Posts
2532
Following
646
Followers
1460
"I'm interested in all kinds of astronomy."
repeated

Can't help but notice that all the CTI vendors that were waving their arms like carwash inflatables about increased activity from Iran have little to say about the lack of increased activity from Iran, which was the reasonable expectation from the jump.

2
3
0
repeated
repeated

Had a coworker tell me "Don't let infosec get in the way of hacking" which feels like an intense bit of wisdom underneath it all.

1
9
0
repeated

users are unaffected by CVE-2025-32463 (sudo chroot option privesc) when a feature available since 2021 is enabled. Customers can view our KB article on an earlier vulnerability this year, CVE-2025-4802 for glibc, to see how exploitation is prevented in the same way.

0
4
0
repeated
[oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect
stubs exception handling for flags recovery

https://www.openwall.com/lists/oss-security/2025/07/01/1

(Potential impact is hypervisor DoS)
0
1
2
repeated

Chrome patched a sev:HIGH CVE with an ITW exploit.

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

0
3
0
repeated
Edited 15 hours ago

Unveiled at - Hexagon fuzzing unlocked

Hexagon is the architecture in Qualcomm basebands - they power most of the world's leading smartphones.

Until now, this baseband was out of reach.

We released the first open-source toolchain for system-mode Hexagon fuzzing, presented by Luca Glockow (@luglo), Rachna Shriwas, and Bruno Produit (@bruno) at @WEareTROOPERS

Full post: https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands

How we opened up mobile firmware in 3 steps:
1. Boot real iPhone basebands with a custom QEMU fork
2. Rust-powered fuzzer controls execution via JSON configs
3. Ghidra integration maps coverage across threads

This brings full visibility to Qualcomm’s 4G/5G/GPS stacks.

Reproducible. Extendable. Open source.

Hexagon’s no longer off-limits - mobile security just got a lot more transparent.


🔗 Try it yourself: https://github.com/srlabs/hexagon_fuzz
📚 Docs: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/reverse_engineering.md
🖥️ Slides from Troopers25: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/talk/hexagon_fuzz_troopers2025.pdf
🛠️ Issues, ideas, or contributions? PRs welcome.

1
8
0
@kpwn UUIDv4 can be based on CSPRNG, in that case it's just as secure as a sid with same number of (secure) random bits. Only problem is that random source can't be identified in a blackbox setting, but statistical methods can give a good estimation about its security.
0
0
2
repeated

💻 Have you read our recent publications?

ISPConfig Authenticated Remote Code Execution:
https://ssd-disclosure.com/ssd-advisory-ispconfig-authenticated-remote-code-execution/

Kerio Control Authentication Bypass and RCE:
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/

0
2
0
repeated

Today we celebrate having been part of OSS-fuzz for eight years. Imagine the amount of junk libcurl APIs have received in this time...

https://google.github.io/oss-fuzz/

0
4
0
repeated

If case there was any doubt, Fediverse account are prefered over X mirror bots. Considering how poorly reliable X bridges are, the amount of api restrictions and the lack of interop for boostings and replies, consider posting here if you are a casual visitor!

0
2
0
repeated
Edited yesterday

It has gone zero days since the latest slop

2
5
1
repeated

Wikipedia has a cheat sheet of well-known tells for identifying generated text. (With an appropriate warning not to over-index on minor ones as absolute proof) https://en.m.wikipedia.org/wiki/Wikipedia:WikiProject_AI_Cleanup/AI_catchphrases

5
13
0
repeated
repeated

Thanks for celebrating our anniversary with us, REcon! Enjoy the special release.

0
2
0
repeated
Edited yesterday
[RSS] Does anyone happen to know why certain profile names corrupt text elements in Tony Hawk's Pro Skater for N64?

https://banyaszvonat.github.io/breaking-videogames/2025/06/30/tony-hawks-pro-skatyr.html

#GameHacking #ReverseEngineering
0
2
2
New sudo LPE's just dropped:

Sudo Host Option Elevation of Privilege (CVE-2025-32462):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host

Sudo local privilege escalation via chroot option (CVE-2025-32463):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Linking oss-security too, because researcher advisories don't like to load for me:

https://www.openwall.com/lists/oss-security/2025/06/30/2

https://www.openwall.com/lists/oss-security/2025/06/30/3
1
17
11
Show older