Want to make the most of the upcoming research drop? We've just updated https://http1mustdie.com/ with links to essential pre-read/watch resources. Enjoy!

Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability [CVE-2025-48932]

https://karmainsecurity.com/KIS-2025-06

(Also an XSS @ KIS-2025-05, CVE-2025-48933)

Interview with Senior DevOps engineer 2025

https://youtu.be/rXPpkzdS-q4

Programmers are Also Human is usually great, but this one is just hysterical xD

I'm happy to announce that HyperDbg v0.14 is released!

This version includes HyperEvade (beta preview), fixes Win11 24H2 compatibility issues & adds multiple timing functions to the script engine (Special thanks to @0Xiphorus )

Check it out: https://github.com/HyperDbg/HyperDbg/releases/tag/v0.14

More info on HyperEvade: https://github.com/HyperDbg/slides/blob/main/2025/DEBT2025/hyperevade-ecoop2025-debt.pdf

Microsleep function:
https://docs.hyperdbg.org/commands/scripting-language/functions/timings/microsleep

and RDTSC/RDTSCP:
https://docs.hyperdbg.org/commands/scripting-language/functions/timings/rdtsc

https://docs.hyperdbg.org/commands/scripting-language/functions/timings/rdtscp

Thanks to Tara for making this painting for us (it's not AI-generated).

[RSS] The Guest Who Could: Exploiting LPE in VMWare Tools

https://swarm.ptsecurity.com/the-guest-who-could-exploiting-lpe-in-vmware-tools/

CVE-2025-22230 CVE-2025-22247

Bloomberg Comdb2 vulnerability reports by Cisco Talos (via @talosvulns ):

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2201
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2200
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2199
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198

CVE-2025-35966 CVE-2025-36512 CVE-2025-48498 CVE-2025-46354

@buherator Thanks!

The new fuzzer is live and found two JIT crashes, so it's met the goal of being better than an idle core in practice :)

https://github.com/devdanzin/lafleur/

[RSS] How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance

https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

CVE-2025-34140 CVE-2025-34141 CVE-2025-34142 CVE-2025-34143

[RSS] Reverse Engineering Security Products: Developing an Advanced Tamper Tradecraft (BHMEA24 slides)

https://github.com/emcalv/BlackHat-MEA-2024-slides/blob/main/BH%20MEA%202024%20-%20Reverse%20Engineering%20of%20Security%20Products_%20Defender.pdf

Shared the PoC with @mkolsek few days ago, the same one I gave to microsoft. Unlike microsoft however, they not only verified the issue within days but refined it demonstrating that ANY domain user can crash a fully patched windows 2025 server as of now.
https://bird.makeup/users/0patch/statuses/1947674442772910437

Student suspended over suspected use of #PHP

#FromTheArchives

https://www.bbspot.com/news/2000/6/php_suspend.html

In memory of Ozzy Osbourne, we replay our review of Technical Ecstasy, an often overlooked album from his era of Black Sabbath that is among our favorites at CatSynth. We extend our thoughts to his family, friends, and colleagues 😿
https://youtu.be/vklyJuPbilY

Banana ozzy deployed to usher gk through a period of mourning

I am excited to share this new single-header C library I have been working on for a while now: vecmath.h, a comprehensive vector/matrix math library for graphics/games/3d.
It allows you to write vector math code in C that looks like this:

I don't know which update specifically, but in a recent update of 24H2 it looks like the Win32k system call table is protected by Kernel Data Protection (read-only SLAT entry)! I believe CI!g_CiOptions and msseccore's SecKdpSe PE section were the only things using it before.

Windows is one massive (private) Git repo.

When I was at MS, the Windows Source had around ~3k PRs a day!

Regular Git didn’t scale to those levels at the time.

Internally there was a progression from Git -> GVFS -> Scalar -> merge back to Git. Here's how it worked:

"35% of the US stock market is held up by five or six companies buying GPUs."

Ed Zitron, The Hater's Guide to the AI Bubble

https://www.wheresyoured.at/the-haters-gui/

[RSS] Quick-Skoping through Netskope SWG Tenants - CVE-2024-7401

Marketing domain -> check!

https://quickskope.com/

[RSS] Ruckus Unleashed: Multiple vulnerabilities exploited

CVE-2025-46116 CVE-2025-46117 CVE-2025-46118 CVE-2025-46119 CVE-2025-46120 CVE-2025-46121 CVE-2025-46122 CVE-2025-46123

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/

[RSS] Miggo Security%27s AI Slop & Potential Trademark Infringement

https://jericho.blog/2025/07/21/miggo-securitys-ai-slop-potential-trademark-infringement/