Well done to this Redditor for explaining Remote Desktop.

Happy birthday to Vim! 🥳

#vim #opensource

A little interactive post on a little error in fuzzer evaluations: https://addisoncrump.info/research/metric-shenanigans/

Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776).

Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access.

The root cause of this bug is the incorrect use of == to match the password hash:

if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )

The fix is to use === for the comparison.

This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability. https://mantisbt.org/download.php

#CVE_2025_47776 #infosec #cybersecurity

Anybody having problems with #Firefox version 144.0.2 with random domains failing due to cookies? An example error with eBay:

Cookie “ds2” has been rejected for invalid domain.
Cookie “ebay” has been rejected for invalid domain.

[RSS] Dubious security vulnerability: Denial of service by loading a very large file

https://devblogs.microsoft.com/oldnewthing/20251027-00/?p=111731

[RSS] exploits.club Weekly Newsletter 91 - Patch-gapping Browsers, Ubuntu LPEs, Bluetooth Int Underflows, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-91-patch-gapping-browsers-ubuntu-lpes-bluetooth-int-underflows-and-more/

My clearest (and slightly frightening) measure of the passage of time is the weekly exploits.club newsletter.

I have released an OpenGraph collector for network shares and my first blogpost at @specterops on the subject!

You can now visualize attack paths to network shares in BloodHound 👀

https://specterops.io/blog/2025/10/30/sharehound-an-opengraph-collector-for-network-shares/

Apply all regulations to the last letter.

@tmr232 This file actually looks useful, thanks! I have a feeling that ppl don't touch this part for a reason 😬

@tmr232 Oh I definitely have to put this on my list, thanks! Still, I can't seem to immediately find data type handling, is that supported?

I completely forgot how horrible IDAPython is...

2 weeks left to drop your talk in the ring. CFP closes Nov 14! https://sessionize.com/reverse-2026

One thing I really appreciate at @kagihq is that they accept feedback - I just found and extended an issue about this:

https://kagifeedback.org/d/8256-missing-street-names/

New post: Abusing macOS tclsh as shellcode loader

https://codecolor.ist/2025/10/31/macos-abuse-tcl-lol/

Happy Halloween 🎃

Why do online maps hide street names?! They literally had one job...

kind of funny that bugs that are communicated to vendors in a way they don't appreciate can result in no CVE being allocated for the vuln(s). while i guess it is bureaucratically legit (or is it?) it makes the CVE system an unreliable source of truth (more news at 11)
https://bird.makeup/users/0xmadvise/statuses/1983893375498776932

Oooh! Crowd Supply has finally posted a link to my talk at Teardown 2025 about trusting silicon: https://www.youtube.com/watch?v=pxQCApAAT0s

@freddy The Machine Spirit only accepts such an invocation if you first offer the sacrifice of debugging.