[RSS] CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre

https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/

CVE-2025-53367

[RSS] Kernel Exploitation Techniques: Turning The (Page) Tables

https://sam4k.com/page-table-kernel-exploitation/

[RSS] When too much access is not enough: a story about Confluence and tokens

http://blog.quarkslab.com/a-story-about-confluence-and-tokens.html

[RSS] exploits.club Weekly Newsletter 78 - ITW Sandbox Escapes, RL For VR, WhatsApp Fuzzing, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-78-itw-sandbox-escapes-rl-for-vr-whatsapp-fuzzing-and-more/

New post: Insecure Boot: Injecting initramfs from a debug shell https://insinuator.net/2025/07/insecure-boot-injecting-initramfs-from-a-debug-shell/

Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida

What? They programmed it by doing what???

https://en.m.wikipedia.org/wiki/Bally_Astrocade

@raptor I think - objectively - that range is absolutely awesome! subjectively, I totally feel you...

[RSS] Assembly Code Editor

https://deepcodestudio.pages.dev/

[RSS] opasm: an Assembly REPL

https://github.com/aedrax/opasm

"IBM Software Download Tips: Three Easy Steps to Make Download Director Work Again"

https://www.ibm.com/support/pages/node/7181432

Free #ProTip for IBM: no one should ever have to use Download Director. Web servers should just not randomly drop connections.

CVE ID: CVE-2025-6554
Vendor: Google
Product: Chromium V8
Date Added: 2025-07-02
Notes: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html?m=1 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6554
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-6554

V8 Security is hiring in Munich, Germany: https://www.google.com/about/careers/applications/jobs/results/96463411851731654-software-engineer-iii-v8-security

Great opportunity to work on some really hard and interesting problems in the security space!

Microsoft lays off another **9000** game industry employees.

If accurate, would bring the number of game industry layoffs in the last four years to over 45,000.

This is not a large industry.

https://aftermath.site/xbox-layoffs-july

[RSS] Rising star: Meet Dylan, MSRC's youngest security researcher

https://msrc.microsoft.com/blog/2025/07/rising-star-meet-dylan-msrcs-youngest-security-researcher/

2 posts I saw today:
- MS spends $80B on AI datacenters, even putting their bottom line at risk
- MS lays off thousands

I so wait for the moment when reality kicks in...

Can't help but notice that all the CTI vendors that were waving their arms like carwash inflatables about increased activity from Iran have little to say about the lack of increased activity from Iran, which was the reasonable expectation from the jump.

📁🫷🚧Can't control the extension of a file upload, but you want an XSS?
Read more on how we overcame this obstacle to further exploit entire organizations using Fortinet endpoint protection:

https://www.sonarsource.com/blog/caught-in-the-fortinet-how-attackers-can-exploit-forticlient-to-compromise-organizations-2-3?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-caught-in-the-fortinet-260625-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #vulnerability #bugbountytips

Had a coworker tell me "Don't let infosec get in the way of hacking" which feels like an intense bit of wisdom underneath it all.

#grsecurity users are unaffected by CVE-2025-32463 (sudo chroot option privesc) when a feature available since 2021 is enabled. Customers can view our KB article on an earlier vulnerability this year, CVE-2025-4802 for glibc, to see how exploitation is prevented in the same way.