Fucking stupid UI/UX choices.

Fortigate Firewall/Routers - All options for BGP/IPSEC are behind an "advanced options" user preference.... IT'S A FORTIFUCKINGROUTER the only people in this interface are advanced users.

PaloAlto XDR portal - Right-click for options on a line... fine... But wait, if you hold option/alt, you get even more options. I get the need to define which options are less common choices, but you should not be hiding things behind click-modifiers. The only people using the XDR interface will be advanced users. If a user doesn't have authorization for a command, then don't show it. If the option is destructive, then confirm with N number of dialogs. Also, the ENTIRE user interface is in italics.

Admin interfaces should never have hidden options.

@G33KatWork Ja bitte!

Make some noise!

There’s still time for you to submit your article for the 40th anniversary edition of Phrack!

https://bird.makeup/@phrack/1901633924532408680

What is the most inappropriate connector with enough pins to support USB-C?

I suggest:

[RSS] Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea

https://kaist-hacking.github.io/publication/yun-ksa/

@cR0w Finally some honest marketing!

Our journey with our #iOS emulator continues.

We show how we reached the home screen, enabled multitouch, unlocked network access, and started running real apps 👉 https://eshard.com/posts/emulating-ios-14-with-qemu-part2

#iosdev #reverseengineering #cybersecurity

@cR0w That's peak #YOLOsec right here!

Command injection, SQLi, and hardcoded creds in Infoblox NETMRI. tsk tsk

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32815

And we have a write-up now for these Infoblox NetMRI vulns.

https://rhinosecuritylabs.com/research/infoblox-multiple-cves/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00478ea0

ssl3_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=light

God I hate computers...

@greg @G33KatWork if-let is a prime example of how Clever often beats Readable in Rust Land IMO

(I just wrestled with some code that swear to God was optimized for the minimal number of semicolons...)

🎯 THIS SATURDAY: DFIR Labs CTF 🎯
⏰ June 7 | 1630–2030 UTC
🔗 Register Now → https://dfirlabs.thedfirreport.com/ctf

🚀 DFIR Labs CTF is back!
💥 Only $9.99 to join
💥 Choose Elastic or Splunk
💥 Access a brand-new, unreleased case
💥 Top 5 get invited to join The DFIR Report team!

📣 Hear from past participants:
⭐ “Real case makes it different!”
🚀 “Great hands-on learning experience”
💯 “Excellent CTF, super responsive and realistic”

Don’t miss your chance to level up with real-world incident response challenges.

Both #Yandex and #Meta used obfuscation techniques to hide that the traffic occured and/or that the apps were listening to these requests:

➡️ Meta traffic was using #WebRTC, which does not show up in the browser's developer tools
➡️ Yandex traffic looked non-local
➡️ Yandex apps started listening only after several days

BTW: Apparently, Meta stopped doing this yesterday. But they probably still have the mapping DB.
All the details by the researchers here.
https://localmess.github.io/

"Paprika Csapat" (Team Paprika) ransomed the Hungarian Ministry of Home Affairs (education doesn't deserve a dedicated ministry around here) after dumped a database related to high school final exams (article in HU):

https://telex.hu/techtud/2025/06/03/hekkertamadas-paprika-csoport-erettsegi-adatbazis-masolas-oktatasi-hivatal

Wonder if perpetrators are in fact Hungarian (as the name suggests), or just using some LLM translator?

Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation

Every project should have a "cursed"-page like that: 😆

"Cursed knowledge we have learned as a result of building #Immich that we wish we never knew."
https://immich.app/cursed-knowledge/

🤓

#FOSS #yakshaving #fun