Want to learn about Chrome exploitation and the role of WebAssembly in it?

In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution.

Read it here: https://ssd-disclosure.com/an-introduction-to-chrome-exploitation-webassembly-edition/

[RSS] ControlPlane Local Privilege Escalation Vulnerability on macOS

http://blog.quarkslab.com/controlplane_lpe_macos.html

[RSS] CVE-2025-4919: Corruption via Math Space in Mozilla Firefox

https://www.thezdi.com/blog/2025/7/14/cve-2025-4919-corruption-via-math-space-in-mozilla-firefox

"Exclusive: Meta won't tweak pay-or-consent model further despite risk of EU fines, sources say"

https://www.reuters.com/sustainability/boards-policy-regulation/meta-wont-tweak-pay-or-consent-model-further-despite-risk-eu-fines-sources-say-2025-07-11/

IMO pay-or-consent is a reasonable model for #adtech, but if Meta implements that *and* pays fines, that's good enough for me!

We just updated our bug bounty hall of fame to include the great security researchers from the last two quarters. Thank you for securing the best #Firefox yet :)

https://www.mozilla.org/en-US/security/bug-bounty/hall-of-fame/

in the interest of helping other small publications, i want to pass along a request for elpis zine, an online zine about the small web, retro tech, and alternate protocols that recently celebrated its 10th issue!

for their next issue, they want to focus on #women of the #internet: "who, one way or another, influenced the creation of the modern Internet, which is why the modern World Wide Web looks exactly like this."

from elpis:

These are women who are at the forefront of the attack and work on the technologies that surround us. These are women who have influenced design, content, and politics. But we're not just talking about the modern Internet, we're also talking about the small web.

There are legendary women here, too. We want to write about you, about your sites, if you have ideas about whom we can also write about, or links to pages (feel free to give your sites), that's cool! We'll publish them.

the editors are looking specifically for "ideas about who can be written about from the great women who influenced the modern Internet (designers, programmers, and so on)." there's so many women in internet #history that we must keep their stories going! <3

the editor of the zine, turboblack, is a 32-bit cafe member and a passionate member of the independent web. :) i hope you appreciate this departure to spread some internet-focused publication love!

I'm pleased to announce a new version of the Rust bindings for IDA Pro! With: - Improved strings, metadata, and core APIs. - Support for the names API. Thank you to @raptor.infosec.exchange.ap.brid.gy & Willi Ballenthin for contributing! Docs: idalib.rs Code: git.idalib.rs

idalib documentation

@badsamurai @meadxmoon could you point me to implementarion details?

Project: kubernetes/kubernetes https://github.com/kubernetes/kubernetes
File: staging/src/k8s.io/api/certificates/v1/generated.pb.go:1378 https://github.com/kubernetes/kubernetes/blob/a62752db5110225a89a83ec844a5884413e550ff/staging/src/k8s.io/api/certificates/v1/generated.pb.go#L1378

func (m *CertificateSigningRequestSpec) Unmarshal(dAtA []byte) error

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fstaging%2Fsrc%2Fk8s.io%2Fapi%2Fcertificates%2Fv1%2Fgenerated.pb.go%23L1378&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fstaging%2Fsrc%2Fk8s.io%2Fapi%2Fcertificates%2Fv1%2Fgenerated.pb.go%23L1378&colors=light

@cR0w @badsamurai where does the article show prevention/blocking options? I've scrolled my fingers off on mobile but can only see the reitaration of the technique in reeeeally long form...

local restaurants I love you but please have a website that isn't your instagram profile and has your hours of business on it. kthx

@Catarina @0xabad1dea Maybe we did reach singularity - it's just not technological, but the spacetime kind?

[RSS] CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)

https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/

High level diff of iOS 18.6 beta2 vs. iOS 18.6 beta3 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_6_22G5064d__vs_18_6_22G5073b/README.md

WHAT IS THIS SOURCERY?!

#Winget has #DSC support now?!

I can start #WindowsSandbox and have the required security tools installed #automagically!

https://github.com/microsoft/winget-dsc/tree/main/samples/DscResources/Microsoft.WindowsSandbox.DSC

There’s an entire rant buried in here but, in short, I absolutely agree.

@Natasha_Jay This needs to be made into @effinbirds

[RSS] [CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

https://karmainsecurity.com/KIS-2025-04

@freddy Yeah that one caught my eye too, and based on the timeline I agree that it's likely unfixed.

(I linked the talk FTR and so that I can tag in @ifsecure in case he has some more info :))

@freddy @ifsecure OK, CVE-2025-7424 is def not here:

https://support.apple.com/en-us/122719