Wrote a wrapper for Linux’s HID descriptor parser so I can fuzz it with libFuzzer: https://github.com/worthdoingbadly/hid-parser-harness

I’m still trying to figure out the USB uninitialized memory issue from that Amnesty International report, so I made it abort when it sees a 0xbe byte (ASan fills uninitialized malloc’d buffers with this).

#TeleMessage, that app used by the #Trump administration to archive Signal messages, has been #hacked. The #hacker managed to get some users' #Signal group chats and messages too. This is a hugely significant #breach not just for those individual customers, but also for the U.S. government more widely. #natsec #nationalsecurity https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/ #government #democracy #trump #hegseth

May the 5th Element be with you.

#MayThe5th #MultiPass

@siina wrong link sorry, this is the correct one: https://js.wiki/

@siina https://js.wiki/ (edited) is pretty nice for simple stuff.

Sorry, I have a nasty hangover...

Quick note: https://arm.jonpalmisc.com/ has been updated to the latest version of the Arm spec. Any changes should be strictly improvements, but let me know if something seems off.

👊

One of M&S’ biggest suppliers have said they have reverted to pen and paper for orders due to M&S lacking IT.

Additionally, M&S staff are raising concern about how they will be paid due to lack of IT systems.

M&S are over a week into a ransomware incident and still don’t have their online store working.

https://www.bbc.com/news/articles/cvgnyplvdv8o

#threatintel #ransomware

I know this is gatekeeping, but spammers who can't replace "%victim%" should just leave the industry.

Want to see something cursed?

It's the Linux kernel 4.19 building *natively* under Windows XP under Services for UNIX. The amount of effort to get this far was immense ...

EDIT: Follow the adventure at https://YouTube.com/c/NCommander

Sent from Utrecht, Netherlands on August 21, 1995. https://postcardware.net/?id=37-32

The latest WatchTowr post reminded me of this classic:

https://www.youtube.com/watch?v=jTfwpWj4eqA

Miss this band :(

#punk #music

CVE ID: CVE-2024-58136
Vendor: Yiiframework
Product: Yii
Date Added: 2025-05-02
Vulnerability: Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52 ; https://nvd.nist.gov/vuln/detail/CVE-2024-58136
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-58136

@trailofbits /cc @algernon

@G33KatWork I saw another little girl on the train almost jumping out of her mothers arms pointing out the window:
Girl: Look, look, look, look, look, ....
Mom: ???
Girl: *dramatic 10s pause* A TRACTOR!

Making Burp Suite snappy on Asahi Linux — https://dustri.org/b/making-burp-suite-snappy-on-asahi-linux.html

Good programming is 99% sweat and 1% coffee.

— anonymous

#programming

From iframes and file reads to full RCE. 🔥

We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.

👉 Read the full write-up here: https://neodyme.io/en/blog/html_renderer_to_rce/

Amateurs Solve [the Busy Beaver #5] Problem On Discord

https://www.youtube.com/watch?v=rmx3FBPzDuk

#ComputerScience #Mathematics #HaltingProblem