One of the most effective security controls you can ever invest in, is a decent work computer for your employees.

Yep, it’s a bit more cash up front to get a bit more RAM or a bit more CPU poke, but your job in IT/Security is to get people the gear they need to do their jobs without thinking ‘this would be quicker if I used….’

Because we all know what happens when your VP of Finance decides to prep the W2’s on their kids Alienware gaming desktop full of Minecraft plugins downloaded from every corner of the internet.

#infosec

@TarkabarkaHolgy I've recently recognized a phenomenon that could be called "Dad Brain Syndrome" meaning that you can and will fall asleep given that no immediate family members are around.

Parenting is a hell of a drug!

At long last - Phrack 72 has been released online for your reading pleasure!

Check it out: https://phrack.org/

-=[ PHRACK PROPHILE ON Gera ]=-

https://phrack.org/issues/72/2#article

That’s the whole post…

Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 https://www.phrack.org

#phrackat40 #phrack72

Can You Write A Web Server in PURE BASH?! (no socat, no netcat, no external tools) 🍿

https://www.youtube.com/watch?v=L967hYylZuc

📣 Introducing the IDA Domain API: a new open-source Python API that makes scripting in IDA simpler and more consistent.
https://hex-rays.com/blog/introducing-the-ida-domain-api

@arstechnica

T-Mobile claimed selling location data without consent is legal—judges disagree
T-Mobile can't overturn $92 million fine; AT&T and Verizon verdicts still to come.
https://arstechnica.com/tech-policy/2025/08/t-mobile-claimed-selling-location-data-without-consent-is-legal-judges-disagree/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

I reverse engineered Lockbit's Linux ESXi variant, also explaining how I did some of the steps! For the fun of it, cause reverse engineering is lots of fun. Enjoy! https://hackandcheese.com/posts/blog1_lockbit/

👀
https://social.anoxinon.de/@Codeberg/115033790447125787

CVE ID: CVE-2025-54948
Vendor: Trend Micro
Product: Apex One
Date Added: 2025-08-18
Notes: https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-54948

New Project Zero issue:

Linux >=6.4: epoll: UAF via race between ep_eventpoll_release() and eventpoll_release_file() because mutex_unlock() is not ownership-drop-safe

https://project-zero.issues.chromium.org/issues/430541637

CVE-2025-38349

ECC.fail: Mounting Rowhammer Attacks on DDR4 Servers with ECC Memory

https://ecc.fail/

Teachning stones to remember things was a mistake.

[RSS] A Fuzzy Escape - A tale of vulnerability research on hypervisors

https://bughunters.google.com/blog/5800341475819520/a-fuzzy-escape-a-tale-of-vulnerability-research-on-hypervisors

Elastic Response to Blog ‘EDR 0-Day Vulnerability’

https://discuss.elastic.co/t/elastic-response-to-blog-edr-0-day-vulnerability/381093

"The reports lacked evidence of reproducible exploits. Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so."

The FBI has published an evergreen advisory warning about cryptocurrency recovery scammers lurking everywhere. The minute you mention online that you might have lost money to a crypto scam, you will be flooded with come-ons from "recovery experts" who hold out the unlikely promise of recovering your funds -- for a fee.

These scammers prey on people who are understandably frantic after having just suffered a potentially life-altering financial loss, and are desperate for a quick solution. Far too many people who get burned by crypto get victimized a second time by these charlatans. I probably delete a dozen or more comments each week from my blog that are left by these dirtballs.

https://www.ic3.gov/PSA/2025/PSA250813

@bert_hubert I imagine hearings to go like this: https://www.youtube.com/watch?v=BKorP55Aqvg

In the context of the Chatcontrol attempt to get Americans to scan our photos with AI so we can be reported to Europol, the EU has even bigger plans in this direction. And they are honestly (I am told) asking for experts to advise them on these plans. You can apply until September 1st to be part of the expert group:
https://berthub.eu/articles/posts/possible-end-to-end-to-end-come-help/

@loke @bagder Bug bounty absolutely has perverse incentives, and even I'm not sure if my previous idea can be realistically implemented in this context. It's just an idea and maybe something to ponder on case anyone is facing a similar dilemma.