CVE-2025-53149: Heap-based buffer overflow in Windows Kernel Streaming https://www.crowdfense.com/cve-2025-53149-windows-ksthunk-heap-overflow/

We built local backdoors for Signal, 1Password & Slack through V8 heap snapshot tampering (CVE-2025-55305).

Method: Replace v8_context_snapshot.bin files with versions that override JavaScript builtins. When apps call Array.isArray(), malicious code executes.
Works because integrity checks ignore these "non-executable" files that actually contain executable JavaScript.

Impact: Nearly every Chromium-based app is vulnerable.
https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/

[RSS] Exploit development for IBM i

https://blog.silentsignal.eu/2025/09/04/Exploit-development-for-IBM-i/

Another one from my old partners in crime, incl. exploit for CVE-2023-30990 #IBMi

Alright Fedi. This is going to be my more far fetched question as of yet.

Do any of you happens to have, lying in a box somewhere, a Photo CD? And if so, would you be willing to part with it?

Just to clear any possible confusion, I’m specifically looking for a disc in the Photo CD format, not a CD-R on which pictures have been stored as files. Here is the article on the subject: https://en.wikipedia.org/wiki/Photo_CD.

Boosts are appreciated, as my search has not been fruitful this far.

[RSS] Analysis of CVE-2025-37756, an UAF Vulnerability in Linux KTLS

https://u1f383.github.io/linux/2025/09/03/analysis-of-CVE-2025-37756-an-uaf-vulnerability-in-linux-ktls.html

[RSS] Secondary Context Path Traversal in Omnissa Workspace ONE UEM

https://slcyber.io/assetnote-security-research-center/secondary-context-path-traversal-in-omnissa-workspace-one-uem/

After a decade of neglect, ELF object file specification is being maintained again
https://groups.google.com/g/generic-abi/c/doY6WIIPqhU Updated my notes https://maskray.me/blog/2024-01-14-exploring-object-file-formats
Cary is maintaining both DWARF and ELF :)

And as they drifted up, their minds sang with the ecstatic knowledge that either what they were doing was completely and utterly and totally impossible or that physics had a lot of catching up to do.

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 008ff630

setlocale

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F008ff630.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F008ff630.json&colors=light

📢 It's here! Part two of Norbert Szetei's (@sine) research into ksmbd. See how customized fuzzing & selecting the right sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.

https://blog.doyensec.com/2025/09/02/ksmbd-2.html
#doyensec #appsec #security #fuzzing

[RSS] Dubious security vulnerability: Remembering passwords for recently-opened ZIP files

https://devblogs.microsoft.com/oldnewthing/20250902-00/?p=111544

[RSS] Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel

https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/

@gsuberland

@GossiTheDog @MisuseCase Ahh I see thx!

@MisuseCase np, I tried to address @GossiTheDog anyway :)

@GossiTheDog @MisuseCase I mean CTXS stock

@GossiTheDog @MisuseCase Neat! It'd be cool to show threats drive down product use predictably! Stocks on the other hand seem pretty stable, so I still don't know what this all tells about the market...

@MisuseCase @GossiTheDog I also think this is the true cause of the decline, vulns probably just correlate (evidence: every other product with frequent ItW vulns)

@sir_pepe TIL thanks! I'll have to check the availability in Kaitai...

@sir_pepe 64-bit integers when?