Cool stuff for sale on Ebay! "1216428-301 Lockheed Martin Target ECM Combiner Circuit Card Assembly"

https://www.ebay.com/itm/203918329141

I take it that there are no rules for being a CVE CNA?
Synology is a CNA.
They published a security advisory.
No CVE to be found.

@kagihq @mellow I also switched recently and was curious how kids passwords will be handled. I think the parent e-mail OTP is a great balance between security and usability, it seems you did think this through 👌

@Some_Emo_Chick Wait, I literally heard this argument yesterday but sampled in an old EDM track o.O Will try to dig it up from history...

“There is significant public interest in knowing when and on what basis the UK government believes that it can compel a private company to undermine the privacy and security of its customers.”

ORG, Big Brother Watch and Index on Censorship call for the Tribunal into the UK government's secret order for Apple to break encryption to be held in public.

The case happens TOMORROW.

Read more ⬇️

https://techcrunch.com/2025/03/13/apples-appeal-against-uks-secret-icloud-backdoor-order-must-be-held-in-public-rights-groups-urge/

#encryption #e2ee #privacy #security #ukpolitics #ukpol #cybersecurity #apple

Representing type lattices compactly

https://bernsteinbear.com/blog/lattice-bitset/

"The Cinder JIT compiler does some cool stuff with how they represent types so I’m going to share it with you here. "

("Cinder is Meta's internal performance-oriented production version of CPython.")

/via exploits.club

Swedish Pirate Bay backer Carl Lundström dies in Slovenia plane crash

https://www.euronews.com/2025/03/12/swedish-pirate-bay-backer-carl-lundstrom-dies-in-slovenia-plane-crash

@wdormann On a more serious note setting a hard deadline for publication can do wonders to the pipeline IME.

@wdormann Just repost your original report to FD, if MSRC can't repro without a video I'm sure bad guys can get no value from it either.

"Don't make vulnerability reporters angry" is not high on anybody's list, it seems.

We value your opinion! Please respond to our:

“CVE Data Usage and Satisfaction Survey”
https://forms.office.com/g/hx168RPctg

The CVE Program is requesting feedback from:
* CVE consumers
* Defenders

#cve #vulnerability #vulnerabilitymanagement #cybersecurity

This weekend, talking to a guy who does IT at a Dutch bank.

Me: So everything runs on Azure or AWS these days?

He: Yes

Me: So they can see all the data.

He: No it's on separate servers, on EU soil. That was a thing before we decided to go ahead with this.

Me: So... They can see all the data.

He: No it's encrypted and threw some acronyms at me.

Me: So, you download the data, decrypt it, and work on it?

He: No that's done on the servers.

Me: So... They can see all the data.

Neat :)

Alexei Bulazel Rejoins National Security Council in Senior Cyber Role

https://www.hstoday.us/industry/people-on-the-move/alexei-bulazel-rejoins-national-security-council-in-senior-cyber-role/

Hey, this guy actually knows how stuff works!

https://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf
https://www.recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Reverse-Engineering-Windows-Defender-s-JavaScript-Engine.pdf

CVE-2025-27363: out of bounds write in FreeType <= 2.13.0

https://seclists.org/oss-sec/2025/q1/206

"This vulnerability may have been exploited in the wild."

"This commit fixes most of the issue - except `limit` is still signed short":

https://github.com/mozilla/gecko-dev/commit/026f6a947085020cd189dd9af3da00be433a44f8

the absolute state of infosec vulnerability marketing these days

on further analysis by folks who actually understand the tech it turns out the claimed backdoor isn't a backdoor at all, it isn't even really a security issue, and has been framed in a way that is both disingenuously overhyped and also pretty racist

bravo, folks, really advancing the field

[RSS] Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

In Memoriam: Mark Klein, AT&T Whistleblower Who Revealed NSA Mass Spying | Electronic Frontier Foundation
https://www.eff.org/deeplinks/2025/03/memoriam-mark-klein-att-whistleblower-about-nsa-mass-spying

#fromBsky

This is something that was occupying my time for some time already and I'm super happy that this research is finally released.

I believe this to be only a second reporting on malware targeting Juniper devices. Following Lumen Technologies blog from last month (but this one related to a different actor and different malware).

This blogs dives into specifics of Veriexec bypass vulnerability used by UNC3886, and details of 6 different backdoors found on Juniper MX devices.

UNC3886 is a very interesting actor that does not shy away from targeting less commonly known technologies like routers, edge devices or hypervisors.

More details here: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers