We've integrated with Surveillance Watch, an interactive database that documents surveillance and spyware entities.

When searching for an entity that appears on their list, we'll display a banner on its domain to alert you that it's a known surveillance tech provider.

#Kagi #Search #Surveillance #Spyware #Privacy

Binary Ninja 5.2, Io, is live and it's out of this world! https://binary.ninja/2025/11/13/binary-ninja-5.2-io.html

With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!

This is my new favorite #design #fail.

Your periodic reminder that most CLI password prompts accept Ctrl+U to fully clear input so you can try again. Leave that backspace key alone.

@ricci

Not just natural language processing. It’s also the largest public archive of spreadsheets. When I was at Microsoft, a bunch of projects used it. For example, when the TypeScript version of the Excel calc engine wanted to see how good their coverage was, they tried to see how many of the Enron sheets they could correctly calculate (as in, give the same answers as desktop Excel, not give the answer without all of the fraud).

It sometimes surprises me to learn that there are people who don't know that one of the first really big datasets used to train and evaluate computer language and social models was (and still is) a bunch of internal emails from Enron.

Yes, that Enron. Collected as part of the investigation into its collapse.

https://en.wikipedia.org/wiki/Enron_Corpus

@cR0w As my bio says "I'm interested in all kinds of astronomy" :)

Y'all like AIX vulns, right? How about four of them? Okay well what if three are sev:CRIT? Fine, one is a perfect 10 if that's what it takes to get y'all to care. 🥳

https://www.ibm.com/support/pages/node/7251173

Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands (CVE-2025-36251, CVE-2025-36250), obtain Network Installation Manager (NIM) private keys (CVE-2025-36096), or traverse directories (CVE-2025-36236). These vulnerabilities are addressed through the fixes referenced as part of this bulletin. These vulnerabilities are exploitable only when an attacker can establish network connectivity to the affected host.

I wrote a proof-of-concept and writeup for CVE-2025-48593, an Android Bluetooth issue that only seems to affect devices that act as Bluetooth headsets / speakers. (i.e. NOT phones, only smartwatches/wearables/cars. And only after pairing. So you can stop worrying.)

https://github.com/zhuowei/blueshrimp

It should be a use-after-free; I haven’t gotten it to do anything interesting though.

So far, I was only able to get a null pointer deref (without malloc debug) or an attempted write to library rodata (with malloc debug).

Today, we're launching SlopStop: Community-driven AI slop detection in Kagi Search.

Join our collective defense against AI-generated spam and content farms:

https://blog.kagi.com/slopstop

#Kagi #Search #AISlop

Update to 4.11.1 now if you use it

CVE-2025-43515
https://support.apple.com/en-us/125693

https://infosec.exchange/@codecolorist/115385827463979240

Whoopsie.

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project directories. The vulnerability allows an attacker to execute arbitrary code by placing a malicious .sfw.config file in a project directory. When a developer runs Socket Firewall commands (e.g., sfw npm install) in that directory, the tool loads the .sfw.config file and populates environment variables directly into the Node.js process. An attacker can exploit this by setting NODE_OPTIONS with a --require directive to execute malicious JavaScript code before Socket Firewall's security controls are initialized, effectively bypassing the tool's malicious package detection. The attack vector is indirect and requires a developer to install dependencies for an untrusted project and execute a command within the context of the untrusted project. The vulnerability has been patched in Socket Firewall version 0.15.5. Users should upgrade to version 0.15.5 or later. The fix isolates configuration file values from subprocess environments. Look at sfw --version for version information. If users rely on the recommended installation mechanism (e.g. global installation via npm install -g sfw) then no workaround is necessary. This wrapper package automatically ensures that users are running the latest version of Socket Firewall. Users who have manually installed the binary and cannot immediately upgrade should avoid running Socket Firewall in untrusted project directories. Before running Socket Firewall in any new project, inspect .sfw.config and .env.local files for suspicious NODE_OPTIONS or other environment variable definitions that reference local files.

https://github.com/SocketDev/firewall-release/security/advisories/GHSA-6c5p-vqrh-h6fp

The video for my TalosCon 2025 keynote, "The Complexity of Simplicity", is now up:

https://www.youtube.com/watch?v=Cum5uN2634o

Slides:

https://speakerdeck.com/bcantrill/the-complexity-of-simplicity

Huge Ws for Rust adoption in Android!

Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics.

https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

In our latest blog we speak with Marion Marschalek of @blackhoodie on how community fuels career, how one challenge led to many opportunities and how you can get involved.
https://hex-rays.com/blog/blackhoodie-interview-2025

OK, it seems I found it (although not very useful, acceptable value formats are not documented for example), at the end of the article about...publishing. Because somehow in the CLI's world there is just *no way* I won't update my code to GitHub :P

https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#about-qlpackyml-files

@GitHubSecurityLab

Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab

The best resource I could find is this one by @trailofbits:

https://appsec.guide/docs/static-analysis/codeql/advanced/#creating-new-query-packs

@campuscodi I'm really curious if the RXSS will get caught ItW!

https://github.com/v-p-b/xss-reflections

AWS dug through its honeypot data and confirmed that CVE-2025-5777 (Cisco ISE RCE) and CVE-2025-5777 (memory leak in Citrix NetScaler) were exploited as zero-days before their patches.

Nothing new here except the confirmation that an APT was behind the attacks

https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/