Rejoice! 🎉

My idalib-based vulnerability research tools are now fully compatible with Windows 🪟

Please test them and report any bugs 🪲

https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust/

(PS. Ya like my GPT writing style? 🚀)

Project: golang/go https://github.com/golang/go
File: src/cmd/compile/internal/abt/avlint32.go:175 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/compile/internal/abt/avlint32.go#L175

func (t *T) Intersection(u *T, f func(x, y interface{}) interface{}) *T

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fabt%2Favlint32.go%23L175&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcompile%2Finternal%2Fabt%2Favlint32.go%23L175&colors=light

she is all of us

canonical mode

https://wizardzines.com/comics/canonical-mode/

"But Ryan, the C preprocessor isn't a programming language!"

Skill issue.

The official website of zero-day broker Zerodium has been updated in December of last year. There are no price lists nor any information anymore, just an email and a PGP public key.

🤔

If you know what's happening there...let me know.

https://zerodium.com

@cR0w something something Steven Segal?

New Project Zero issue:

msm_npu: Race between npu_host_unload_network and npu_host_exec_network_v2 leads to memory corruption

https://project-zero.issues.chromium.org/issues/380081941

CVE-2025-21424

[oss-security] [kubernetes] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

https://seclists.org/oss-sec/2025/q1/234

"The order in which objects are deleted
during namespace termination is not defined, and it is possible for network
policies to be deleted before the pods that they protect." whoops :)

@nbourdais @cR0w @greynoise It'd be actually interesting to see the distribution of HTTP response codes if that data is collected, because it is a straightforward signal for one of the requirements (read-only=false).

@mcc @oblomov This sounds fun, you should get some VC funding!

@cR0w @greynoise "GreyNoise observed exploitation attempts as early as March 11" -> Please note that PoC was publicly available since that way:

https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html

Also note that even with HTTP response data it's not straightforward to conclude that:
- file based session management was configured
- there were useful gadget chains available

@oblomov @mcc VibeLang? As in execution order depends on how the interpreter feels and all errors are handled somehow just to keep the thing going :)

Up-to-date fork of Sourcetrail:

https://github.com/petermost/Sourcetrail

h/t @brk

@brk Nice, I'll keep an eye on that!

#CunninghamsLaw

For those just learning about LibGen because of the reporting on Meta and other companies training LLMs on pirated books, I’d highly recommend the book Shadow Libraries (open access: https://direct.mit.edu/books/oa-edited-volume/3600/Shadow-LibrariesAccess-to-Knowledge-in-Global).

I just read it while working on the Wikipedia article about shadow libraries, and it’s a fascinating history. https://en.wikipedia.org/wiki/Shadow_library

I fear the already fraught conversations about shadow libraries will take a turn for the worse now that it’s overlapping with the incredibly fraught conversations about AI training.

#AI #LibGen #OpenAccess

[RSS] What could cause a memory corruption bug to disappear in safe mode?

https://devblogs.microsoft.com/oldnewthing/20250320-00/?p=110981

@ghosttie @mcc I guess you are right. On the grand scale of things the Universe won't be bothered by my pathetic compile errors :,(

The Trump family has reportedly had conversations about acquiring a stake in Binance — as Binance founder and former CEO Changpeng Zhao is reportedly seeking a pardon from the president.

#crypto #cryptocurrency #USpolitics #USpol

Let's also talk about our failures!

We tried to make a consortium for a cool EU-funded project about malware analysis, but didn't manage to do it in time. 🫤

We'll try again! If you're an SME owned and controlled in the EU, feel free to get in touch 💪

https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-eccc-2024-deploy-cyber-07-keytech