@mttaggart @cR0w Business idea:
1) Get some VC money for AI
2) Spend 10% on your salary, so you are set for life
3) Spend 89.9% of it on marketing
4) Spend 0.1% on a script that "predicts" you'll get phished, remote access boxed will be popped, etc. and advice to implement the usual boring remediations ("patch your shit", "MFA", ...) . Now that The AI predicted it, maybe they'll be implemented too!

Win-win!

Didn't somebody recently ask me what the Sanitizer API status is? Well anyway, it's in Firefox Nightly for testing now.

TLDR:
```diff
- foo.innerHTML = DOMPurify.sanitize(untrusted);
+ foo.setHTML(untrusted);
```

Download on https://nightly.mozilla.org

🚨 New advisory was just published! 🚨

A Local Privilege Escalation vulnerability was found in Ubuntu, caused by a refcount imbalance in the af_unix subsystem.
This vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place:
https://ssd-disclosure.com/lpe-via-refcount-imbalance-in-the-af_unix-of-ubuntus-kernel/

#Brida 0.6 is here! The bridge between #BurpSuite and #Frida is now fully compatible with Frida 17+.

As of this release, Brida 0.6 supports only Frida 17 and later. For users who still rely on older Frida versions, Brida 0.6pre remains available on GitHub.

Get the latest release here:
https://hnsecurity.it/blog/brida-0-6-released/

Coming soon to the PortSwigger BApp Store (pending approval).

Kudos to our @apps3c for keeping this essential integration tool up to date with Frida's fast-evolving ecosystem!

@csepp From the sellers perspective: if you have the place you probably have the money too!

WSO2 #2: The many ways to bypass authentication in WSO2 products (CVE-2025-9152, CVE-2025-10611, CVE-2025-9804) https://crnkovic.dev/wso2-the-authentication-bypasses/

[RSS] Paint it blue: Attacking the bluetooth stack

https://www.synacktiv.com/publications/paint-it-blue-attacking-the-bluetooth-stack.html

[RSS] Windows ARM64 Internals: Exception & Privilege Model, Virtual Memory Management, and Windows under Virtualization Host Extensions (VHE)

https://connormcgarr.github.io/arm64-windows-internals-basics/

Fuzzing pyhacl (https://codeberg.org/drlazor8/pyhacl), a package of Cython bindings for HACL* (the High Assurance Cryptographic Library), with fusil we only found one crash.

It turned out to actually be a silly bug in #Cython:

Issue: https://github.com/cython/cython/issues/7263

Fix: https://github.com/cython/cython/pull/7264

Goes to show how fuzzing a C-extension can uncover crashes in many different layers.

Thanks @drlazor8 for taking up the call for C-extensions maintainers to fuzz their code.

#fusil #Python #pyhacl #hacl #fuzzing #fuzzer

@Yuvalne Thank you!

@Yuvalne Can you maybe point me to a forum thread with technical details (what did Signal do/see, that sort of thing) about the failover/recovery?

@Yuvalne @Mer__edith Oh I didn't realize that was happening as Signal recovered at about the same pace as AWS did (also status page shows a binary value so it's hard to tell the overall state)! Thanks!

@Mer__edith Then did your failover fail? Would you be able to handle a similar event in the future based on lessons learned or are there technical constraints to survive DynamoDB going dark?

We've officially had our 31337th student join at OST2! We're waiting to hear back to see if the lucky registrant wants to be publicly lauded for their random achievement or not ;)

@Mer__edith How about multi-cloud? Like if AWS fails direct traffic towards GCP (but who directs the traffic ik...)? Do you do this? Is it possible in your case?

The question isn’t "why does Signal use AWS?" It’s to look at the infrastructural requirements of any global, real-time, mass comms platform and ask how it is that we got to a place where there’s no realistic alternative to AWS and the other hyperscalers. 3/

I’ve uploaded the slides and added the links to the videos of the two presentations i did at #r2con2025

* TocTouMaps https://github.com/radareorg/r2con2025/tree/main/TocTouMaps
* VibeReversing https://github.com/radareorg/r2con2025/tree/main/VibeReversing

@dey but it's so good to be finally back to winter time (brighter mornings)!

COM to the Darkside - Slides and resources from MCTTP 2025 Talk by Dylan Tran (d_tranman) and Jimmy Bayne (@bohops)

https://github.com/bohops/COM-to-the-Darkside