Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0048f2c0
SSL_get_version
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0048f2c0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0048f2c0.json&colors=light
The sigil was drawn in salt and ash, the candles lit at the pentagram points, the incantation declaimed.
There was a shimmer - a demon appeared.
"Curious. What ritual is this?"
"I got it from ChatGPT. I included all protections in my prompt!"
"I see," the demon said and stepped out of the sigil.
CVE-2025-4575: Low severity OpenSSL (3.5 only) vulnerability in openssl x509 (marking certs as trusted when asked to reject them): https://openssl-library.org/news/secadv/20250522.txt
Unlikely to have a big impact, but it's funny since this is a case of the tool doing the literal opposite of what it's asked to do. :-)
Pocket, an app for saving and reading articles later, is shutting down on July 8, Mozilla announced today.Â
The company sent an email with the subject line “Important Update: Pocket is Saying Goodbye,” around 2 p.m. EST and I immediately started wailing when I saw it.Â
“You’ll be able to keep using the app and browser extensions until then. However, starting May 22, 2025, you won’t be able to download the apps or purchase a new Pocket Premium subscription,” the announcement says. Users can export saved articles until October 8, 2025, after which point all Pocket accounts and data will be permanently deleted.Â
The Mozilla-owned Pocket, formerly known as "Read It Later," launched in August 2007 as a Firefox browser extension that let users save articles to... well, read later. Mozilla acquired Pocket in 2017.Â
“Pocket has helped millions save articles and discover stories worth reading. But the way people save and consume content on the web has evolved, so we’re channeling our resources into projects that better match browsing habits today,” Mozilla said in an announcement on Distilled, the company’s blog. “Discovery also continues to evolve; Pocket helped shape the curated content recommendations you already see in Firefox, and that experience will keep getting better. Meanwhile, new features like Tab Groups and enhanced bookmarks now provide built-in ways to manage reading lists easily.”Â
In that announcement, it also said it’s sunsetting Fakespot, Mozilla’s failed attempt at consumer-level AI detection tools. The Distilled announcement post says the company made the choice to shut down these products because “it’s imperative we focus our efforts on Firefox and building new solutions that give you real choice, control and peace of mind online.” It also says the choice will allow Mozilla to “shape the next era of the internet – with tools like vertical tabs, smart search and more AI-powered features on the way.” Which is what everyone wants: more AI bloat in their browsers.Â
The “Pocket Hits” newsletter will continue, the company says, under a new name starting June 17. “We’re proud of what Pocket has made possible over the years — helping millions of people save and enjoy the web’s best content. Thank you for being part of that journey,” the company said.
As I said, I’m upset! I use the Pocket Chrome extension almost daily, and it’s become a habitual click for articles I want to save to read later even though I fully know I never will. Before the subway had Wi-Fi, back when I commuted to work 45 minutes each way every day, I used Pocket to save articles offline and read outside of internet access. Anecdotally speaking, Pocket was a big traffic driver for bloggers: At all of the websites I’ve worked at, getting an article on Pocket’s curated homepage was a reliable boost in viewers.Â
404 Media contributing writer Matthew Gault suggests copy-pasting links to articles into a giant document to read later. Now that Pocket is no longer with us, I might have to start doing that.Â
Pocket and Mozilla did not immediately reply to a request for comment.Â
At #Pwn2Own Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️
Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended with shellcode execution after MMU reconfiguration on the RTOS.
Read the full vulnerability deep dive here 👉 https://neodyme.io/en/blog/pwn2own-2024_canon_rce/
sev:CRIT
Spring auth bypass.
A thing I’ve been thinking about: when someone says “this is a good use case for generative/agentic AI”, that’s usually a sign that the process could be improved.
Like, people use LLMs to write overly fluffy covering letters for job applications. OK, just have an application form.
Or people use LLMs to understand errors when coding. Okay, that’s a sign to make the error handling more readable/helpful. E.g. the Rust compiler has pretty excellent errors compared to “syntax error on line 37”.
I hate Windows: "Why does the Windows Portable Executable (PE) format have separate tables for import names and import addresses?, part 2".
https://devblogs.microsoft.com/oldnewthing/20231130-00/?p=109084
Self QA:CVE-2025-24203, https://proteas.github.io/ios/2025/05/21/self-qa-cve-2025-24203.html
Oh my fucking god. Oh my fucking god firefox what. What. Firefox now does a thing where when a tab makes a sound the tab GETS WIDER to accommodate the audio icon. So I'll be trying to read and the tab bar will just be slithering back and forth randomly for no reason at all. Firefox I have. I have severe issues with distracting motion in the corner of my eyes and this is the most neuroaggressive things I have ever seen a software package do
🚨 *Attention!* We were made aware of a fake “KeePassXC Password Manager Pro” repository on GitHub that links to unverified external binary downloads.
- There is NO Pro version of KeePassXC!
- You get all the “Pro” features with the regular version.
Please download KeePassXC only from trusted distribution channels linked on https://keepassxc.org/ !
As Google integrates AI to deliver information directly in search results, the incentive to create or maintain websites — including news platforms — is fading. With instant answers, people won’t need to click through. The web will shrink to a few walled garden platforms.
So, Google just launched a major new AI demo that requires people to relax their browser security settings. Wow.
I don't want to "talk" to my browser. I don't want my browser to "summarize" things. I don't want my browser to "help" me with things. I don't want my browser to do anything except show me web pages and shut the fuck up and get out of the way.
The RE//verse YouTube channel is packed with talks from RE//verse 2025! Catch Takahiro’s deep dive into UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior here: https://youtu.be/pMZqvv_tKDs?feature=shared and be sure to subscribe so you don’t miss more like this!
VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)
And moar. ( CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 )
The vCenter Server contains an authenticated command-execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.