[RSS] PostgreSQL: Privilege Escalation Vulnerability via pg_cron

https://github.com/google/security-research/security/advisories/GHSA-j8p5-79jf-g575

I got badly nerd sniped by Qualys:

Dreams in #CodeQL - Quest for the Perfect GOTO

https://scrapco.de/blog/dreams-in-codeql-quest-for-the-perfect-goto.html

A team of archivists have recreated the CDC (Centers for Disease Control and Prevention) website from just before it was purged by US President Donald Trump, hosting it in Europe!

https://restoredcdc.org/www.cdc.gov/

#uspol #health #healthcare #cdnpoli #abpoli

Ahh ... the good old days when one use Telix with these modems. :D https://hackaday.com/2025/03/06/why-56k-modems-relied-on-digital-phone-lines-you-didnt-know-we-had/

CRTs are particle accelerators built for videogames. I need you to understand this!!!

#retrogaming

Solid comments from @rgb_lights' testimony 🔥

@TarkabarkaHolgy A related classic: https://www.youtube.com/watch?v=sBffNiUOeiA

The BlackHat call for papers is now open and we'd love to have your submission 😍 I am leading the Reverse Engineering track, and would be extra pleased to see your work at this year's con! If you have questions or would like a pre-review, let me know!
https://www.blackhat.com/call-for-papers.html

New Project Zero issue:

Firefox: use-after-free in txMozillaXSLTProcessor

https://project-zero.issues.chromium.org/issues/383558273

CVE-2025-1009

@revng Did you get your approval? I can't seem to find the channel, could you please post the link?

🗞️ We just resumed sending out our newsletter!

You'll get some YouTube content and other big news to come.

Register! https://rev.ng/newsletter-subscribe

🔴 New video: "Deobfuscation with rev.ng"

Check it out: https://www.youtube.com/watch?v=oBfxa9xv24A

God how I hate CSS

Being an exploit dev in 2025 allows you to write JavaScript professionally without having to use React, Node.js, or any library at all, really—there’s something beautiful about that

New Project Zero issue:

Android: SPF in AOSP 5.10/5.15 kernels can create dangling TLB entries by misdirecting TLB flushes on race with mremap() [and other miscellaneous issues in SPF]

https://project-zero.issues.chromium.org/issues/377569381

CVE-2025-0088

New Project Zero issue:

cvp: Incorrect bailout unwinding leads to UAF dangling list entry

https://project-zero.issues.chromium.org/issues/389724938

CVE-2024-38411

[RSS] Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218)

https://slcyber.io/blog/sitecore-unsafe-deserialization-again-cve-2025-27218/

Let me give you another peek into the everyday work of the #curl security team. A reported UAF we deem not a security problem:

https://hackerone.com/reports/3022041

When a newcomer shows up at a maker meetup, some come in with the attitude "I have this idea but I don't know how to build it to see if it's real" This is good! We're happy to introduce them to the resources they need and help as they learn.

But more frequently people come in with "I have this great idea, I JUST need somebody to build it for me." When we offered the same kind of help, it is rejected. "No I don't care about that, that's your job. I'm the ideas guy."

What did they think happens at a maker meetup? Did they think we were all sitting around idle and helpless "I wish somebody would walk in with an idea"?

Ha!

Everybody else here have their own list of project ideas to-do list. Longer than we'd ever get to finishing. Look at the table in front of you, full of stuff we've brought for show-and-tell. None of us needed "an ideas guy" that thinks execution is beneath them.

If I'm in a good mood, I would try to encourage them to further develop their idea while being firm I am absolutely not signing up to build it for them.

If I'm not in a good mood...

À propos of nothing, here's the inlay design of a _word processor_ app for the ZX Spectrum.

I never had a ZX Spectrum and don't have a need for an 8-bit word processor at the moment, but this design — as they say — goes hard.

Notice the word "PUNISHMENT" that's included in the design — for seemingly no reason at all.

I yearn for the alternate reality in which COMPACT OFFICE is what we use instead of boring MS Word and Google Docs.

#retrocomputing