The #MADWeb '25 program is live!

We've got 9 full papers, 3 work-in-progress papers, and 2 exciting keynotes lined up. Huge thanks to all the authors and the program committee!

Check out the details and get ready for a great event! 🔥

🔗 https://madweb.work/#program

See you in San Diego!

#NDSSSymposium2025 #websecurity

This is a friendly reminder that anyone can contribute to the lovebyte.party!

It is a party about tiny intros, that is held online on the weekend of 15. - 16. Feb 2025.

#bytebeat #bytejam #textmode #petscii #sizecoding #ascii #ansi #teletext

Has anyone looked into the "Advanced Installers" (...ai.dll) distributed via Windows Updates? #ExploitWednesday

[RSS] Micropatches Released for Microsoft Outlook Remote Code Execution Vulnerability (CVE-2025-21357)

https://blog.0patch.com/2025/02/micropatches-released-for-microsoft.html

Thanks @bagder for providing the Firefox ca bundle publicly in an accessible way here: https://curl.se/docs/caextract.html

Extra kudos for the appropriate curl command-line to automatically download the latest version!

#curl

Just released #ghidriff v0.8.0 - Ghidra 11.3 Support + PyGhidra 🔥👀

This release uses the latest PyGhidra now officially supported by Ghidra 🤓💪

https://github.com/clearbluejar/ghidriff/releases/tag/v0.8.0

🔋 included!

Free advice for #UX designers:

The answer to the question "Should we show a survey/questionnaire to the user?" is always NO.

@recon any news about 2024 recordings?

Recon 2025 Have been Annonced! 20th year Anniversary https://recon.cx June 23-29.

@cR0w @screaminggoat I will never not like this meme!

Picard management tip: It's okay not to know things. Practice saying "I don't know." Go ahead. Say it.

Kennt ihr #wuppiefuzz ?

Ist ein coverage-guided REST-Fuzzer und Open-Source.

Bin heute darüber gestolpert und dacht das ist teilenswert.

https://github.com/TNO-S3/WuppieFuzz

#fuzzing

Our blog site is having a moment, and @TheDustinChilds is stuck on a plane in DFW, but nothing stops Patch Tuesday. There's 2 Microsoft bugs being exploited in the wild and some things we've never seen before. Read all the details at https://www.zerodayinitiative.com/blog/2025/2/11/the-february-2025-security-update-review

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

• CVE-2025-21418 (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
• CVE-2025-21391 (7.1 high) Microsoft Windows Storage Link Following Vulnerability
• CVE-2024-40890 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability
• CVE-2024-40891 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability

The Zyxel stuff is not new, but since the Microsoft zero-days are part of #PatchTuesday, I'm including them in this conversation.

#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve

Happy #PatchTuesday from Ivanti: February Security Update

• Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)
• N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)
• February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)

We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.

ivanti #ivantiCSA #neurons #connectsecure #cve #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs

• CVE-2025-21377 (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)
• CVE-2025-21194 (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
• CVE-2025-21418 (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)
• CVE-2025-21391 (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

Cisco Talos is grinding through NVIDIA nvJPEG2000, check out their vulnerability reports page for details:

https://talosintelligence.com/vulnerability_reports#disclosed

CVE-2024-0142, CVE-2024-0143, CVE-2024-0144, CVE-2024-0145

[RSS] Exploring a VPN Appliance: A Researcher's Journey [CVE-2024-46666, CVE-2024-46668]

https://www.akamai.com/blog/security-research/2025-february-fortinet-critical-vulnerabilities

"We%27ll go through the processes of getting the firmware, decrypting, setting up a debugger, and finally looking for vulnerabilities." -> Mad respect!

That's it, I unsubscribed Sonar because of their shitty RSS :P