he is making an observation about how millions of people have created this immense pile of loosely coupled legos that actually all kind of fit together, without any central direction or fiat authority, with the only final arbiter being user adoption.

Mildly cursed factoid about UNC paths:

- UNC Paths can contain IP addresses such as \\192.168.1.1\share
- IPv6 addresses are supported as well
- IPv6 addresses contain colons
- can't have colons in Windows paths since colons are reserved for drive letters

So Microsoft came up with the the ipv6-literal.net domain that's special-cased by Windows so you can to write IPv6 addresses in UNC paths as 2a0e-3c0--21.ipv6-literal.net without it hitting any resolvers.

[oss-security] Five new CVEs published for Cyberark Conjur OSS

https://seclists.org/oss-sec/2025/q3/49

CVE-2025-49827 CVE-2025-49828 CVE-2025-49829 CVE-2025-49830 CVE-2025-49831

https://x.com/gf_256/status/1945829129804542208/photo/1

China's APT cyberspies are some of the best in the business. But how did the hackers get their start? Turns out many were "Honkers" - patriotic hackers in their teens and 20s who, in the late 90s, launched nationalistic cyberattacks against countries they deemed disrespectful to China. But as the Honkers developed their skills over time, the PLA and MSS came calling. In recent years they have been tied to prolific APT groups responsible for hundreds of intrusions in the US and around the world; and some have been indicted. Some of them also launched companies, like i-Soon, that have played an integral role in China's state hacking operations. Here's my story, based on great research from Eugenio Benincasa and Adam Kozy.

https://www.wired.com/story/china-honkers-elite-cyber-spies/

It is a mistake to think you can solve any major problems just with potatoes.

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

[RSS] Building secure messaging is hard: A nuanced take on the Bitchat security debate

https://blog.trailofbits.com/2025/07/18/building-secure-messaging-is-hard-a-nuanced-take-on-the-bitchat-security-debate/

CVE-2025-23267：A vulnerability in NVIDIA Container Toolkit can lead to container escape.

https://www.openwall.com/lists/oss-security/2025/07/16/3

Looking at this and CVE-2025-23266 makes me wonder: was NVIDIA's GPU sandbox vibe-coded?

#VibeCoding #AI #YOLO

CVE-2025-30761：A vulnerability in JDK's Nashorn Allows for Arbitrary Code Execution

https://seclists.org/oss-sec/2025/q3/43

Ooooh I love this! Can't wait to see the details....

#Java #JavaScript