Made a proof-of-concept for CVE-2024-53104 (the USB webcam overflow). Causes a kernel oops for a read of 0x0041414141414141:

https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py https://gist.github.com/zhuowei/e489b14c3fdb807cb964d105521fb354

I followed Amnesty International’s analysis from https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/ and made an emulated USB device with raw-gadget and Facedancer. It worked on the first try, at least in my virtual machine/virtual USB port…

Learning Linux Kernel Modules Using COM Binary Support

https://hackaday.com/2025/04/13/learning-linux-kernel-modules-using-com-binary-support/

🚨 Calling all Chromium developers and fans! 🚨

Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.

Contribute to repos like chromium, v8, Skia, and more!
🖥️ Payment via GitHub Sponsors.

Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md

#Chromium #BugBounty #OpenSource #DeveloperCommunity

Why 40,000 People Die for Every 1% Increase in Unemployment - The Big Short

https://www.youtube.com/watch?v=_XgU6ZT1QDk

Companies are refusing to hire or even laying off plumbers because hucksters backed by massive unicorn-chasing investment money told them they can build plumbing faster and cheaper out of cardboard.

A few years from now, there’s going to be a hell of a market for people who can replace cardboard toilets with real ones.

And also for people who can replace carpets. And walls and floors.

This is a post about LLM-generated code.

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 004f2a10

tls_post_process_client_hello

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=light

We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab in partnership with @ostifofficial and commissioned by the @sovtechfund.

Learn more: https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/

DECORE posted some ADCS magic but I couldn’t yet figure out how to switch language o.O

https://devco.re/blog/2025/04/10/taking-over-the-entire-domain-in-minutes-what-have-you-overlooked-in-active-directory/

Edit: This doesn’t seem like anything Earth-shattering, but a nice summary of state of ADCS security (spoiler: it is bad)

TIL PHP OpCache has a Lua interpreter embedded o.O

https://github.com/php/php-src/blob/master/ext/opcache/jit/ir/dynasm/minilua.c

After installing April's updates, Windows 10 and 11 systems now have an empty C:\inetpub directory.

This seems... unexpected?

🚨 New advisory was just published! 🚨

A critical Remote Code Execution (RCE) vulnerability has been discovered in Calix. This vulnerability arises due to improper sanitation of user input in a CWMP (CPE WAN Management Protocol) service. Exploiting this flaw allows an attacker to execute arbitrary system commands with root privileges, leading to full system compromise: https://ssd-disclosure.com/ssd-advisory-calix-pre-auth-rce/

I just published a post on my blog about the IBM i 7.6 announcement - enjoy!

https://www.ibmi4ever.com/posts/20250409-ibmi-76-has-been-announced/

#IBMi #ACS

Static Analysis via Lifted PHP (Zend) Bytecode | Eptalights https://eptalights.com/blog/04-php-support