@cR0w user controls are distractions that degrade your ad viewing experience

🔌 Allow us to introduce the new IDA Plugin Manager.

Now, with a few simple commands, you can access a modern, self-service plugin ecosystem. Discover and get discovered more easily.

https://hex-rays.com/blog/introducing-the-ida-plugin-manager

Genie: You have 3 wishes
Me: Can I just have -1 wish?
Genie: Okay, you have 4294967295L wishes

#microfiction

JNDI injection in DataEase DB2.

https://github.com/dataease/dataease/security/advisories/GHSA-88ph-3236-2m2h

[RSS] AI Coding Vibe Check

https://tamir.dev/posts/ai-vibe-check-2025/

/by @tmr232

@schrotthaufen I want the meta tags that tell browsers there is actually RSS available back in site generator templates (you can often find it's available, but designers often don't have a clue what RSS even is)

@schrotthaufen @mainframed767 @signalapp can you customize those?

@http_error_418 fair point! Ecosystem is quite diverse though, which is good for resilience

@mainframed767 @signalapp nice attack surface, upvoted! :)

A Spanish court orders Meta to pay €479M to 87 Spanish digital media outlets for unfair competition practices and infringement of EU data protection regulations (Reuters)

https://www.reuters.com/sustainability/boards-policy-regulation/spanish-court-orders-meta-pay-550-mln-digital-media-companies-2025-11-20/
http://www.techmeme.com/251120/p18#a251120p18

[RSS] Deleting the [Boot Configuration Data] through COM as low privileged user [CVE-2025-59253]

https://warpnet.nl/blog/deleting-the-bcd-through-com-as-low-privileged-user/

... what makes this esp. frustrating is that the code is _right there_ in the current virtualenv, but oh no, let's make those servers in us-east-1 work, we gotta pump those CO2 numbers up!

#python #uv

@algernon lol, IMO this verges on the edge of obfuscation but fulfills my criteria :D

The lesson for today is that you must always give your code weird ass names because tools tend to go online and fetch something completely unrelated if they can find the name :P

New Project Zero issue:

Windows: Administrator Protection RAiLaunchAdminProcess Application Name EoP

https://project-zero.issues.chromium.org/issues/437291456

CVE-2025-60718

Reversing public #security advisories has been a lot of fun lately. Here's an exploit I've built for CVE-2025-9501 that potentially affects 1+ million #WordPress installations:

https://www.rcesecurity.com/2025/11/exploiting-a-pre-auth-rce-in-w3-total-cache-for-wordpress-cve-2025-9501/

@david_chisnall @j Wait people refuse to use services if they don't have *stickers*??

When Updates Backfire: RCE in Windows Update Health Tools https://research.eye.security/rce-windows-update-health-tools/

[RSS] LITE XL RCE (CVE-2025-12121)

https://bend0us.github.io/vulnerabilities/lite-xl-rce/

[RSS] Remotely crashing the Spooler service

https://incendium.rocks/posts/Remotely-crashing-spooler/