The last release of testssl.sh in the 3.0.10 branch was made which includes several bugfixes.

Get it from here: https://github.com/testssl/testssl.sh/releases/tag/v3.0.10

Meta AI posts your personal chats to a public feed

https://pivot-to-ai.com/2025/06/14/meta-ai-posts-your-personal-chats-to-a-public-feed/ - text
https://www.youtube.com/watch?v=Zj_Hu2Pmwzo&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

Looks like the Google Cloud incident report is out: https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW

Summary:

- On May 29, 2025, a new Service Control feature was added for quota policy checks.
- This feature did not have appropriate error handling, nor was it feature flag protected.
- On June 12, 2025, a policy with unintended blank fields was inserted and replicated globally within seconds.
- The blank fields caused a null pointer which caused the binaries to go into a crash loop.

"If this had been flag protected, the issue would have been caught in staging."

^ Kinda reminds me of the CrowdStrike incident. 🫠

@frycos Nice! Also, seriously go and touch some grass ;)

@trou Looks pretty useful! In fact I've always wondered what made Cyber Chef so popular when the shell is *right there*. I also look for strengths/weaknesses of different tools (another similar one is rax2) as inspiration, so the more I see, the better!

@stf Turns out it's surprisingly easy to create "liberal" parsers with the nom crate!

sev:CRIT SQLi in XWiki.

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-prwh-7838-xf82

Another "It's not our fault since it's EoL but it totally won't happen with the new one pay us now" vuln from one of the big vendors people keep giving money too.

Insecure device pairing in end-of-life Amazon Cloud Cam

https://aws.amazon.com/security/security-bulletins/AWS-2025-013/

Check out our first blog post about V8 CVE-2024-12695: https://bugscale.ch/blog/dissecting-cve-2024-12695-exploiting-object-assign-in-v8/

By 1986, the U.S. began attempting computer network exploitation. That same year, the U.S. discovered the Soviets were paying hackers to target U.S. networks using similar methods. https://www.army.mil/article/286292/army_cyber_corps_a_prehistory

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts.

🔗 Full details: https://www.binarly.io/blog/another-crack-in-the-chain-of-trust
🛡️ Advisory: https://www.binarly.io/advisories/brly-dva-2025-001

#cybersecurity

Submitted my first bug via GitHub's advisory reporting mechanism for hosted projects (I know, right!?!?). Much less painful than the traditional hunt the email address/chase the vendor so far.

REcover is a tool for approximately recovering the compile-unit layout from stripped binary executables.

https://github.com/huku-/recover

Back up your 2fa keys, or add a second method.

Do it now, before your phone dies/breaks/is stolen.

That's it that's the post.

With this, "Releasing from GitHub Actions" officially goes to my Cursed list: this time I spent 16 commits to get it right :P

This is the 100 year anniversary of humans having an idea of what the heck the sun and all the stars actually are. If you had asked a leading astronomer in 1925 what the sun was, they would say that it's basically the same as Earth, but very hot.

In Cecilia Payne's doctoral thesis she was the first to say, from spectral data, that the sun was overwhelmingly made of hydrogen and helium.

It was later described as "the most brilliant PhD thesis ever written in astronomy".

https://en.wikipedia.org/wiki/Cecilia_Payne-Gaposchkin

Have you ever spent precious time converting something like "0xde, 0xad,\r\n0xbe, 0xef" to "\xde\xad\xbe\xef"?

If so, then xer is for you:

https://github.com/v-p-b/xer

This is also my first somewhat useful #Rust project, so be gentle <3

Outlook must die, again
Gemini might have the best solution for Outlook (new) to prevent it regularly appearing back on my system. I do not want this code!!

Remove Provisioned App Packages (More Aggressive - Use with Caution):
This is a more permanent solution that attempts to remove the app not just for your user profile, but for all future user profiles on the system, and prevents it from being provisioned again automatically by the OS.

Open PowerShell as Administrator.

Get-AppxPackage -AllUsers | Where-Object {$_.Name -like "Microsoft.OutlookForWindows*"}

Look for the PackageFullName (e.g., Microsoft.OutlookForWindows_1.2024.515.0_x64__8wekyb3d8bbwe).

Remove for Current User:

Get-AppxPackage *Microsoft.OutlookForWindows* | Remove-AppxPackage

Remove Provisioned Package (Crucial for preventing reinstallation):
PowerShell

Get-AppxProvisionedPackage -Online | Where-Object {$_.PackageName -like "Microsoft.OutlookForWindows*"} | Remove-AppxProvisionedPackage -Online

Note: If you run the Remove-AppxProvisionedPackage command and it doesn't find the package, it means it's not provisioned for new users, but might still be re-added through other mechanisms like Windows Feature Experience Pack updates.

Me: (Selects option to create a new empty folder on my Win11 i5 laptop)

Laptop: OH DEAR GOD NO WHAT IS WRONG WITH YOU? I MUST CRANK ON THE FANS AND DISPLAY THE EXPLORER NOT RESPONDING BANNER TO DEAL WITH THIS UNPRECEDENTED DEMAND ON MY PROCESSORS! YOU VICIOUS, HEARTLESS BASTARD! *sob*

Me: (Smiles and quietly fantasizes again about shooting this laptop.)