A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

#XiaofengWang Xiaofeng Wang

https://arstechnica.com/security/2025/03/computer-scientist-goes-silent-after-fbi-raid-and-purging-from-university-website/

Sufficient time has passed and I'm excited to share a demo and details of a CSRF vulnerability that I discovered in the popular gorilla/csrf library that has been present since its creation 😲 https://patrickod.com/csrf

🚨 LibAFL 0.15.2 🚨

• Rust 2024 edition
• LibAFL_Unicorn
• Use LibAFL rand types for other crates
• Allow logging to StatsD
• LibAFL_QEMU updates like binary-only ASan in Rust 🦀🦀🦀, inputs via StdIn, better snapshots

And so much more:

https://github.com/AFLplusplus/LibAFL/releases/tag/0.15.2

#LibAFL #Fuzzing #AFLplusplus

HexShare - Share binaries with byte highlighting

https://hex.pov.sh/

@kagihq 403...

31 March 2016 | Imre Kertész (b. 1929), Hungarian Jewish writer & Holocaust Survivor died. His works - including Fateless - draw repeatedly on his experience at #Auschwitz. Kertész won the 2002 Nobel Prize for Literature. https://nobelprize.org/prizes/literature/2002/kertesz/biographical/

Local Privilege Escalation via Unquoted Search Path in Plantronics Hub https://www.8com.de/cyber-security-blog/local-privilege-escalation-via-unquoted-search-path-in-plantronics-hub

Re: The Oracle Thing™ this quote from @dangoodin's story seems significant.

On Friday, when I asked Oracle for comment, a spokesperson asked if they could provide a statement that couldn’t be attributed to Oracle in any way. After I declined, the spokesperson said Oracle would have no comment.

https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/

In today's episode of drama in the CVE ecosystem:

The Canonical CNA created CVE-2025-0927 and an associated advisory for a heap overflow in HFS+ in the Linux kernel.

The Linux kernel CNA stripped out the information (like the reporter of Attila Szász, useful references, etc) from the CVE entry and added the passive-aggressive:

The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue. [sic]

Also TIL: If you look only at the assignerShortName in a cvelistV5 CVE entry, you might not get the whole picture of whose CVE it technically is. While the Linux kernel rewrote history to claim that they assigned the CVE, that was only done via the cna container's ProviderMetadata shortName value. The top-level [assignerShortName](https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/0xxx/CVE-2025-0927.json#L7) for the entry still shows canonical.

Good times...

@cR0w IA is our friend I guess?

@cR0w How could we forget the coolest name in the biz?

There’s now been a data breach at Oracle Health, which is separate to the ongoing security issue at Oracle Cloud.

Oracle have not commented publicly on the breach, instead telling people to only talk to their CISO by phone, not in writing. They’ve sent out letters without Oracle letterheads, using external lawyers instead.

The behaviour going on at Oracle with cybersecurity is extremely alarming.

https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/

In light of recent events, let me re-share a classic:

Mary Ann Davidson - No, You Really Can’t

https://web.archive.org/web/20150811052336/https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t

#Oracle

The wordplay here is Oracle Cloud.

Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident.

They’re denying it on “Oracle Cloud” by using this scope - but it’s their cloud service.

🌪️ We are excited to announce our second keynote speaker!

Join Phuong Nguyen for his thought-provoking session in Seoul on May 29-30! 🔗 typhooncon.com/agenda

#LLM

@joxean I don't have a tested answer, but I think the solution will be around Memory.getAddressSourceInfo():

https://ghidra.re/ghidra_docs/api/ghidra/program/model/mem/Memory.html#getAddressSourceInfo(ghidra.program.model.address.Address)

What is unclear to me is how the resulting AddressSourceInfo objects are created as Loaders (plugins that map file contents to Memory Blocks for Ghidra) don't necessarily provide source information when creating a mapping (see e.g. the createUninitializedBlock() method).

Edit: You can get the Memory object from currentProgram.getMemory()

This is a first: https://lore.kernel.org/linux-cve-announce/2025033057-CVE-2025-0927-1436@gregkh/T/#u I guess someone finally told them about the 72 hour deadline.

[RSS] Writing a Pascal script emulator

https://blag.nullteilerfrei.de/2025/03/30/complete-first-correct-later-writing-a-pascal-script-emulator/

[RSS] The Curious Case of CVE-2015-2551 & CVE-2019-9081 - Doom and Gloom! Or not.

https://jericho.blog/2025/03/30/the-curious-case-of-cve-2015-2551-cve-2019-9081-doom-and-gloom-or-not/

My guess here is both CVE's were for deserialization gadget chains (one in JRE, the other in Laravel) which can't be trivially categorized as vulnerabilities (classes do what they are supposed to, only dev decided to YOLO unrelated parts of their code).