SharePoint ToolShell – One Request PreAuth RCE Chain https://blog.viettelcybersecurity.com/sharepoint-toolshell/

New Trail of Bits Tribune: Our AIxCC finals submission, how we exposed critical flaws in Go's built-in parsers that can enable authentication bypass and data exfiltration from production systems, and 14 new security reviews.
Read it here: https://mailchi.mp/trailofbits/trail-of-bits-tribune-july-2025

@soatok A world in which only 2 major payment processors and 2 minor ones exist is simply untenable.

Luckily, there are solutions on the horizon.

In the EU, a payment systems where banks can process payments directly among themselves is now being built, with full deployment in 2026. It's called WERO, at https://wero-wallet.eu/ and it's already partially deployed.

In the US, the federal reserve bank has a program called FedNOW that does much of the same thing. Their home page is https://www.frbservices.org/financial-services/fednow and there's a rather small number of banks already involved.

These two systems - when deployed - are going to shift the decision of who decides if your business can process transactions from those 4 operators to the over 10K banks and payment providers, and that is going to offer a lot of choice.

@slotos @mttaggart thanks, I haven't looked at the implementation details yet. At a higher level I still find the direction of providing a "standard" for integrating llms right.

This is Mastodon and this is why it rocks!

@slotos @mttaggart What's the original wheel?

Modern storage is quite amazing:

I wrote some scripts to clone all public Git repos I've ever bookmarked. The whole thing fits on a pendrive.

"These very typical words are in method and intent exactly like all those ads that tell us that if we don't buy this deodorant or detergent or gadget or whatever, everyone else, even our friends, will despise, mock, and shun us the advertising industry's attack on the fragile self-esteem of millions of people. This using of people's fear to sell them things is destructive and morally disgusting.

The fact that the computer industry and its salesmen and prophets have taken this approach is the best reason in the world for being very skeptical of anything they say. Clever they may be, but they are mostly not to be trusted. What they want above all is not to make a better world, but to join the big list of computer millionaires."

https://paste.sr.ht/~rabbits/1c22b0fa383438d404d3d99ad506c6c6d60c1fd2

On Computers
Growing Without Schooling #29
September 1982
by John Holt.

Here’s an example of a linked Liszt: https://en.wikipedia.org/wiki/Franz_Liszt

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 005bcc30

EVP_CIPHER_CTX_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005bcc30.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F005bcc30.json&colors=light

Every little website is being pushed onto Facebook thanks to the computer illiterate duckheads in UK Parliament. We'll played MPs, people are much more vulnerable on Facebook you cuckwombles 🤬

#uk #OnlineSafetyAct

posix: Fix double-free after allocation failure in regcomp

https://sourceware.org/pipermail/libc-announce/2025/000047.html

This is what it's like publishing research in 2025. I write an extremely popular blog post on EDR bypasses and Google just comes along and steals my search traffic in the most brazen way possible.

Trump thanked the crypto industry for their support at the Genius Act signing ceremony, remarking, “half of you were under arrest for no reason”. He later added, “I got you guys out of so much trouble”.

“They’ve got plenty of cash, and it’s great that you’re on our side.”

#crypto #cryptocurrency #USpolitics #USpol

Right around the time Trump signed the crypto bill, his 52%-owned TMTG company announced it had acquired $2 billion in bitcoin. This makes it the sixth largest BTC treasury company, alongside companies connected to Trump’s sons or Commerce Secretary Howard Lutnick.

@mttaggart I think it's pretty easy to show useful features (e.g.: translation; some search scenarios) and it's hard to outrule there aren't even more possibilities. Whether this all worth the (external) costs is another question of course.

@mttaggart I don't think outright rejection is reasonable, but instead of integration we (once again) should follow the unix philosophy: give me standalone tools with good interfaces, and I'll decide when/how I'll use them together with my other tools. (MCP kind of fits this?)

[RSS] Exploring possible solutions to the inconsistency in how Windows searches case-insensitively for named resources

https://devblogs.microsoft.com/oldnewthing/20250723-00/?p=111403

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a434dcc

ComparePathWithVolumeMap

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a434dcc.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a434dcc.json&colors=light

«Alan Turing Institute scraps diversity drive under pressure from ministers»

Funny change in tune for an institute that was named after a person that was basically killed by the UK government for being gay. 🤷

https://archive.ph/JkOgI#selection-2204.0-2204.1