New Project Zero issue:

Linux >=6.13: io_uring: SQE/CQE UAF/OOB read in race between IORING_REGISTER_RESIZE_RINGS and io_uring_show_fdinfo

https://project-zero.issues.chromium.org/issues/417522668

CVE-2025-38002

[RSS] Sandbox Security Escapes in ColdFusion and Lucee (CVE-2025-30288 and CVE-2024-55354)

https://www.hoyahaxa.com/2025/06/sandbox-security-escapes-in-coldfusion.html

Security Benchmarking Authorization Policy Engines https://goteleport.com/blog/benchmarking-policy-languages/

Hungarian astronaut Tibor Kapu is on his way to space on Ax-4 \o/

https://www.youtube.com/watch?v=YAue1QljRg4

👉🏽 Check out this in-depth video of @nmatt0 reversing the firmware decryption mechanism used in a Hanwha security camera with IDA Pro. Bonus: He's also written an accompanying blog post packed with code samples, screenshots, and more!

https://hex-rays.com/blog/reversing-hanwha-security-cameras-a-deep-dive-by-matt-brown

This is very aggressively (perhaps too aggressively) stated, but he's absolutely right. People are all worried their ideas are gonna be "stolen", and my friends, I can assure you that won't be the problem.

FileFix - A ClickFix Alternative

https://mrd0x.com/filefix-clickfix-alternative/

i love css 💖

also shoutout to Fastmail for rolling out fixes for both reports in <48h
https://www.fastmail.com/bug-bounty/

#IBMi is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i [CVE-2025-36004]

https://www.ibm.com/support/pages/node/7237732

Another one by @silentsignal !

[RSS] Keiro Control authentication bypass (0-day?) #NoCVE

https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/

[RSS] Finding a 27-year-old easter egg in the Power Mac G3 ROM

https://www.downtowndougbrown.com/2025/06/finding-a-27-year-old-easter-egg-in-the-power-mac-g3-rom/

[RSS] CFCamp 2025 Slides - Understanding CFML Vulnerabilities, Exploits, and Attack Paths

https://www.hoyahaxa.com/2025/06/cfcamp-2025-slides-understanding-cfml.html

#coldfusion

I updated the generated #Ghidra documentation I host for 11.4:

https://scrapco.de/ghidra_docs/

Here's the documentation for Decompiler Taint Operations:

https://scrapco.de/ghidra_docs/Features/DecompilerDependent/DecompilerTaint/DecompilerTaint.html

#Ghidra 11.4 released with support for (external) taint engines in the decompiler:

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.4_build

@nflnfl and they were 100% right!

@Viss F1 is the new U2

📢 @ERNW is preparing the venue for tomorrow's launch of #TROOPERS25 in #heidelberg! See you soon people! We are super excited! 🥳

@Viss @neurovagrant @dangoodin I think a better analogy would be Stagefright where target diversity was a major factor blocking widespread abuse IIRC: based on my recent experiments with side-channels, target HW can have significant effects.

FTR, this is an example of targeting end-user applications:

https://www.youtube.com/watch?v=ugZzQvXUTIk

And don't forget: as SW mitigations (or even HW assisted ones) get better, attackers may turn to more "painful" alternatives...

[RSS] Abusing copyright strings to trick software into thinking it's running on your competitor's PC

https://devblogs.microsoft.com/oldnewthing/20250624-00/?p=111299

#warez

yay my first 2025 chrome cve!!

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html