this is a nice post on strace (I didn't know that strace had a --stack-traces option!) https://rrampage.github.io/2025/06/13/strace-tips-for-better-debugging/

I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:

https://github.com/v-p-b/prefetch-lib

For dogfooding I exploited HEVD on Windows 11 24H2:

https://github.com/v-p-b/HEVD-prefetch

@jerry @cR0w You are joking but: https://threadreaderapp.com/thread/1932079435571671137.html

@erik @GossiTheDog I definitely wouldn't rule out time warps.

@GossiTheDog Friday the 13th's bugs hatched during the weekend I guess

[oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract

https://www.openwall.com/lists/oss-security/2025/06/16/5

Exquisite bug!

This exploited-in-the-wild issue is an interesting twist on binary planting that we were working on a decade and a half ago. The DLL/EXE search order just keeps on giving (to attackers, that is). https://binaryplanting.com

It turned out that all our security-adopted Windows versions were affected by this issue, so we created micropatches for them all. These are already distributed and applied to all online affected systems.

We would like to thank security researchers Alexandra Gofman and David Driker with @_cpresearch_ for detecting the exploitation and publishing their analysis, which made it possible for us to create a micropatch for this issue.

Micropatches Released for WEBDAV Remote Code Execution Vulnerability (CVE-2025-33053) https://blog.0patch.com/2025/06/micropatches-released-for-webdav-remote.html

Listen up Mastodonians, because this is important:

Right now we have a unique chance to rise up and hit back against Zuckerberg and Musk. Because italian filmmaker @_elena and her friends have made an OUTSTANDING short film, which explains why people should quit the fascist social networks and come join us in the fediverse.

Hit the fascists where it hurts — make this go viral by watching it and liking it on YouTube, then hit the share button and share it everywhere!

https://www.youtube.com/watch?v=YRJHIJy5Nno

Crypto: Sponsoring military parades for the Great Leader’s birthday

Just like Satoshi envisioned it.

@patcharcana @cR0w https://www.youtube.com/watch?v=mW9PvYYH9lA

#VibeCoding your MFA

New vulnerability report from Talos:

Asus Armoury Crate AsIO3.sys authorization bypass vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2150

CVE-2025-3464

New vulnerability report from Talos:

Asus Armoury Crate AsIO3.sys stack-based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2144

CVE-2025-1533

"Hey Bill should we push this API quota update globally?"

"They said push it man."

"But the new quotas are 'none' and 'noner'. There's not even any numbers."

"Fuck it, send it."

https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW

oh my god i was right.

"This policy data contained unintended blank fields. Service Control, then regionally exercised quota checks on policies in each regional datastore. This pulled in blank fields for this respective policy change and exercised the code path that hit the null pointer causing the binaries to go into a crash loop. This occurred globally given each regional deployment."

https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW

https://github.com/ubuntu/authd/security/advisories/GHSA-g8qw-mgjx-rwjr

When a user who hasn't logged in to the system before (i.e. doesn't exist in the authd user database) logs in via SSH, the user is considered a member of the root group in the context of the SSH session. That leads to a local privilege escalation if the user should not have root privileges.

radare2 is now shipping extra panel layouts in the default installation. Do you have custom layouts you enjoy in panels mode? https://github.com/radareorg/radare2/pull/24296 #reverseengineering #tui

From "All About Computers", published in 1984.

Adapting an Old Rotary Dial for Digital Applications

https://hackaday.com/2025/06/13/adapting-an-old-rotary-dial-for-digital-applications/