@oscherler @mcc I think part of the problem is that the concept of FTP is becoming lost knowledge... Btw. do providers these days have SCP services exposed (with pubkey auth and whatnot) or is it FTP XOR WebAPI?

@mcc

@higgins it was a very complicated beep

@danzin "Any fuzzer at all, no matter how primitive, has a
better chance of finding a bug than an idle CPU core."

https://fuzzinginfo.wordpress.com/wp-content/uploads/2012/05/ben_nagy_how_to_fail_at_fuzzing.pdf

Good luck ;)

Has anyone had/decided-not-to-have an intern specifically in a vuln research team? We're debating it at work but some people are skeptical WRT the amount of work we'd be putting in mentoring (we aren't prepared to half-ass it), vs the amount of business value we'd get out. Candidates are strong (having CVEs for example) but it's a big ask to put them on a fortigate (for example) and expect results - and at the same time, it's not fair to give an intern a hard project which is likely going to give them a confidence hit. How did you / how could I manage this? Ideally I don't want to give interns non-research work (like the usual 'set up a lab'), I know they want to be finding bugs. Plus we've got the university sponsoring it wanting clear projects and targets, which can be really difficult in a research team. Any tips? If it helps, our team looks at 0day/nday and our usual output is blogposts and fingerprinting scripts (usually fingerprinting via exploitation - we'd much rather exploit a vuln and detect that than rely on stuff like banners).

CVE-2025-4674: Go: cmd/go: unexpected command execution in untrusted VCS repositories https://www.openwall.com/lists/oss-security/2025/07/08/5
Using the Go toolchain in directories fetched using VCS tools (such as cloning Git or Mercurial repositories) can execute unexpected commands. Fixed in 1.24.5 & 1.23.11.

[RSS] Automated Function ID Database Generation in #Ghidra on Windows

Handy #PowerShell tooling by EQ

https://blog.mantrainfosec.com/blog/17/automated-function-id-database-generation-in-ghidra-on-windows

[RSS] My `Blind Date` with CVE-2025-29824

Another Windows CLFS exploit

https://starlabs.sg/blog/2025/07-my-blind-date-with-cve-2025-29824/

[RSS] NINA - A service letting AOL, AIM, ICQ and soon Skype live again by reverse-engineering their protocols.

https://nina.chat/

[RSS] The Fundamental Failure-Mode Theorem: Systems lie about their proper functioning

https://devblogs.microsoft.com/oldnewthing/20250716-00/?p=111383

[RSS] An Interesting Cache Coherence Vulnerability in the Mali GPU Driver

https://u1f383.github.io/android/2025/07/16/an-interesting-cache-coherence-vulnerability-in-the-mali-gpu-driver.html

[RSS] CVE-2025-4660: Forescout SecureConnector RCE

https://www.netspi.com/blog/technical-blog/red-teaming/cve-2025-4660-forescout-secureconnector-rce/

[RSS] Daemon Ex Plist: LPE via MacOS Daemons

https://swarm.ptsecurity.com/daemon-ex-plist-lpe-via-macos-daemons/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 005c87c0

evp_kem_from_algorithm

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005c87c0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005c87c0.json&colors=light

I want someone to make a video series where they exceed cable lengths and show what happens.

what happens if you have a 2km USB cable? what works and what breaks?

If you are enabling an AI feature scanning all your emails, consider this will also scan the emails people have sent you. This information could include personal or otherwise legally protected information.

If this data leaks later (as it regularly happens with these systems), this could mean severe legal consequences for you down the road.

YOU are responsible for protecting the data of others under your custody.

This includes the messages and emails others send to you.

#NoAI #AI #Privacy

A data breach that exposed the names of Afghans who helped the UK military during the Afghan war was far larger than previously thought.

The leak also exposed the personal data of UK spies and special forces.

The leak originated at the UK Special Forces headquarters.

https://www.bbc.com/news/live/c706jdlr934t

It has been a while but the latest edition of the Security Liberation Front is out!

https://slf.fish/

NEW: Security researchers and CISA warn that hackers are exploiting a flaw in the Signal clone TeleMessage, which could lead to them stealing "plaintext usernames, passwords, and other sensitive data."

@h0wdy, the researcher who analyzed it said they were "in disbelief at the simplicity of this exploit."

https://techcrunch.com/2025/07/17/hackers-are-trying-to-steal-passwords-and-sensitive-data-from-users-of-signal-clone/

Go hack more AI shit please. Now.

https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape