As I wrote elsewhere: I never met a hacker more hacker than gera, and never will..

I am glad to finally see his Phrack Prophile published in #72

It shows just a tiny portion of his awesomeness, the full spectrum would probably fill a book.
I am fortunate to have met him and shared numerous adventures with him over the past 35 years or so..

Read his prophile here
https://phrack.org/issues/72/2#article

-=[ PHRACK PROPHILE ON Gera ]=-

https://phrack.org/issues/72/2#article

That’s the whole post…

Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 https://www.phrack.org

#phrackat40 #phrack72

Can You Write A Web Server in PURE BASH?! (no socat, no netcat, no external tools) 🍿

https://www.youtube.com/watch?v=L967hYylZuc

📣 Introducing the IDA Domain API: a new open-source Python API that makes scripting in IDA simpler and more consistent.
https://hex-rays.com/blog/introducing-the-ida-domain-api

@arstechnica

T-Mobile claimed selling location data without consent is legal—judges disagree
T-Mobile can't overturn $92 million fine; AT&T and Verizon verdicts still to come.
https://arstechnica.com/tech-policy/2025/08/t-mobile-claimed-selling-location-data-without-consent-is-legal-judges-disagree/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

I reverse engineered Lockbit's Linux ESXi variant, also explaining how I did some of the steps! For the fun of it, cause reverse engineering is lots of fun. Enjoy! https://hackandcheese.com/posts/blog1_lockbit/

👀
https://social.anoxinon.de/@Codeberg/115033790447125787

CVE ID: CVE-2025-54948
Vendor: Trend Micro
Product: Apex One
Date Added: 2025-08-18
Notes: https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-54948

New Project Zero issue:

Linux >=6.4: epoll: UAF via race between ep_eventpoll_release() and eventpoll_release_file() because mutex_unlock() is not ownership-drop-safe

https://project-zero.issues.chromium.org/issues/430541637

CVE-2025-38349

ECC.fail: Mounting Rowhammer Attacks on DDR4 Servers with ECC Memory

https://ecc.fail/

Teachning stones to remember things was a mistake.

[RSS] A Fuzzy Escape - A tale of vulnerability research on hypervisors

https://bughunters.google.com/blog/5800341475819520/a-fuzzy-escape-a-tale-of-vulnerability-research-on-hypervisors

Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is.

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

Elastic Response to Blog ‘EDR 0-Day Vulnerability’

https://discuss.elastic.co/t/elastic-response-to-blog-edr-0-day-vulnerability/381093

"The reports lacked evidence of reproducible exploits. Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so."

The FBI has published an evergreen advisory warning about cryptocurrency recovery scammers lurking everywhere. The minute you mention online that you might have lost money to a crypto scam, you will be flooded with come-ons from "recovery experts" who hold out the unlikely promise of recovering your funds -- for a fee.

These scammers prey on people who are understandably frantic after having just suffered a potentially life-altering financial loss, and are desperate for a quick solution. Far too many people who get burned by crypto get victimized a second time by these charlatans. I probably delete a dozen or more comments each week from my blog that are left by these dirtballs.

https://www.ic3.gov/PSA/2025/PSA250813

@bert_hubert I imagine hearings to go like this: https://www.youtube.com/watch?v=BKorP55Aqvg

In the context of the Chatcontrol attempt to get Americans to scan our photos with AI so we can be reported to Europol, the EU has even bigger plans in this direction. And they are honestly (I am told) asking for experts to advise them on these plans. You can apply until September 1st to be part of the expert group:
https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/

@loke @bagder Bug bounty absolutely has perverse incentives, and even I'm not sure if my previous idea can be realistically implemented in this context. It's just an idea and maybe something to ponder on case anyone is facing a similar dilemma.

A fascinating story about a #DoS #vulnerability in the Expat #XML parser

#Recursion kills: The story behind CVE-2024-8176 / #Expat 2.7.0 released, includes security fixes

https://blog.hartwork.org/posts/expat-2-7-0-released/