ClamAV 1.4.3 and 1.0.9 security patch versions published

https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

CVE-2025-20260
CVE-2025-20234
+1 upstream vuln in lzma-sdk

@mwichary @darkphoenix TIL about C trigraphs :O

📣 Exciting opportunity in our iOS team for a Senior Vulnerability Researcher with experience in Apple platforms.

Remote or office based.

https://jobs.gohire.io/interrupt-labs-zcocopee/senior-ios-vulnerability-researcher-237538/

@mwichary I don't want to argue about your perception, you do you. Still find the topic worthy of discussion!

@mwichary @darkphoenix It's strange you call one commenter a "know-it-all" while acknowledging others bringing up the same issue (maybe Fedi is playing me?). I think the topic of "effortless markup" you brought up is really interesting and becomes even more interesting if we take into account other layouts. My quick idea: does every layout have "." without modifier?

(slightly related: I recently learned that C syntax differs so wildly from Pascal, because the former was designed by US keyboard users while the latter was from EU)

Now curious exactly why SGML chose angle brackets! Would love to see a written statement. This is the closest I got to an answer, but it’s not really an answer.

https://www.xml.com/pub/a/w3j/s3.connolly.html

Do you know of examples of a software library's test suite catching a bug in its upstream dependencies? I've seen a few of these over the years, and I'd like to put together a small list. Things like:

- A programming language implementation's test suite uncovering a bug in other implementations
- A library's test suite uncovering a bug in the language implementation itself
- A framework addon's / extension's test suite uncovering a bug in the framework

Some pictures of KICKI a DEC PDP-10 model KI10 sn 522 currently in preservation.

Would you like to support us? Visit: https://icm.museum

#retrocomputing #vintagecomputing

You've been asking for the slides from my x33fcon talk this year - here they are!

I covered most modern anti-phishing protections and how to evade them, with a particular focus on how URL rewriting can be used to bypass Google Safe Browsing.

Enjoy! 🪝🐟

🔗👇

@whitequark @azonenberg @gsuberland The culture of extensive reverse engineering and binary patching to extend proprietary dev tools on Windows has always made me smile. This is one of the crazier examples: https://gitlab.com/VC6Ultimate/VC6Ultimate

Newsletter: Issue 86 – State power sponsored by Coinbase

Coinbase’s sponsorship of Trump’s military parade angered some in the crypto world, who described the move as “deeply disturbing” and “an insult to everything our industry stands for”. But this is only the latest example of crypto companies aligning with state power.

Earlier this month, the cryptocurrency firm Ripple made a $9.4 million contribution to the San Francisco Police Department to fund a surveillance center outfitted with drones. “We’re going to be covering the entire city with drones,” enthused a SFPD Captain about the donation.

https://www.citationneeded.news/issue-86/

#crypto #cryptocurrency #USpolitics #USpol

[RSS] Sleepless Strings - Template Injection in Insomnia

https://tantosec.com/blog/2025/06/insomnia-api-client-template-injection/

@sawaba Or _maybe_ this is a subtle message to some _other_ companies that make LLMs write unsubstantiated content about their/competitor products??

[RSS] Exploiting the Tesla Wall connector from its charge port connector

https://www.synacktiv.com/en/publications/exploiting-the-tesla-wall-connector-from-its-charge-port-connector

👷 After 15 years of entrepreneurship and a few months of sabbatical I'm looking for a regular old job.

My ideal role would be primarily technical, aimed to dissect software to uncover vulnerabilities. Beyond bug mining I'd love to learn to mine better and make new kinds of pickaxes.

My public works and contact info are on my homepage:

https://scrapco.de

Get in touch if you want to know more!

Boosts are appreciated! #FediHire

The latest #IBMi LPE bulletins are now correctly attributed to @silentsignal :

https://www.ibm.com/support/pages/node/7236663 - CVE-2025-33108

https://www.ibm.com/support/pages/node/7237040 - CVE-2025-33122

@sawaba "We can re-prompt when our research question about a security product or technology doesn’t yield the answer we wanted." why do they ask the question if they already know what answer they want? Also "wanting" a particular answer sounds very stupid to me...

ChatCVE