[RSS] Remote Code Execution on Evertz SDVN (CVE-2025-4009 - Full Disclosure)

https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

[RSS] MATLAB developer bringing systems back online following ransomware attack

https://therecord.media/matlab-developer-bringing-systems-online-ransomware

Hands off MATLAB!

🆕 New blog post! It's a rather short one, nothing crazy. Just wanted to share a random finding I made recently. 🤷‍♂️

'Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation'

👉 https://blog.scrt.ch/2025/05/20/hijacking-the-windows-marebackup-scheduled-task-for-privilege-escalation/

#pentest #pentesting #redteam #windows #privilegeescalation

@nicemicro @Hazzbenn @twipped "I could literally go, and buy a hundred books," -> The keyword here is "buy".

To elaborate on intent: Little Girl likely won't/can't eat all the empty cones but wants to resell them (or give them away to 5000 buddies at the expense of Ice Cream Man).

As for your second reply, doing statistics _at this scale_ allows producing cheap replacement of the original works which is the CD ripping/compression problem discussed above.

@nicemicro @Hazzbenn @twipped I think this is the "copyright can't prevent learning from a book" argument which I like to respond to with a joke:

Little Girl: Ice Cream Man, how much is for an empty cone?
Ice Cream Man: Oh, you can get an empty cone for free!
Little Girl: Great, then I'd like 5000 of them!

In other words, scale (that can imply intent) matters.

this is it -- GOOD INTERNET magazine is LIVE, BABY~ 🥂 🎊 🥳

https://goodinternetmagazine.com/
https://goodinternetmagazine.com/
https://goodinternetmagazine.com/

i present the spring 2025 issue of GOOD INTERNET, featuring stories by @binarydigit, @internetarchive, @Leilukin, @greg, @surprisetalk, and SO MUCH MORE!

with only 6.5 hours to go before my surgery, the website is now launched! you can order physical or digital copies of the magazine! :) there are some initial stories on the website now, but more are coming over the next week, so keep an eye on your RSS feeds!!

‼️quick note: pre-ordered print editions will begin shipping out this week (!!!) and digital editions will go out this week as well to emails!

🙏 THANK YOU SO MUCH to EVERYONE who helped with this. thank you to the contributors (like @robb/ @echofeed, & @adam/ @omgdotlol). thank you to the writers, thank you to everyone who thought about this project, shared it with others, and got the word out. i am so so so stoked to bring y'all this.

🕛 issue 2 is in the fall! :) get your submission ideas in!!

#html #css #web #indieweb #smallweb #socialmedia #internet #enshittification #website #webdev #webdesign #neocities #indie #zine #coding #code #personalweb #blog #blogging

[RSS] GhidraApple: Better Apple Binary Analysis for #Ghidra

https://github.com/reverseapple/ghidraapple

[RSS] Reverse Engineering In-Game Advert injection

https://www.atredis.com/blog/2025/5/19/in-game-ads

First Step Toward a Full Chain: Exploiting Chrome on Android [CVE-2020-16040]

https://xia0.sh/blog/first-step-toward-a-fullchain-part-1/part1

The two #curl CVEs we publish today are both rated medium and affect QUIC connections when curl is built to use wolfSSL

Hiroki Kurosawa reported both and he is rewarded 2540 USD for each from the curl bug-bounty.

With these two, the total bug-bounty payout from #curl now exceeds 90,000 USD over the last few years.

https://curl.se/docs/bugbounty.html

(thanks to IBB for sponsoring our bug-bounty program!)

The WAPBackMachine works! There are lots of WAP sites in the waybackmachine. It seems that the WBM crawler actually followed links on WAP sites, despite them not being HTML, which means that there is a lot to find if you know where to look!

@schrotthaufen @reverseics Never attribute something to clever conspiracies when it can be explained by a product manager getting his bonus for moDErNiZiNg calc

This is hilarious 😅

A #SouthPark episode got aired with Russian dub "accidentally" in Hungary

https://telex.hu/zacc/2025/05/27/jo-estet-oroszorszag-oroszul-futott-egy-south-park-resz-a-comedy-centralon

Spent way too long figuring out why a payload wouldn't work.

Given the recent data breach and Coinbase’s user agreement that aims to force customers into arbitration rather than individual or class action lawsuits, it’s interesting to read the outcome of a recent arbitration case against Coinbase.

https://www.courtlistener.com/docket/69741499/1/coinbase-inc-v-spilker/

#crypto #cryptocurrency #Coinbase

@mttaggart or maybe giving RNGs full access to your repos is not a great idea?

Five of CISA’s six operational divisions and six of its 10 regional offices will have lost top leaders by the end of the month, the agency’s new deputy director, Madhu Gottumukkala, informed employees in an email on Thursday.

https://www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/

BGP handling bug causes widespread internet routing instability

On May 20th 2025 a BGP message was propagated that triggered some surprising (to many) behaviors with two major BGP implementations that are often used for carrying internet traffic.

In a new blog post, I will dissect what that message was, and my thoughts on how it happened:

---

https://blog.benjojo.co.uk/post/bgp-attr-40-junos-arista-session-reset-incident

The DWARF debug format is well-known for debugging executables,
but it is also an effective format for sharing reverse engineering information
across various tools, such as IDA, BinaryNinja, Ghidra, and Radare2.

In this blog post, I introduce a new high-level API in LIEF that allows the
creation of DWARF files. Additionally, I present two plugins designed to export
program information from Ghidra and BinaryNinja into a DWARF file.

https://lief.re/blog/2025-05-27-dwarf-editor/

(Bonus: The blog post includes a DWARF file detailing my reverse engineering work on DroidGuard)

@morgann
> Privacy: DRM saves the day
was not a headline i expected to read