Hot take: we are boiling the illiteracy frog.

I recently had the opportunity to talk about Evilginx on the Click Here podcast from The Record.

I reflected on the moral considerations surrounding the double-edged nature of developing offensive security tools.

Enjoy the Frankenstein reference 😅

https://therecord.media/evilginx-kuba-gretzky-interview-click-here-podcast

ProTip: A recommendation to enjoy more this year’s #r2con2025 as long as it's 100% online: Gather some friends with drinks and popcorn and watch the stream live together!

All the presentations are recorded, so the speakers will be available in the chat and really appreciate your live feedback in the Telegram/Discord and YouTube channels!

Impressed with the level of compatibility of the new memory-safe C/C++ compiler Fil-C (filcc, fil++; https://fil-c.org/) based on clang. Many libraries and applications that I've tried work under Fil-C without changes, and the exceptions haven't been hard to get working.

I guess Taszk tweaked their RSS a bit and a bunch of Mediatek reports fell into my reader. Some of them are old, these are from 2025:

CVE-2025-20725
CVE-2025-20726
CVE-2025-20727
CVE-2025-20678

https://labs.taszk.io/blog/archives/2025/

Our 2025-2026 internship season has started.

Check out the list of openings and apply for fun and knowledge!

https://blog.quarkslab.com/internship-offers-for-the-2025-2026-season.html

All results from Day One of #Pwn2Own Ireland 2025 can be found at https://www.zerodayinitiative.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results - This will be updated throughout the day with results. #P2OIreland

The QoS of this web server is apparently configured so that it gradually decreases my connections bandwidth so that my downloads ETA doesn't change.

While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer.
▶️ Read the findings and how we got there: https://neodyme.io/en/blog/pwn2own-2024_qhora/

Just received an email from YouTube that they'll soon enable autodubbing on the OctoPrint channel for new and soon also old videos. Hell no, every time I run into this AI shit when watching YouTube I just want to scream, it's THAT bad.

Thankfully, there's a way to opt-out, and I just did that. And if you upload stuff to YouTube, for the love of all that is holy, PLEASE disable that too!

Uncheck Channel Settings > Upload defaults > Advanced Settings > Automatic dubbing

It feels like the major tech companies have followed a Journey of discovering The Hardest Way Possible why quality assurance is so important, gradually ramped up quality assurance, dramatically improved the quality of their software, until the senior engineers who pushed for this retire, and then a guy who thinks he knows everything because he's read both "What They Teach You At Harvard Business School" and "What They Don't Teach You At Harvard Business School" says to himself "why are we paying for all this quality assurance? the quality is clearly fine, we don't need it!"

https://www.theregister.com/2025/10/16/windows_11_update_localhost/

CVE-2025-8078: ZYXEL Remote Code Execution via CLI Command Injection https://rainpwn.blog/blog/cve-2025-8078/

@peter
Just a friendly reminder: the fact that the fediverse survived unaffected is _only_ because it's being run by private individuals, _at their own expense_, physically distributed all over the world.

Running, maintaining and moderating a service like this costs time and/or money.

So please donate to your instance if you can. I know I do. It's not much, but I do what I can.

This is a collective effort.

Want to watch #Pwn2Own but can't make it to Ireland? Join one of the live streams!

Tues 1400 - STAR Labs SG vs Sonos Era 300
https://youtube.com/live/3oAs5hzH9zE

Wed 1400 - SummoningTeam vs Samsung Galaxy
https://youtube.com/live/LuzHcXruJF4

1600 - Qrious Secure vs Samsung Galaxy
https://youtube.com/live/DYjWzgS2JXg

Thur 1030 - Interrupt Labs vs Samsung Galaxy
https://youtube.com/live/pFPhdBcyykI

1500 Team Z3 vs WhatsApp
https://youtube.com/live/hM3z_5yT3Os

AWS goes down. Takes down UK Gov login gateway, including HMRC login. What kind of brain-dead idiot decided to base a key government gateway on an overseas cloud service ??

#aws #hmrc #ukgov

Honestly, WTF Microsoft. https://hawktrace.com/blog/CVE-2025-59287

New vulnerability report from Talos:

Truffle Security Co. TruffleHog git arbitrary code execution vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2243

CVE-2025-41390

ICYMI (story broke late Friday evening): A judge has ordered NSO Group to stop targeting WhatsApp users.

At the same time the judge reduced the damages the spyware maker had to pay to WhatsApp from $167 million to $4M, becasue there was no evidence NSO’s behavior was “particularly egregious."

http://techcrunch.com/2025/10/18/spyware-maker-nso-group-blocked-from-whatsapp/

@tychotithonus As I see "this other thing" usually doesn't break everything. But if it breaks DNS, everything breaks, so DNS has a significance IMO, esp. because people often overlook this component.

nl-laundry-1 still meeting its nine fives sla this morning.