@Rairii You are right, fixing the original, thanks!

Fun fact: Microsoft Code Signing PCA 2010 will expire next month 🍿

@csepp Yeah that one. Fixed, thx!

It would be so much easier to promote Google alternatives like #Framasoft if there was a usable language chooser on the UI...

https://www.youtube.com/watch?v=pwODwwgE6rA

Last week, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. https://docs.google.com/presentation/d/1rEPiqV0KBHAI0lVym283OHzYRXNCCuGudmDby1Z1qyc/edit?usp=sharing

Scumbag Google is at it again and introduces delays when loading a video on YouTube with an active ad blocker. With a nice litter banner on the lower left saying "Experiencing interruptions? Here's why!" with a link to a page telling you to disable ad blockers.

Guess what, you pissheads! It's still faster and less annoying to wait for the delay than actually watching the ads.

I finally found the perfect bug to play with wrapwrap and get RCE on Monero forums

After that, very classic exploitation steps. The only twist is that I didn't expect Laravel to unserialize() session cookies when the session driver is set to Redis (at least this version).

https://swap.gs/posts/monero-forums/

#php

This Video Can #Exploit Your #iPhone (CVE-2025-31200)

https://www.youtube.com/watch?v=nTO3TRBW00E

Besides the clickbaity title, this video is actually a simple and fun initial analysis of the #1day in question.

As a side note, I started watching it on a device with no #adblocker and damn, YouTube has become so annoying and utterly unusable 😠

@sassdawe I actually like to get updates, but it's a bit strange that when I accidentally leave a VM on it goes crazy with idle time to index shit/download ads/idk, but when I deliberately keep it on for Patch Tuesday it just takes the night off so I have to wait through the whole thing in the morning :P

I'd like to live through the day when persistent storage will reach the bandwidth to effortlessly handle Windows updates.

CVE ID: CVE-2025-24016
Vendor: Wazuh
Product: Wazuh Server
Date Added: 2025-06-10
Notes: https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24016

[RSS] Code execution from web browser using URL schemes handled by KDE's KTelnetService and Konsole (CVE-2025-49091)

https://proofnet.de/publikationen/konsole_rce.html

Apparently, if you have facebook or Instagram installed on your phone, #Meta was able to track your browsing habits and link them to your real identity even if you never logged in on the web, used incognito mode or a VPN. I hope Meta gets hit with every fine in the book.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

#Hydroph0bia (CVE-2025-4275) - a trivial #SecureBoot bypass for UEFI-compatible firmware based on Insyde #H2O, part 1

https://coderush.me/hydroph0bia-part1/

With the Kagi for Libraries program, we'll offer free access to Kagi for public library patrons worldwide 📚

If your library is interested or you know a local public library that could benefit, encourage them to apply and help us expand this program:

https://kagi.com/libraries

#Kagi #Search #Libraries

It's a mild release from #Microsoft and a record-breaking release from #Adobe. There's a single 0-day to deal with in WEBDAV and, as always, a few deployment challenges. @TheDustinChilds provides all the details at
https://www.zerodayinitiative.com/blog/2025/6/10/the-june-2025-security-update-review

[RSS] Exploiting Heroes of Might and Magic V

https://www.synacktiv.com/en/publications/exploiting-heroes-of-might-and-magic-v

[RSS] Getting started with Wirego

http://blog.quarkslab.com/getting-started-with-wirego.html

This looks extremely useful!

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

https://arstechnica.com/security/2025/06/unearthed-in-the-wild-2-secure-boot-exploits-microsoft-patches-only-1-of-them/

This was a fun one to discover!
SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align:

@SonarResearch https://infosec.exchange/@SonarResearch/114659742648728633