A watchTowr post is always a nice thing on a Friday. This one is about Dell UnityVSA ( CVE-2025-36604 ).
Everyone thought the “hedged” mode of ML-DSA (Dilithium) fixed fault attacks. New research presented at CHES shows that’s not the case. A "fault then correct" trick still works.
We break it down in our latest Expert Review. ➡️ https://eshard.com/posts/expert-review-6-dilithium-dis-faulting
BANDCAMP FRIDAY ALERT https://isitbandcampfriday.com
Full price of music to musicians today on bandcamp, no platform cut
> You can make webapps without WebAssembly, without ECMAScript, or even without CSS. But you absolutely need HTML
You don't actually need HTML to make a webapp, even an interactive one. HTTP, CSS, and Firefox is enough.
Try this on Firefox: https://lyra.horse/fun/tic-tac-nohtml/
View-source for that page should give you an empty 0b file.
(and you can't argue about the browser creating a DOM anyways, because in that case you cannot have a webapp without CSS since the browser always applies its own agent stylesheets)
Heads up to anyone doing #Mobile #ReverseEngineering and #PenetrationTesting: I've just ported my @NowSecure #Frida instrumentation scripts (#iOS and #Android) to Frida 17, which introduced some breaking changes in the API.
The original, battle-tested scripts from 2017 are preserved as release 0.1 for retro compatibility and historical reference.
https://github.com/0xdea/frida-scripts
Happy hacking! 🏴☠️🪐
Fantastic opportunity to work with amazing people! @pietroborrello https://infosec.exchange/@pietroborrello/115305619387518476
This October, the @internetarchive celebrates an extraordinary milestone: 1 trillion web pages preserved & available for access via the #WaybackMachine. We're celebrating in style.
Join us in person or online!
📆 Weds, Oct 22
📍 IN-PERSON: 5–10 PM PT (San Francisco)
💻 VIRTUAL: 7–8 PM PT | 10–11 PM ET
🎟️ Register ➡️ https://blog.archive.org/event/the-web-weve-built-celebrating-1-trillion-web-pages-archived/
Our CFP is open! If you’re working on something exciting, we want to hear from you! Submit your talk for RE//verse 2026: https://sessionize.com/reverse-2026
📢 2nd part of our Black Hat Arsenal talk is out!
Python scripting! 🐍🐍🐍
Since there are some pretty cool people around here, let me reshare this job offer here: We just published the first job posting for the team, I'm allowed to build at Security Research Labs.
I can honestly say, it's been a month full of awesome people, interesting, impactful work and lots of fun and new learnings. If you wanna explore that together and develop something great, feel free to hit me up. Also, if you have any questions, let me know! If you know someone, that would be a great fit for the team, the company and the topic, feel free to send them over :)
Linus Torvalds' bingo on what to not ship in hardware: