[RSS] Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers

http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec

TERM

https://wizardzines.com/comics/term/

(from The Secret Rules of the Terminal, out now! https://wizardzines.com/zines/terminal)

Wow

https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/

a case where you use LIEF to patch an Android .so :)

to read when you're fully awake.

#Android #LIEF #Frida #hook #JNI

\m/ dnet just released v0.6 of androsphinx, a v2.0 compatible #android client for the #sphinx #passwordmanager! \o/

you ask, wtf sphinx? check out: https://sphinx.pm

get the android client here: https://github.com/dnet/androsphinx/releases/tag/v0.6

ChkTag: x86 Memory Safety

https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/ChkTag-x86-Memory-Safety/post/1721490

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves

https://arxiv.org/pdf/2510.09272

#fromTwitter

@sassdawe and state of the art EDRs like CrowdStrike! :)

The end of an era.

If you don’t know what Tavis (and the P0) has contributed to and changed the vulnerability research community, let me give you just an example: if not because of Tavis and P0, we’d be still waiting 6 or 12 months to get a Windows or Office bug patched.
https://bird.makeup/users/taviso/statuses/1976724463103426860

@Downwithdan https://www.youtube.com/watch?v=eMJk4y9NGvE

We've just published "Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2" by @raptor, now live on our freshly restyled blog:

https://hnsecurity.it/blog/streamlining-vulnerability-research-with-the-idalib-rust-bindings-for-ida-9-2/

Originally featured last week as a guest post on the @HexRaysSA blog, this article shows how Marco's headless #IDA plugins written in #Rust can be used to scale up #vulnerability research and uncover real-world security issues efficiently.

If you’re into reverse engineering, automation, or vulnerability discovery, this one's a must-read! 💻 🦀

A nice and short blog post about blinding EDR with WFP by my colleague Florian.

"Blinding EDRs: A deep dive into WFP manipulation"

https://blog.scrt.ch/2025/08/25/blinding-edrs-a-deep-dive-into-wfp-manipulation/

This is fundamentally the problem with how C++ is currently taught.

The best way to “unlearn” a negative C++ bias, especially for students, is to look at how Modern C++ is actually done.

Every year, CppCon has a “Back to Basics” Track, which they also upload to youtube. I highly recommend all of them.

Instead of being constrained to “old school” CS teaching logic, it’s a demonstration of fuller, modern capabilities.

[RSS] Securing the Future: Changes to Internet Explorer Mode in Microsoft Edge

https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00867b00

____strtol_l_internal

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00867b00.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00867b00.json&colors=light

@Sempf Oh OK, the TCP-level DDoS protection is obviously secret sauce, so you'll end up in trial&error. My educated guess is that if you are not too aggressive with timings and do proper TCP handshakes (-sT IIRC) you should be fine, and if something triggers than suddenly all your connections will fail so -vvv and keep an eye on logs.

@Sempf why on earth would you nmap a cdn? you won't see the origin ports, and even at the application layer you'd only see the proxy. there may be some L7 proxy trickery or even some TCP level magic that works, but nmap is not the right tool to test those.

RE: https://infosec.exchange/@BleepingComputer/115367382398075001

Another one??

A new breed of analyzers.

And they use AI.

https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/