[RSS] Picking Apart IBM's $150 Billion In US Manufacturing And R&D

https://www.itjungle.com/2025/05/21/picking-apart-ibms-150-billion-in-us-manufacturing-and-rd/

🚨 *Attention!* We were made aware of a fake “KeePassXC Password Manager Pro” repository on GitHub that links to unverified external binary downloads.
- There is NO Pro version of KeePassXC!
- You get all the “Pro” features with the regular version.
Please download KeePassXC only from trusted distribution channels linked on https://keepassxc.org/ !

As Google integrates AI to deliver information directly in search results, the incentive to create or maintain websites — including news platforms — is fading. With instant answers, people won’t need to click through. The web will shrink to a few walled garden platforms.

So, Google just launched a major new AI demo that requires people to relax their browser security settings. Wow.

I don't want to "talk" to my browser. I don't want my browser to "summarize" things. I don't want my browser to "help" me with things. I don't want my browser to do anything except show me web pages and shut the fuck up and get out of the way.

The RE//verse YouTube channel is packed with talks from RE//verse 2025! Catch Takahiro’s deep dive into UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior here: https://youtu.be/pMZqvv_tKDs?feature=shared and be sure to subscribe so you don’t miss more like this!

VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717

@kimzetter Thank you! So DOGE still doesn't have the authority but lower-ranking staff basically obey their requests that don't align with cabinet secretaries or agency heads? Why don't they just go full-on Cheryll on these requests?

@kimzetter I didn't say you said that. The article have this line though:

"As federal agencies, *under the direction of DOGE*, continue to fire thousands of workers"

Also I read phrases like:
- "driven out"
- "pushed out"
- "sidelined" (in the Politico article)

I'm curious how this all looks in practice, incl. what formal authority DOGE has (e.g. can they formally direct agencies to do things?). Based on previous discussions my current understanding is that DOGE has no formal power, while people with actual power (e.g. management in agencies) make dumb decisions because DOGE looked them the wrong way.

I hope I am wrong. Based on the general quality of your reporting I hope you could explain the situation better or point me to some good resource.

@kimzetter could you EIL5 (or give link(s)) what DOGE specifically does to get ppl fired? AFAICT they can't make HR decisions on Pentagons behalf, right?

Small change to HTML with massive impact on eliminating mXSS attacks

https://github.com/whatwg/html/commit/e21bd3b4a94bfdbc23d863128e0b207be9821a0f

...and now the video of my talk "Finding and Exploiting 20-year-old bugs in Web Browsers" is live too https://www.youtube.com/watch?v=U1kc7fcF5Ao

🚨 New advisory was just published! 🚨

Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product: https://ssd-disclosure.com/ssd-advisory-multiple-foscam-x5-vulnerabilities/

Wow, this was fast! #OffensiveCon25 videos are up!

https://www.youtube.com/watch?v=goEb7eKj660&list=PLYvhPWR_XYJk0p40BrX7K2z-_j_tJmvhc

We found a vulnerability in AMD CPUs that lets us load arbitrary microcode!
The recording of our OffensiveCon presentation is live at https://youtu.be/sUFDKTaCQEk
Slides at http://entrysign.top

[RSS] Telegram Gave Authorities Data on More than 20,000 Users

https://www.404media.co/telegram-gave-authorities-data-on-more-than-20-000-users/

[RSS] Remembering The ISP That David Bowie Ran For Eight Years

https://hackaday.com/2025/05/19/remembering-the-isp-that-david-bowie-ran-for-eight-years/

Discovery: The "copilot" bot user that Microsoft will soon be flooding your github repos with garbage content from is implemented in some sort of special way that exempts it from the "block" feature you would normally be able to block other users/bots with

https://github.com/orgs/community/discussions/159749

#EU reaction as Orbán is about to kill independent press and civil society in #Hungary

https://youtu.be/UIPSvIz9NDs?si=Sbe2wHqsHkqPtjm6&t=40

Microsoft takes Windows Subsystem for Linux open source after nearly a decade
WSL has also recently added official support for both Fedora and Arch distros.
https://arstechnica.com/gadgets/2025/05/microsoft-takes-windows-subsystem-for-linux-open-source-after-nearly-a-decade/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social