Here’s the #Ghidriff output for CLFS.sys 10.0.20348.3328 vs. 10.0.20348.3453, likely corresponding to the CVE-2025-29824 use-after-free LPE:

https://gist.github.com/v-p-b/8c43fb8e0d72814dcd03764d478622ce

[RSS] The SQL Server Crypto Detour

https://posts.specterops.io/the-sql-server-crypto-detour-5ff9ac7033de?source=rss----f05f8696e3cc---4

[RSS] The April 2025 Security Update Review

https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review

[RSS] A small bug in the signature verification of AOSP OTA packages

http://blog.quarkslab.com/aosp_ota_signature_bug.html

[RSS] Enter the IBM z17 mainframe with Telum II (more clues for Power11?)

https://www.talospace.com/2025/04/enter-ibm-z17-mainframe-with-telum-ii.html

Announce: OpenSSH 10.0 released

https://www.openwall.com/lists/oss-security/2025/04/09/1

Oh is it time for another Fortinet crit again? Unauthenticated admin password change in FortiSwitch.

CVE-2024-48887, CVSSv3 9.3

https://fortiguard.fortinet.com/psirt/FG-IR-24-435

#CVE #ThreatIntel

@rickoooooo @GossiTheDog @sadarex Thanks, this is a great resource: I think the main point here is that it was the Secretary of Defense, and two USIP board members who "fired" Moose (see the linked letter on X). Whether they had the authority to do that is disputed, but nobody even claims DOGE has any authority in this case, they just showed up like flies around a carcass.

Amazingly, DOGE seems to be a meme: their power is that people assume they have power (note that the top article doesn't even mention DOGE).

@FreeinTX @GossiTheDog @sadarex My question is if DOGE in particular in charge of any budget that is supposed to finance CISA?

“Seniors also recognize that understanding problems isn’t just coming up with an algorithm. It’s understanding who wants the problem solved, why they want it solved, who’s paying for the problem to be solved, what parts of the problem have already been solved, what different kinds of solutions are possible, whether those solutions can be scaled or extended—and much more.”

https://www.oreilly.com/radar/seniors-and-juniors/

Weaponizing DCOM for NTLM Authentication Coercions https://github.com/xforcered/RemoteMonologue

@orhun @ratatui_rs boosting for the name!

Debugging in the terminal isn't difficult anymore 🔥

🛠️ Meet **heretek** — A gdb TUI dashboard

🐛 Supports viewing stack, registers, instructions, hexdump & more!

🚀 Works with remote targets seamlessly (no gdbserver!)

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/wcampbell0x2a/heretek

#rustlang #ratatui #tui #gdb #debugging #terminal #linux #commandline

Wisdom of the Pentium-M Man

#unix_surrealism #comic #penguin #ai #technomage

@sadarex @GossiTheDog They can act like if they had authority it shouldn't matter. If I get an email from a stranger telling me I'm fired/I should fire people I ignore it. If thousands of people are laid off because a boogeyman the problem goes deeper than some small agency.

Shopware Unfixed SQL Injection in Security Plugin 6 https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/

@GossiTheDog @sadarex I get that, thanks. What is unclear to me is what *authority* DOGE specifically has in the process aside of writing e-mails.

@FreeinTX @GossiTheDog @sadarex So congress started to allocate DHS money to an agency that exists since Jan to go crazy with it?

@sadarex @GossiTheDog Who is firing them? Is it DOGE? Can they do that?

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness!
🆕 Built-in GraphiQL & #GraphQL Voyager visualization regardless of the target
🆕Circular references detector
🆕Improved batch queries screen
🚀 SPEED!
#doyensec #appsec

https://github.com/doyensec/inql/releases/tag/v6.0.0