TIL about Operation Midnight Climax

https://en.wikipedia.org/wiki/Operation_Midnight_Climax

This is a totally valid unit for any CI pipeline!

RE: https://chaos.social/@weirdunits/115020402704312177

[FD] PlayReady Activation protocol issues (weak auth / fake client identities)

https://seclists.org/fulldisclosure/2025/Aug/3

"PlayReady Activation service does not implement real authentication, but
some form of obfuscated identification scheme [...] Arbitrary PlayReady identity can be requested by the client through public API" and more...

this is uh.
something.

perplexity is offering twice its valuation to buy chrome off google?

strong "run the fuck away" vibes
https://arstechnica.com/gadgets/2025/08/perplexity-offers-more-than-twice-its-total-valuation-to-buy-chrome-from-google/

Proud moment. The 40th anniversary @phrack release was a full success. We gave away 12,000 full color 150pg printed zines for free across three different conferences and did the final main stage talk before closing. l covered the history of phrack and did some panel questions.

FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

has anyone ever made a man page viewer which shows you a table of contents for the man page so you can easily navigate through the sections?

(please do not tell me about `info`)

CVE ID: CVE-2025-8088
Vendor: RARLAB
Product: WinRAR
Date Added: 2025-08-12
Notes: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-8088

We've managed to make it through hacker summer camp, and #Microsoft and #Adobe survived enough to deliver their latest security patches. Join @TheDustinChilds as he breaks down another large Patch Tuesday release. https://www.zerodayinitiative.com/blog/2025/8/12/the-august-2025-security-update-review

NEW: Two hackers broke into the computer of a hacker allegedly working for the North Korean spy group known as "Kimsuky."

The hackers then leaked a treasure trove of stolen data, exposing a North Korean spy operation against South Korean targets.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in their Phrack magazine article. “You hack for all the wrong reasons.”

https://techcrunch.com/2025/08/12/hackers-breach-and-expose-a-major-north-korean-spying-operation/

Oh shit it's Patch Tuesday...

Just under three weeks until CFP opens for RE//verse 2026! Submissions open September 1st: https://sessionize.com/reverse-2026

And while you’re at it, snag your ticket early before prices go up: https://shop.binary.ninja/collections/re-verse-admissions-requires-sales-tax/products/re-verse-2026-admission

@borup It's also good to remember that the EU still did nothing to stop this malpractice.

(I'd also argue again that the regulation is bad if malicious actors can abuse it while low-resource ones simply follow the path of least resistance because they lack the required understanding/skills)

#HillsToDieOn

/me @ the How Did This Ever Work?! phase, with the added excitement that the same code in a different script still works

(now that file is a sacred artifact that must be protected by all costs)

Absolutely jaw-dropping talk by Micah Lee on the blinding national-security incompetence at the highest levels of the Trump regime.

https://micahflee.com/we-are-currently-clean-on-opsec-the-signalgate-saga/

If this had been any Democratic govt, Fox "News" and the entire right-wing media gang would make it the top story for weeks, if not months.

Micropatches Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability (CVE-2025-21420)
https://blog.0patch.com/2025/07/micropatches-for-windows-disk-cleanup.html

Micropatches Released for Windows Update Service Elevation of Privilege Vulnerability (CVE-2025-48799) https://blog.0patch.com/2025/08/micropatches-released-for-windows.html

[RSS] Extraction of Synology encrypted archives - Pwn2Own Ireland 2024

https://www.synacktiv.com/en/publications/extraction-of-synology-encrypted-archives-pwn2own-ireland-2024

New assessment for topic: CVE-2025-4678

Topic description: "Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection ..."

"This is a similar RCE like [CVE-2024-12971](https://attackerkb.com/topics/BJe14wkMYS/cve-2024-12971) but now in the `chromium_path`directory settings at the Pandora ITSM application ..."

Link: https://attackerkb.com/assessments/cbac9f7f-798e-424f-a010-48ceada60ff7