The Meta Bug. The story of a bug that affects itself by preventing its own resolution.

https://obdev.at/blog/the-meta-bug

This was a really fun vulnerability to have the pleasure to consult on:

https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

It turns out AES-CMAC is not second preimage resistant if you know the key (double so if the key is in an RFC), and 2048 bit numbers are quite often very easy to factor.

The US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.

https://www.bleepingcomputer.com/news/security/us-charges-chinese-hackers-linked-to-critical-infrastructure-breaches/

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

New assessment for topic: CVE-2025-0282

Topic description: "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. ..."

"Microsoft released a report observing a state-sponsored actor called Silk Typhoon abusing this vulnerability, hence we added a the tag to reflect this ..."

Link: https://attackerkb.com/assessments/8dd72440-c8b5-41bb-a6c4-2396ca7e2f02

Criminalizing student protests? Suppression of academic freedom? We had all these in the Philippines years ago.

Professors and student protestors were "red tagged" as communists. Soldiers confiscated books from libraries they called subversive. Vandalism of libraries.

🧵

I look forward to Cellebrite's LLM being called as a witness during a trial.

https://www.404media.co/cellebrite-is-using-ai-to-summarize-chat-logs-and-audio-from-seized-mobile-phones/

@TarkabarkaHolgy I don't think this is gender-specific. My understanding is that vendors were not properly educated about units of measurement and write numbers on cloths to comply with regulations, but still use the limb sizes of anyone who happens to work on a piece to actually measure stuff.

@singe I also wonder - considering the lack of information about the target system and its non-deterministic nature - at what point turns "engineering" into "messing around based on gut feeling"

‘The political press may not understand what’s happening (or may be too afraid to say it out loud), but those of us who’ve spent decades studying how technology and power interact? We see it and we can’t look away.
So, here’s the bottom line: when WaPo’s opinion pages are being gutted and tech CEOs are seeking pre-approval from authoritarians, the line between “tech coverage” and “saving democracy” has basically disappeared. It’s all the same thing.’
https://www.techdirt.com/2025/03/04/why-techdirt-is-now-a-democracy-blog-whether-we-like-it-or-not/

[RSS] New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails

https://www.elttam.com/blog/rails-sqlite-gadget-rce/

[RSS] Case Study: Traditional CVSS scoring missed this actively exploited vulnerability (CVE-2024-50302)

https://old.reddit.com/r/netsec/comments/1j3tvof/case_study_traditional_cvss_scoring_missed_this/

I've written a blog post on analysing and getting RCE on some of the bugs in the AIxCC Nginx challenge: https://roundofthree.github.io/posts/nginx-aixcc-pwn/

Any Apple engineer feel like debugging some hypervisor-related macOS kernel panic?

(Looks like failure by the guest to properly flush TLB panics the host, and seems easiest to repro on M2 Max?)

https://github.com/utmapp/UTM/issues/6919#issuecomment-2565338603

was not expecting to be writing a vulnerability report for Command & Conquer Generals: Zero Hour today but here we are

https://github.com/TheSuperHackers/GeneralsGameCode/issues/272

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00734fe0

ossl_cms_EncryptedContent_init_bio

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00734fe0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00734fe0.json&colors=light

Alice and Bob

3 different VMware zero days, under active exploitation by ransomware groups

CVE-2025-22224, CVE-2025-22225, CVE-2025-22226

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation
VMware Telco Cloud Platform

(Exploitation actually ESXi)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

@Viss Yes. Recommended: https://www.amazon.com/Straight-Hell-Deviance-Debauchery-Billion-Dollar/dp/0802123309

@Viss Accidentally, one of my favorite trading stories also involves City - those guys know how to party!

"Perkins’s drunken trade was so large, it represented 69% of the global volume at that time."

https://en.rattibha.com/thread/1570789617154260993