[RSS] Hunting CVE-2025-59287 in Memory Dumps

https://medium.com/@Debugger/hunting-cve-2025-59287-in-memory-dumps-b70afd7d2dcf?source=rss-3ba65b326b28------2

@tshirtman @cs @tmr232 @nieldk You are right and it even seems to be my code dammit! Thanks for your help!

@tmr232 @nieldk @cs @tshirtman Thanks for the responses, but my diagnosis was wrong - although I still don't quite get it: it turns out that the object I'm writing out (json.dump) contains a list that gets extended by the script (this sort of explains why I'm writing out more and more data), BUT the list is part of an object that I reinstantiate on every run, which should empty the list (I call super() with an empty list). Problem is the (super)class is generated code and I suspect the list is not in fact an object member but a static class variable that may cause this??

Edited: Wrong diagnosis, sry!

@Viss

RE: https://pawb.fun/@itsOasus/115787031750775789

Anyone pushing this shit with "Engineer" in their title needs to get torn to pieces.

The documentation for this image processing library by @vruba is one of the most interesting things I've read in weeks:

https://github.com/celoyd/potato/blob/main/docs/personal.md
https://github.com/celoyd/potato/blob/main/README.md
https://github.com/celoyd/potato/blob/main/docs/concepts.md

Philosophical discussion of the nature of seeing and what am image is vs a map, fascinating technical details about how satellite imaging works and why it looks as bad as it often does, a lot of really thoughtful conversation about engineering and aesthetic process, and even an amusing unit of measurement — grams per terrapixel.

All I want for Xmas is sane documentation <3

Dropping a Xmas-sploit for CVE-2025-14847

@GossiTheDog Maybe you are confusing MariaDB with MongoDB in their relation to MySQL?

I truly appreciate the work of those who keep an eye on threats during the holiday season, but:

- MongoDB has nothing to do with MySQL
- A memory disclosure is not an RCE (but you should probably prioritize similarly in this case)

CVE-2025-14847

Oh. yay.

"mongobleed" — https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

CVE-2025-14847

"Exploits zlib decompression bug to leak server memory via BSON field names.”

"Technique: Craft BSON with inflated doc_len, server reads field names from leaked memory until null byte.”

"What if Bitcoin was one big mining company?":

https://no01.substack.com/p/what-if-bitcoin-was-one-big-mining

You'd be insane buying its shares.

Do you or somebody you know have a Windows 10 that isn't fit for a Windows 11 upgrade? (e.g. no TPM)

1. Get a Windows 11 25H2 ISO
2. Run setup /product server

Enjoy your Windows 11 with no coerced Microsoft Account, TPM features, etc.

AFL++ 4.35c release! Complete hidden coverage gathering, GUIFuzz++ support, IJON for qemu, various fixes! https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.35c #fuzzing #fuzzer

@Viss wait since when is PTP spelled "pen test partners" (as in partners testing pens)?

c3nav is out!!! come hang out with your favorite has-beens and get lectured about the good old days at the console hackers retirement home! non-retired hackers also welcome we are here to support the new generation 🫡

Console Hackers Retirement Home
Assembly, F6, Hall 3, Level 0

#39c3

https://39c3.c3nav.de/l/nintenbros/

Christmas Eve miracle: Fortinet admits new exploitation of a 2020 bug

https://www.fortinet.com/blog/psirt-blogs/product-security-advisory-and-analysis-observed-abuse-of-fg-ir-19-283

does anyone know of an artist taking commissions who has a sense of humour and a style somewhere in the realms of Hieronymus Bosch / medieval era classical painting, who would be willing to make me a t-shirt design? (paid work, of course.)

I'm looking to get a seasonal parody recreation of Slayer's Seasons In The Abyss album cover, in the theme of "Sleigher - Season's Greetings In The Abyss".

[RSS] Update: unique Unix v4 source code recovered off random tape

https://www.tomshardware.com/software/linux/unix-v4-recovered-from-randomly-found-tape-at-university-of-utah-only-known-copy-of-first-os-version-with-kernel-and-core-utilities-written-in-c