Released xer v0.0.4-alpha with support for signed byte values (hexadecimal and decimal) for people dealing with Java:

https://github.com/v-p-b/xer/releases/tag/v0.0.4-alpha

Every damn day

The libxml2 maintainer is no longer accepting embargoed security reports. They just get treated like regular issues.

This bit in a comment on the announcement really resonates with me:

> these companies make billions of profits and refuse to pay back their technical debt, either by switching to better solutions, developing their own or by trying to improve libxml2.

Too often a company will depend on some library, and then when there are issues with it, shame the maintainer into fixing them. "There's a problem with your project, it is your responsibility to fix it".

No.

You chose to build on top of this library, and with that took on all responsibility that comes with that choice. Any tech debt or bugs are now YOUR tech debt and bugs. What are you going to do about them?

https://gitlab.gnome.org/GNOME/libxml2/-/issues/913

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0051a550

asn1_cb

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0051a550.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0051a550.json&colors=light

https://links.fabiomanganiello.com/share/683ee70d0409e6.66273547

[RSS] Python - Tarfile Realpath Overflow Vulnerability

https://github.com/google/security-research/security/advisories/GHSA-hgqp-3mmf-7h8f

PHRACK is coming to #DEFCON! We're printing ~10,000 zines and giving an hour-long talk you won't want to miss! Stay tuned. 🔥 #40yrsOfPhrack #phrack72

We did a presentation at Null Byte Security Conference last year entitled "The importance of a rigorous methodology in information security research". The presentation aimed to introduce security professionals to the importance of rigor in information security research, but also to other aspects.

We consider rigor very important for the information security industry.

We have observed, over more than 15 years in the field, that many beginners lack a solid understanding of rigor and the scientific method, which hinders their learning and growth.

The audience was mostly people starting in the information security industry, and we tried to make it simple, but not simpler. The slides can be found at the link below:

https://allelesecurity.com/wp-content/uploads/2025/06/The-importance-of-a-rigorous-methodology-in-information-security-research.pdf

CVE-2025-48706 - Out-of-bounds read in COROS PACE 3

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-028.txt

Watch Out! Bluetooth Analysis of the COROS PACE 3

https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/

[RSS] exploits.club Weekly Newsletter 76 - Tesla Wall Charger Bugs, Chrome PoCs, Secure Boot Arb Writes, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-76-tesla-wall-charger-bugs-chrome-pocs-secure-boot-arb-writes-and-more/

[RSS] Frida 17.2.0 Released

https://frida.re/news/2025/06/18/frida-17-2-0-released/

[RSS] [Today] is the 37th birthday of the IBM Power servers and the #IBMi operating system.

https://www.rpgpgm.com/2025/06/happy-birthday-to-ibm-power-and-ibm-i.html

ClamAV 1.4.3 and 1.0.9 security patch versions published

https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

CVE-2025-20260
CVE-2025-20234
+1 upstream vuln in lzma-sdk

@mwichary @darkphoenix TIL about C trigraphs :O

📣 Exciting opportunity in our iOS team for a Senior Vulnerability Researcher with experience in Apple platforms.

Remote or office based.

https://jobs.gohire.io/interrupt-labs-zcocopee/senior-ios-vulnerability-researcher-237538/

@mwichary I don't want to argue about your perception, you do you. Still find the topic worthy of discussion!

@mwichary @darkphoenix It's strange you call one commenter a "know-it-all" while acknowledging others bringing up the same issue (maybe Fedi is playing me?). I think the topic of "effortless markup" you brought up is really interesting and becomes even more interesting if we take into account other layouts. My quick idea: does every layout have "." without modifier?

(slightly related: I recently learned that C syntax differs so wildly from Pascal, because the former was designed by US keyboard users while the latter was from EU)

Now curious exactly why SGML chose angle brackets! Would love to see a written statement. This is the closest I got to an answer, but it’s not really an answer.

https://www.xml.com/pub/a/w3j/s3.connolly.html