[RSS] How to write dnSpy extension

https://kant2002.github.io/en/dotnet/2025/10/02/dnspy-extension.html

@tmr232 See also Anthropics latest about putting an MCP in your MCP, aka. "innovation, bitches!": https://www.anthropic.com/engineering/code-execution-with-mcp

@tmr232 @joxean Infact I'm playing with it rn because tree-sitter query CLI doesn't seem to support structured output...

@joxean Oh OK, I'm still learning, but this usually accumulates in some tips&tricks so I'll keep that in mind!

@joxean https://www.youtube.com/watch?v=lKOYbzrTKvM

@joxean write about what exactly? :)

On the other hand ast-grep's pattern/rule syntax is **not** compatible with Semgrep's :(

I almost got brain aneurysm thinking that the query syntax of tree-sitter and ast-grep differ.

Fortunately that's not the case, but - contrary to Internet wisdom - query syntax is not compatible between languages (parsers).

Also, ast-grep's Playground is insanely useful:

https://ast-grep.github.io/playground.html

[RSS] One-Click Memory Corruption in Alibaba's UC Browser: Exploiting patch-gap V8 vulnerabilities to steal your data

https://www.interruptlabs.co.uk/articles/one-click-memory-corruption-in-alibabas-uc-browser-exploiting-patch-gap-v8-vulnerabilities-to-steal-your-data

‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.

Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.

@joern Right, that's why I xposted quickly from the other site while on the bus :) boosted your post now!

I found a thing (RCE) in langgraph. ;D

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5

RCE in "json" mode of JsonPlusSerializer · Advisory · langchain-ai/langgraph · GitHub
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5

The Louvre's Video Surveillance Password Was 'Louvre' https://yro.slashdot.org/story/25/11/05/238245/the-louvres-video-surveillance-password-was-louvre?utm_source=rss1.0mainlinkanon

Kaitai Struct: A Tool For Dealing With Binary Formats - Petr Pucil & Mikhail Yakshin

https://www.youtube.com/watch?v=SC2zIli8MNA

#hacklu2025

"An eBPF Loophole: Using XDP for Egress Traffic" https://loopholelabs.io/blog/xdp-for-egress-traffic

Someone asked me to hand-translate a publicly posted Chinese technical report about NSA shenanigans on the Chinese Center for Time-Keeping network. It took me a while, because it turns out translating technical corporatese from your third language is very hard when chronically sleep deprived, but it is done.

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

#nsa #fiveeyes #opsec #infosec #threatintel

[RSS] Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed

https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/

Python packages are age-shaming my OS :(

Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go:24 https://github.com/golang/go/blob/6425749695130f2032ac9cfdf5407b6a322534db/src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go#L24

func GoSyntax(inst Inst, pc uint64, symname func(uint64) (string, uint64), text io.ReaderAt) string

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=light