@bradlarsen My rule of thumb is that LLM's are useful if results are cheap to verify. When it comes to development this mainly means one-off utils/prototypes/PoC's.

[RSS] X41 Audited Ruby on Rails

https://x41-dsec.de/security/research/job/news/2025/06/11/ruby-on-rails/

[RSS] Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck

https://itm4n.github.io/checking-symantec-account-credentials-privesccheck/

[RSS] Streaming Zero-Fi Shells to Your Smart Speaker

https://blog.ret2.io/2025/06/11/pwn2own-soho-2024-sonos-exploit/

[RSS] Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'?

https://www.404media.co/spam-blogs-ai-slop-domains-wowlazy/

Instant reshare!

“Localhost tracking” explained. It could cost Meta 32 billion. https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

@joxean yes.

"Donald Trump’s director of national intelligence fed the JFK files into an AI program, asking it to see if there was anything that should remain classified, she told a crowd at an Amazon Web Services conference Tuesday"

Is there any way we can convince The Onion to not keep publishing their stuff under different domain names? 🤪

https://www.thedailybeast.com/tulsi-gabbard-admits-to-asking-ai-what-to-classify-in-jfk-files/

Bypassing GitHub Actions policies in the dumbest way possible

https://blog.yossarian.net/2025/06/11/github-actions-policies-dumb-bypass

#security

@cR0w Don't thinks so: other insignificant parts of the page also render weird without JS. My bet is on some CMS fuckery trying to be smart about content formatting.

New vulnerability report from Talos:

Adobe Acrobat Reader Font CFF2 PrivateDict vsindex Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2159

CVE-2025-43578

New vulnerability report from Talos:

Adobe Acrobat Reader Annotation Destroy Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2170

CVE-2025-43576

@cR0w FML it's actually some JavaScript frontend monstrosity...

@cR0w It just white-on-white, I didn't even notice in my RSS reader

[RSS] CVE-2025-33073: A Look in the Mirror - The Reflective Kerberos Relay Attack

https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/

@Rairii You are right, fixing the original, thanks!

Fun fact: Microsoft Code Signing PCA 2010 will expire next month 🍿

@csepp Yeah that one. Fixed, thx!