Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a287e00

sqlite3GetToken

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a287e00.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a287e00.json&colors=light

@aeva oh and I run a script that pulls the UKF Drum & Bass Top 100 playlist every hour and turns it into a cumulative playlist containing everything that's ever been in the top 100 chart.

the official UKF playlist itself deletes all entries and re-adds them every time it's updated, so it all ends up with the same added timestamp and you can't tell what's new, so I made this to get around that issue.

https://open.spotify.com/playlist/3eV8DEw5Sm4dgzEZHy26lI

no external JSON export available on this one unfortunately.

⚒️ FIXED IN iOS and iPadOS 26.1 ⚒️

- 18 bugs in WebKit
- 4 bugs in Model I/O
- 3 bugs in Safari
- 2 bugs in Apple Neural Engine
and 29 other vulnerabilities fixed
https://support.apple.com/en-us/125632

#apple #cybersecurity #infosec #security #ios

That is the goal, yes.

New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩

https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html

Uploaded here -- this is great! 🤩 https://stickertop.art/main/

MIT have also silently, without noting on the pages, started rewriting their website to remove references to their own work. They've also changed the URLs of the pages to remove references.

Left, before: https://archive.ph/SckSr

Right, after: https://mitsloan.mit.edu/ideas-made-to-matter/80-ransomware-attacks-now-use-artificial-intelligence

Here's an example of Google's AI reporting security vulnerabilities in this codec:

https://issuetracker.google.com/issues/440183164

We take security very seriously but at the same time is it really fair that trillion dollar corporations run AI to find security issues on people's hobby code? Then expect volunteers to fix.
https://bird.makeup/users/ffmpeg/statuses/1983949866725437791

Arguably the most brilliant engineer in FFmpeg left because of this. He reverse engineered dozens of codecs by hand as a volunteer.

Then security "researchers" and corporate employees came along repeatedly insisted "critical" security issues were fixed immediately waving their CVEs.

This was hugely demotivating to the fun and enjoyment of reverse engineering.
https://bird.makeup/users/ffmpeg/statuses/1978390935433097310

An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices.

https://www.bleepingcomputer.com/news/microsoft/microsoft-patch-for-wsus-flaw-disabled-windows-server-hotpatching/

This week on #OpenSourceSecurity I talk to @ottok about his blog post about detecting an attack like xz in Debian

It's a fascinating conversation about a very complicated topic

There are things that could be detected, but this one would have been very very difficult

https://opensourcesecurity.io/2025/2025-11-xz-debian-otto/

Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
https://portswigger-labs.net/mxss/

Set HTMLSanitizer ✅
Auto update ✅

I'm trying to break it, I encourage you to break it too

This year Binarly has also expanded their sponsorship to the creation of a new Firmware Security Learning Path! https://ost2.fyi/OST2_LP_FWSEC.pdf

This captures current and future plans for classes involving security in the deep-dark of firmware! But Binarly is starting to give visibility into what's going on there with their binary analysis platform.

It is decided, the final round of #BSidesVienna tickets will be in 7 days from now on Sunday 09.11.2025 at 7 pm. That is 19:00 o'clock Vienna time UTC+1!

CDE (proper CDE) and sysinfo.pl on Tribblix 0m37

Tribblix: http://www.tribblix.org/
sysinfo.pl: https://codeberg.org/int16h/sysinfo-pl

#RetroComputing #Tribblix #UNIX