@virtualabs Nice, thank you!

[RSS] Micropatches Released for Microsoft Management Console Security Feature Bypass Vulnerability (CVE-2025-26633)

https://blog.0patch.com/2025/05/micropatches-released-for-microsoft.html

@alios @troed I think static site generators are overkill for my use-case: I don't want to edit config files or maintain a Git repo. The optimal solution would be a command line utility that takes a style name and one .md file and outputs one HTML file, simple as that.

@singe Pandoc would be great but I'm yet to find a project that provides nice styles *and* documents how to use them with Pandoc.

I need a tool that can generate self-contained HTML pages from #Markdown with different styles.

markdown-styles looks really close, but I wonder if there are alternatives (preferably not requiring NodeJS):

https://github.com/mixu/markdown-styles

V now supports 3 more architectures:

- loongarch64
- riscv32
- s390x (IBM Z)

@b0rk Not exactly, but a privileged binary can take it granted that `ls` always executes `/bin/ls`, but runs an attacker provided executable instead (very stupid, but real example). Now this usually happens without switching a "PATH provider", but my gut feeling is that having "one central place" for PATH processing would've prevented at least some of these issues.

@b0rk I think exploits passing e.g. PATH=. instead of the expected system value (e.g. via misconfigured sudo) can be called a "problem" :)

I always find it a bit surprising that "looking up executables in PATH" isn't implemented in one central place (there are at least 3 implementations that I use regularly: in libc, my shell, in Go, and probably more that I don't know about)

it's a weird thing because there are actually many different implementations, but I think in general the implementations act similarly enough that you can pretend there's only 1 implementation, I've never actually run into a problem caused by this

CatSynth Pic: CoCo with massive modular 😻🎛 https://catsynth.com/2025/05/coco-with-massive-modular/ #CatsOfMastodon #eurorack #modular

Check it out. I just published TeleMessage Explorer: a new open source research tool https://micahflee.com/telemessage-explorer-a-new-open-source-research-tool/

"Much of the essence of building a program is in fact the debugging of the specification." — Fred Brooks

@virtualabs I have no clue but GH discussions are regularly answered by devs, usually worth to ask there too.

Hey fedi, if someone knows how to correctly define parallelized instructions in Ghidra's SLEIGH, well, I'm more than interested !

Or if you are aware of any decent documentation on how to define parallelized instructions in SLEIGH and want to share some pointers, that would be awesome too 😊

#reverse #ghidra

Types of codebases my customers send me:

- Enterprise javabean factory factory... on a SIM card

- C# programmer retasked to write an authenticated bootloader in C for an arm platform with no training

- Beautiful well-written, easy-to-read C by an experienced systems programmer, with one mind-blowing 100-out-of-100-risk-severity bug buried in miscutils.c

- There is a hermit monk in a cave in Czechia. Once every three years, he emerges with a new revision of the codebase. It is horrifying spaghetti logic that repulses the human soul, but no matter how long and how hard you look, you can't actually find anything wrong with it

OK, this is crazy. I (think) I have finally found a clue as to what is causing the web server to slowly choke on too many open connections.

This thread from 2001 (!!!) explains the problem, AND IT IS STILL HAPPENING 24 years later. #FreeBSD

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=25986

I'm rebuilding the #DEFCON server with the patch from 2013 (!!) to see if it helps.

Germany’s largest telecommunication provider Deutsche Telekom is owned by Chinese hackers. And its managed IT service subsidiaries are too. No media reporting on it yet. Deutsche Telekom (addicted to cheap Huawei equipment) chose not to go public. Wake up! https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability

CVE-2025-0927 details here!

https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

@saagar OMG this [on combating footguns]. It's why I wrote this -- to provide an alternative to the footgun (well, really more of a foot-sledgehammer that people keep hitting themselves with harder and harder) :

https://blog.techsolvency.com/2025/04/managing-unique-wordlists-password-cracking.html

The steady stream of "how do I sort this 300GB file" folks in the cracking Discords is never-ending. This hurts less.

I talked AI slop with @joshbressers on Open Source Security:

https://opensourcesecurity.io/2025/2025-05-curl_vs_ai_with_daniel_stenberg/