Exploiting the CVE-2025-21756 1-day vulnerability

@v4bel and @_qwerty_po posted a kernelCTF report about exploiting a UAF in the vsock subsystem of the Linux kernel:
https://github.com/google/security-research/blob/f7dbb569a8275d4352fb1a2fe869f1afa79d4c28/pocs/linux/kernelctf/CVE-2025-21756_lts_cos/docs/exploit.md

@gsuberland https://www.youtube.com/watch?v=239vHrwt8Rs ?

Another sev:CRIT ../ ? This time in ZendTo. LMAO. PoC in the post.

https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/

We discovered a path traversal vulnerability in ZendTo versions 6.15-7 and prior. This vulnerability allows malicious actors to bypass the security controls of the service to access or modify potentially sensitive information of other users. This issue is patched in 6.15-8, and we encourage all users to upgrade as soon as possible.

#directoryTraversalMemes

Slides like this will always have a special place in my heart! Source:

https://www.youtube.com/watch?v=goEb7eKj660

[oss-security] pam_namespace local privilege escalation (CVE-2025-6020)

https://www.openwall.com/lists/oss-security/2025/06/17/1

New post: Disclosure: Multiple Vulnerabilities in X.Org X server prior to 21.1.17 and Xwayland prior to 24.1.7 https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/

🚀 We have just released a new Security Advisory for NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes & other vulnerabilities discovered by our Adrian Denkiewicz !

https://www.doyensec.com/resources/Doyensec_Advisory_CFITSIO_Q22025.pdf

#doyensec #appsec #security

@drwhax @0xCDE you guys see work done at construction sites? (over here they usually just raise some fences, get the bosses cars parked then nothing happens for weeks)

[oss-security] "the security policy of libxml2 has been changed to disclose vulnerabilities before fixes are available"

https://www.openwall.com/lists/oss-security/2025/06/16/6

CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170

CVE-2025-6021 looks like the most severe (integer overflow in xmlBuildQName())

Off-By-One Conference Day 1&2 videos, without stupid redirectors:

https://www.youtube.com/playlist?list=PLiIDIO1Gp6V9t5jA1WnTVAfHNPPR9OhSx

https://www.youtube.com/playlist?list=PLiIDIO1Gp6V8_CMvMVabhyeABTW1yZrRZ

@joxean Or engineering archeology?

[RSS] Junk Code Engines for Polymorphic Malware

https://r0keb.github.io/posts/Junk-Code-Engines-for-Polymorphic-Malware/

The Day 2 videos are finally out 🥳🥳

https://bird.makeup/@offbyoneconf/1934401036460167285

The Day 1 videos are finally out 🥳🥳

https://bird.makeup/@offbyoneconf/1934400701767270409

this is a nice post on strace (I didn't know that strace had a --stack-traces option!) https://rrampage.github.io/2025/06/13/strace-tips-for-better-debugging/

I created a library from prefetch-tool so you can more easily experiment with side-channel #KASLR bypasses on Windows:

https://github.com/v-p-b/prefetch-lib

For dogfooding I exploited HEVD on Windows 11 24H2:

https://github.com/v-p-b/HEVD-prefetch

@jerry @cR0w You are joking but: https://threadreaderapp.com/thread/1932079435571671137.html

@erik @GossiTheDog I definitely wouldn't rule out time warps.

@GossiTheDog Friday the 13th's bugs hatched during the weekend I guess

[oss-security] CVE-2025-4748: Erlang/OTP 17.0–28.0.0 absolute-path traversal in zip:unzip/zip:extract

https://www.openwall.com/lists/oss-security/2025/06/16/5

Exquisite bug!