DDoS attacks almost always originate from hacked devices. The country/countries that the traffic originates from has never been an indicator of who's behind the attack. Musk's implication that Ukraine was responsible for the Twitter DDoS attack based on seeing some traffic originating from Ukrainian IPs is just dangerous speculation.

I've mapped botnet professionally for a decade, and all that looking at IP addresses locations tells you is the geographical distribution of compromised devices. When you plot this kind of data of chart, you typically just get a heat map of population density, slightly skewed by economic factors. Nations with larger populations tend to have more devices, but developing nations tend to have a higher percentage of older less secure devices, which are more likely to be hacked and recruited into botnets.

[RSS] CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk

https://www.netspi.com/blog/technical-blog/adversary-simulation/cve-2024-28989-weak-encryption-key-management-solar-winds-web-help-desk/qq

Still 38 hours left before the WOOT deadline. Who needs tier 1 confs with the inevitable complaints from reviewer 2 who just wishes the hackers would go away? Submit your papers full of fun hacks, chaos and hijinks to the bestest offensive security academic conference and get reviews from people who really appreciate it!

(also pls boost for reach, targeting academics on social media got a lot trickier in this fragmented world 😢)
https://infosec.exchange/@wootsecurity/114140304168415477

This is the fix commit for CVE-2025-24813, looks pretty straightforward:

https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c

Given Tomcat's downstream supply chain I'd be surprised if this didn't end up in KEV...

PoC vulnerable app for the Camel bug:

https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC

Code that may/may not exhibit the same kinds of problems:

https://github.com/search?q=import+org.apache.camel+RouteBuilder&type=code

#threatintel, #java

[oss-security] CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

https://seclists.org/oss-sec/2025/q1/197

"If all of the following were true, a malicious user was able to perform remote code execution:

- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)

- application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack"

This is so cool: The LibAFL_QEMU ASan implementation was ported to rust
https://github.com/AFLplusplus/LibAFL/pull/3023

#LibAFL #QEMU #ASan #Rust

The recording of our webinar is here! 🎬 https://youtu.be/mXr4wBRpp3U

Watch as we analyze and exploit a router vulnerability using Time Travel Analysis in esReverse.

#cybersecurity #reverseengineering #webinar

[RSS] Exploiting Neverwinter Nights

https://www.synacktiv.com/en/publications/exploiting-neverwinter-nights

@cR0w mandatory hymn: https://www.youtube.com/watch?v=9IG3zqvUqJY

@cR0w *build tool that allows an LLM to execute arbitrary code*

*LLM executes arbitrary code*

Authors: NO not like that!

Ecosia and Qwant join forces to develop European search index

https://betterweb.qwant.com/en/2024/11/08/ecosia-and-qwant-join-forces-to-develop-european-search-index/

#adtech

IMO the hallmark of a "senior" vuln researcher is not only their ability to discover/exploit vulnerabilities in difficult targets, but, critically, their ability to effectively *invest and allocate resources*. Knowing when to sink more time/effort into an attack surface or difficult bug, and when you need to stop and *move on* is one of the hardest questions as a researcher, and you only develop that instinct through experience and hard-learned lessons.

https://bird.makeup/@sha1lan/1898821710604063177

That is actually my main fear with learning thru CTFs. The sense of time and possibility is quite different. Almost like playing fast chess versus longer time chess games. It could be good practice but it very likely is detrimental if done too often.

https://bird.makeup/@mncoppola/1898866447587197135

X41 performed an audit of Hickory DNS which is an open source Rust based DNS client, server, and resolver. We were sponsored by the great folks at @ostifofficial and supported by @ProssimoISRG

Our full report can be downloaded here: https://x41-dsec.de/security/research/job/news/2025/03/10/hickory-review-2025/

@G33KatWork is Scooter a joke to you?

Simply smashing a device that you have physical access to is scored as CVSS 5.2 (Medium):

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

If anyone else ever needs this, here is a pin map of Renesas RL78/F13. Pads with ? are power supply, but there seems to be a bit too many of them, maybe for bonding options.

#electronics #reverseengineering

@kravietz By "controversional facts" you mean *lies*?

Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.

We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework.
https://github.com/seemoo-lab/internalblue

https://bird.makeup/@tarlogic/1897620731984273469