📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:

https://www.sonarsource.com/blog/caught-in-the-fortinet-how-attackers-can-exploit-forticlient-to-compromise-organizations-2-3?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-caught-in-the-fortinet-260625-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #vulnerability #bugbountytips

Had a coworker tell me "Don't let infosec get in the way of hacking" which feels like an intense bit of wisdom underneath it all.

#grsecurity users are unaffected by CVE-2025-32463 (sudo chroot option privesc) when a feature available since 2021 is enabled. Customers can view our KB article on an earlier vulnerability this year, CVE-2025-4802 for glibc, to see how exploitation is prevented in the same way.

Updates for the Linux kernel exploitation collection 😋

https://github.com/xairy/linux-kernel-exploitation/commit/e4d394cff8b58c236721bca7f28a355775e556bc

New x64dbg release: Type System and Modernization

https://x64dbg.com/blog/2025/06/30/release-announcement.html

#debugger #ReverseEngineering

[oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect
stubs exception handling for flags recovery

https://www.openwall.com/lists/oss-security/2025/07/01/1

(Potential impact is hypervisor DoS)

Unveiled at #TROOPERS25 - Hexagon fuzzing unlocked

Hexagon is the architecture in Qualcomm basebands - they power most of the world's leading smartphones.

Until now, this baseband was out of reach.

We released the first open-source toolchain for system-mode Hexagon fuzzing, presented by Luca Glockow (@luglo), Rachna Shriwas, and Bruno Produit (@bruno) at @WEareTROOPERS

Full post: https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands

How we opened up mobile firmware in 3 steps:
1. Boot real iPhone basebands with a custom QEMU fork
2. Rust-powered fuzzer controls execution via JSON configs
3. Ghidra integration maps coverage across threads

This brings full visibility to Qualcomm’s 4G/5G/GPS stacks.

Reproducible. Extendable. Open source.

Hexagon’s no longer off-limits - mobile security just got a lot more transparent.


🔗 Try it yourself: https://github.com/srlabs/hexagon_fuzz
📚 Docs: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/reverse_engineering.md
🖥️ Slides from Troopers25: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/talk/hexagon_fuzz_troopers2025.pdf
🛠️ Issues, ideas, or contributions? PRs welcome.

@kpwn UUIDv4 can be based on CSPRNG, in that case it's just as secure as a sid with same number of (secure) random bits. Only problem is that random source can't be identified in a blackbox setting, but statistical methods can give a good estimation about its security.

💻 Have you read our recent publications?

ISPConfig Authenticated Remote Code Execution:
https://ssd-disclosure.com/ssd-advisory-ispconfig-authenticated-remote-code-execution/

Kerio Control Authentication Bypass and RCE:
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/

Today we celebrate #curl having been part of OSS-fuzz for eight years. Imagine the amount of junk libcurl APIs have received in this time...

https://google.github.io/oss-fuzz/

If case there was any doubt, Fediverse account are prefered over X mirror bots. Considering how poorly reliable X bridges are, the amount of api restrictions and the lack of interop for boostings and replies, consider posting here if you are a casual visitor!

It has gone zero days since the latest slop

Wikipedia has a cheat sheet of well-known tells for identifying generated text. (With an appropriate warning not to over-index on minor ones as absolute proof) https://en.m.wikipedia.org/wiki/Wikipedia:WikiProject_AI_Cleanup/AI_catchphrases

https://x.com/lauriewired/status/1939833276228890849/photo/1

https://bird.makeup/@buffys/1938089514838159783

Thanks for celebrating our anniversary with us, REcon! Enjoy the special release.

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

[RSS] Does anyone happen to know why certain profile names corrupt text elements in Tony Hawk's Pro Skater for N64?

https://banyaszvonat.github.io/breaking-videogames/2025/06/30/tony-hawks-pro-skatyr.html

#GameHacking #ReverseEngineering

New sudo LPE's just dropped:

Sudo Host Option Elevation of Privilege (CVE-2025-32462):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host

Sudo local privilege escalation via chroot option (CVE-2025-32463):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Linking oss-security too, because researcher advisories don't like to load for me:

https://www.openwall.com/lists/oss-security/2025/06/30/2

https://www.openwall.com/lists/oss-security/2025/06/30/3

Chrome’s AppBound Cookie Encryption Bypassed via Side-Channel Timing Attack https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption

AI Slop is strong on HackerOne. After some break when Daniel added the "AI disclosure" questions, people are back now (and ignoring it).

Such a silly world.