New blog post:
In which I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814.
https://vladdba.com/2025/08/29/poc-sql-injection-sql-server-2022-cu20-gdr-kb5063814/
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #security #sqli #sqlinjection

fursuits per digital signature

Gemini suggested JSON Type Definitions and jdt-codegen, that looks really good! Unfortunately it doesn't support C/C++, but maybe we can do with linking against Rust libraries?

https://jsontypedef.com/docs/implementations/

@joepie91 Kaitai would be useful for creating another JSON parser. What I'm looking for is something that spares me the trouble of validating against a schema and producing e.g. strongly typed objects in Java (instead of a bunch of JSONValue's).

What kind of tool do I use if I want to automatically generate code in multiple languages for parsing text conforming a (e.g. JSON) schema to objects/structs, based on a given schema?

I already found a bunch of JSON schema validators, but I also want my text->typed object code to be fully generated.

#programming

A quick reminder: dueling URL parsers is a path to pain and sorrow.

(blogged two years ago)

https://daniel.haxx.se/blog/2022/01/10/dont-mix-url-parsers/

Cache Me If You Can (Sitecore Experience Platform Cache Poisoning to RCE)

https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/

CVE-2025-34509 CVE-2025-34510 CVE-2025-34511

Rage Against the Authentication State Machine

https://blog.silentsignal.eu/2025/06/14/gitblit-cve-CVE-2024-28080/

Beautiful authentication bypass in Gitblit from my old friends at @silentsignal !

CVE-2024-28080

@ahihi "Sorry I can't hear you over the sound of my CRT monitor buzzing!"

Making Minecraft Spherical https://www.bowerbyte.com/posts/blocky-planet/

[RSS] exploits.club Weekly Newsletter 84 - Stealing Exploits, Competition Misconfigs, Android Physical Memory, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-84-stealing-exploits-competition-misconfigs-android-physical-memory-and-more/

Police are investigating a murder-suicide in what appears to be the first documented murder involving someone who engaged extensively with an AI chatbot (Wall Street Journal)

https://www.wsj.com/tech/ai/chatgpt-ai-stein-erik-soelberg-murder-suicide-6b67dbfb?st=Hp4Ajw&reflink=desktopwebshare_permalink
http://www.techmeme.com/250829/p3#a250829p3

The public data torrent server has been running reliably for days now, distributing data worldwide that was deleted by the orange clown regime.

Learn more: https://lydie.cc/data.html

RESIST!!!!

#resist #fascism #datahoarder #digitalpreservation #archive

Serious question regarding LLMs.

I have been trying to train a model specifically for one thing: helping me with #OpenBSD PF¹ configurations.

Using a Jolla Mind2², which uses llama, I have uploaded the PDF of "The Book of PF (3rd Edition)" (by @pitrh) and the PDFs of the various presentations given on PF.

Then I tried asking some questions and, well, the bit which I find incredibly puzzling is that it gets the answer right (for some basic configurations) but the notation is wrong! As some presentations / book pages use, for example, the -> character, then the LLM uses that for direction in a PF rule so you get

pass on egress from any -> egress:0 port 80

which is really puzzling.

Note that, in my little mind, having constrained the data set to what I imagine was the best data available, I was expecting pretty impressive results but.. no.

Anyone willing to spend a little time to explain why to me? I am really not ranting, I don't want to vibe PF, I just want something help me have better insights or improve my rules by making suggestions based on good data (i.e. not just searching for it).

__
¹ https://www.openbsd.org/faq/pf/
² https://www.jollamind2.com
³ https://nostarch.com/book-of-pf-4th-edition

Looks like #Microsoft Word is taking another step (after oh-so-many) to new depths of depravity. Your Word documents will be saved to the cloud automatically on Windows going forward

Even if you're not up to the full move of jumping to #Linux, at least get #LibreOffice and use Writer instead. Its a word processing program that works 𝘧𝘰𝘳 you, not against. #opensource is the way forward, not this nonsense

https://www.ghacks.net/2025/08/27/your-word-documents-will-be-saved-to-the-cloud-automatically-on-windows-going-forward/

[RSS] Partial Analysis of CVE-2025-38618

https://u1f383.github.io/linux/2025/08/28/partial-analysis-of-CVE-2025-38618.html

@tychotithonus

@tychotithonus Both statements are true but the threat function collapses as you try to exploit the box

Eight years later, I’ve updated my most-starred @github repository with some new @fridadotre scripts, inspired by @spaceraccoonsec's new book “From Day Zero to Zero Day”.

Check it out: https://github.com/0xdea/frida-scripts/

@trou Thanks, fixed in the original!