[RSS] Advisory X41-2025-001: Multiple Vulnerabilities in OpenSlides

https://x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides/

How is that Sourcetrail development was not picked up by anyone?

https://github.com/CoatiSoftware/Sourcetrail

Useful piece. Solar panels are largely cloud managed, and now in The Netherlands alone create the same power as 50 of our nuclear power plants. If you switch this 25GW on/off remotely, the consequences could be huge. And we do not regulate these cloud platforms at all: https://www.dw.com/en/how-hackers-capture-your-solar-panels-and-cause-grid-havoc/a-71593448

It seems that our Veeam CVE-2025-23120 post is live.

I would never do this research without @SinSinology He insisted a lot, thx man. 😅

If you know CVE-2024-40711, this vuln can be patch-diffed and exploit armed in 5 minutes. Unfortunately, it's super simple at this point.

https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

[RSS] You can't simulate keyboard input with PostMessage, revisited

https://devblogs.microsoft.com/oldnewthing/20250319-00/?p=110979

Love the prank call example :D

Our first video from RE//verse 2025 is live! Part journey of personal discovery, part technical deep-dive, this presentation from Markus Gaasedelen was the highest rated in the feedback survey and is a must-see talk: https://youtu.be/hGlIkgmhZvc

My writeup for the KalmarCTF challenge "no sqli" is out, covering the exploitation of CVE-2024-6382, an integer overflow in the Rust's MongoDB library. A very interesting challenge, enjoy! :)

https://worty.fr/post/writeups/kalmarctf2025/

Robert De Niro on a Netflix show (Zero Day) mentioning the O.MG Cable! 😎

Shoutout to whoever did the text, you got the silent punctuation perfectly.

@mcc every Spring developer answering any question:

"you just add these 3 lines of code"

WHERE?!

Perfectly reasonable reaction 🤣

There’s been a lot written about the Walkman over the years, but no one has really focused on the first ten years to show how its early evolution took shape. Here’s a sneak peek of how the article is coming together. I can’t wait for you all to check it out in Issue 2! Download Issue 1 in PDF for FREE! https://www.patreon.com/posts/get-first-issue-123662381

@mcc there is an open issue about this for several years. Drives me crazy!

There have been great women in malware writing and the VX scene:

First and foremost: Gigabyte, she was a pioneer for many other women to get into VX. She was my best friend for many years, I owe so much of my VX years and introduction into cyber security because of her. She was always and inspiration and a huge reason why I encourage women to get into cyber. She went to jail for virus writing and never ratted any of us out. Also a very and capitol Fuck you Graham Cluely for being an asshole to a teenage girl and personally making sure she went to jail because you were offended by her viruses (she made fun of him after he said girls should not be writing viruses and should be doing girly things). She wrote a ton of HLL (high level language) viruses like Sharp, Parrot, Scrambler, And My favorite, Scooter (it was an inside joke for me and her). She recent got married and I wish her nothing but the best in life.

There was Nex: she was a virus author originally from Arizona who specialized in macro viruses, she wrote one of the first viruses to bypass office 97 SP1 which was made to protect against macro viruses. She got in a car accident and was hit by a police officer with no lights and no siren on and lost her ability to walk. After she sued the hell out of the police department she got out of VXing. She's currently living back in Arizona and no longer in the scene.

VxFaerie was another women in VX who was well respected. She wrote one of the first python infectors ever. She was very nice and was always kind to people in the scene.

And we have modern day women who are studying viruses and should be respected just as much as the old VXers like @nikaroxanne - she is doing legit work that would have made heralded in the scene.

Women in VX was always a thing, a few others I know never revealed they were women because of how they were feared they would be treated. If they are still around, I hope they see this and know their work was equal. Most of the VX scene never cared at all about this, we only cared that you put up or shut up. And put the fuck up they did. #respect

https://bird.makeup/@vxunderground/1902193800291709357

@Hetti the Schrödinger-Moseley-heisenBerg protocol

@b0rk That sounds like a *very* good reason to get into the nitty-gritty details to me!

@b0rk @rk I guess this is why abstractions are useful? Most programmers never need to learn about microarch internals, etc. Maybe the important part is to know is that "we have a magic box" instead of "this specific but factually incorrect wiring" between components we currently care about?

@cR0w That was my first thought too but the stuff on the table is not typical camping equipment and why do they clean half side if they just play/air?

Anyway, not my business, hope they have a good time :)

@cR0w Thank you! I think I'll just watch Under Siege for the 43. time tonight...