@lcamtuf I'd choose that any day instead of Copilot

I'm really curious how libtiff is embedded in Windows so that CVE-2016-9535 could apparently lead to RCE in 2025

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-9535

@sassdawe Sorry, I need more coffee...

@sassdawe "What threat?" -> The CVE-2025-47827 Secure Boot bypass is marked as exploited itw, but I'm not sure how that relates to Lenovo.

RE: https://mastodon.social/@ratemy8k/115378205898848550

F5 popped.

Stats:
- Rewrite done in 45 mins (incl. coffee)
- LoC 200 -> 110
- Complexity ~halved (two-pass -> single-pass processing)
- I actually know what the code does

#DEFCON Creators alert!

The #DEFCONSIngapore Call For Creators is open! Got an idea for a Contest, Village or Community you'd like to see at DEF CON Singapore? Get your submission in and let's work together to bring your ideas to life. The info you need is here:

https://forms.cloud.microsoft/r/eQgGJPVffy

Let's make something amazing!

I think it was @david_chisnall who pointed out earlier that coding LLM's will become much less useful when we stop doing (expensive) training to keep up with breaking changes in API's.

Well, I just spent two hours trying to fix some code that was buggy because the API changed less than a year ago and came to the decision of reading the F manual and write that 200 LoC myself.

(to be fair, I think this would work if the LLM had access to a complier and runtime)

[RSS] The October 2025 Security Update Review [by ZDI]

https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review

🚀 New Sysinternals updates just dropped!
ZoomIt now supports image smoothing for crisper visuals
ProcDump for Linux adds restracking - no triggers needed

Grab the latest tools at http://sysinternals.com.

See what's new on the Sysinternals Blog: https://techcommunity.microsoft.com/blog/sysinternals-blog/zoomit-v9-10-procdump-3-5-for-linux-and-jcd-1-0-1/4461244

[RSS] Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers

http://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec

TERM

https://wizardzines.com/comics/term/

(from The Secret Rules of the Terminal, out now! https://wizardzines.com/zines/terminal)

Wow

https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/

a case where you use LIEF to patch an Android .so :)

to read when you're fully awake.

#Android #LIEF #Frida #hook #JNI

\m/ dnet just released v0.6 of androsphinx, a v2.0 compatible #android client for the #sphinx #passwordmanager! \o/

you ask, wtf sphinx? check out: https://sphinx.pm

get the android client here: https://github.com/dnet/androsphinx/releases/tag/v0.6

ChkTag: x86 Memory Safety

https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/ChkTag-x86-Memory-Safety/post/1721490

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves

https://arxiv.org/pdf/2510.09272

#fromTwitter

@sassdawe and state of the art EDRs like CrowdStrike! :)

The end of an era.

If you don’t know what Tavis (and the P0) has contributed to and changed the vulnerability research community, let me give you just an example: if not because of Tavis and P0, we’d be still waiting 6 or 12 months to get a Windows or Office bug patched.
https://bird.makeup/users/taviso/statuses/1976724463103426860