Neat game glitch explanation: Why signed integers lead to flirting with dogs

https://www.youtube.com/watch?v=ADenqrgMUgA

Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers.

Data is not oil. It's risk.

@timb_machine Aegis even forces you to export/backup periodically

[RSS] CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

https://www.thezdi.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability

@amethyst My best guess is Savaged by Systemd must have something to do with it.

@bert_hubert oooh do you happen to know what OS it runs on?

You know those non-vulnerabilities that companies get forced to fix for compliance reasons? I've found a full bypass for a common patch strategy. I'm half-tempted to keep it secret for the greater good 😂

@albinowax the value of such deed is greatly underestimated, thank you!

At DistrictCon's inaugural Junkyard competition, we achieved full remote execution on two popular home network devices: a Netgear WGR614v9 router and BitDefender Box V1 security appliance.

Our exploitation techniques included chaining four buffer overflow vulnerabilities with authentication bypass on the router, plus a novel "bashsledding" ROP technique that sprays shell commands into NVRAM for reliable code execution.

Read the blog: https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00598f60

ossl_ec_GFp_simple_ladder_post

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00598f60.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00598f60.json&colors=light

If you're looking at this thinking 'wait, CVE-2025-6543 is a denial of service vuln?', it's not - it turns out Citrix knew orgs were getting shelled but chose to not tell the public. The implants persist after patching.

today's interesting website: running https on port 3, just so the URL has :3 in it

https://silliest.website:3/

@janeishly @mttaggart by translation I mean the level of G translate&co, that we know from practice are useful. They shouldn't be used to translate e.g. full books of course.

[RSS] Security Bulletin: IBM i is vulnerable to a privilege escalation due to an invalid database authority check [CVE-2025-33109].

https://www.ibm.com/support/pages/node/7240410?myns=swgother&mynp=OCSWG60&mynp=OCSSKWKM&mynp=OCSSC5L9&mynp=OCSSTS2D&mynp=OCSS9QQS&mynp=OCSSB23CE&mync=A&cm_sp=swgother-_-OCSWG60-OCSSKWKM-OCSSC5L9-OCSSTS2D-OCSS9QQS-OCSSB23CE-_-A

[RSS] New Binary Ninja release: 5.1 Helion

https://binary.ninja/2025/07/24/5.1-helion.html

[RSS] exploits.club Weekly Newsletter 80 - ITW Windows Bugs, Deterministic iOS Exploits, Pwn2Own Firefox Vulns, and More

https://blog.exploits.club/exploits-club-weekly-newsletter-80-itw-windows-bugs-deterministic-ios-exploits-pwn2own-firefox-vulns-and-more/

[RSS] Micropatches Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability (CVE-2025-21420)

https://blog.0patch.com/2025/07/micropatches-for-windows-disk-cleanup.html

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0091ec00

_dl_relocate_object

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0091ec00.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0091ec00.json&colors=light

🛠️ RIFT just got an upgrade!
Now supports FLIRT signature generation on Linux 🐧
Perfect for reverse engineering Rust malware 🦀
🔗 https://github.com/microsoft/RIFT
#DFIR #ReverseEngineering #RustLang #FLIRT #MalwareAnalysis