AMD released an advisory for Ryzen AI with four sev:HIGH
CVEs.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7037.html
High level diff of iOS 18.4 vs. iOS 18.5 beta 1 π
https://github.com/blacktop/ipsw-diffs/blob/main/18_4_22E240__vs_18_5_22F5042g/README.md
We've been teasing it for a while, but the full features of Firmware Ninja are officially available on dev and will be in the 5.0 release later this month! Doing reverse engineering of embedded firmware? Check out how FWN can make your life better:
How can one engage in algorithmic sabotage to poison "AI" scrapers looking for images when one is running a static website? Thanks to @pengfold, I've implemented a quick and easy way for my own blog:
https://tzovar.as/algorithmic-sabotage-ii/
Also thanks to @rostro & @asrg for the pointers and discussion!
Jenkins released a security advisory with 9 CVEs across 8 vulns, 1 of which is sev:HIGH
and the rest are sev:MED
.
It's time to explain Thunderbird's relationship to Mozilla again.
Thunderbird is in its own legal entity - MZLA Technologies and is governed in part by a Community Council elected by and from our open source contributors.
Thunderbird is currently 100% donation-funded. We do not receive any money outside what our donors give us.
This is good for Thunderbird and makes us unique. Our whole structure only works to serve the interests of our users and contributor community.
70 DIY Synths on One Webpage
https://hackaday.com/2025/04/02/70-diy-synths-on-one-webpage/
It seems like it's been a while since I've seen a SquirrelMail vuln.
sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
https://squirrelmail.org/security/issue.php?d=2025-04-02
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
@cR0w @pup @buherator @cy
FWIW, I did some testing with the eicar string in an AES-encrypted zip (via 7-zip)
eicar.com
: Blockedhello.txt
: AllowedA
as eicar.com
: Blockedeicar.com
: Blockedhello.txt
: AllowedSo at least as of this specific test, it may be that the Gmail SMTP server is perhaps just using filenames for "blocking" the sending of mail.
And again, I use scare quotes around "blocked" as while the SMTP server does say that the message was blocked "because its content presents a potential security issue." But the email is indeed sent to the recipient., despite the warning.
Time Travel Analysis with a full-system android emulator gives you the full picture.
But if you're just looking at one part of an app, a lighter method can be enough.
Hereβs how we used Frida to do it: https://eshard.com/posts/frida-tracer-lightweight-time-travel-analysis
#mobilesecurity #android #androidsecurity #reverseengineering
I wanted to quickly explain why, school kids should learn markdown instead of MS Office, and ended up writing a major Epos on Markdown vs obsolete writing formats:
https://ia.net/topics/markdown-and-the-slow-fade-of-the-formatting-fetish
This is, I kid you not, about 1/6th of what I wrote. I'll publish the rest later.
We're pleased to announce that folks can now contribute financially to the project through GitHub Sponsors! π