Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab

The best resource I could find is this one by @trailofbits:

https://appsec.guide/docs/static-analysis/codeql/advanced/#creating-new-query-packs

@campuscodi I'm really curious if the RXSS will get caught ItW!

https://github.com/v-p-b/xss-reflections

@freddy you needed to use mouse and shit for that. these days you just explain what you want:

https://www.youtube.com/watch?v=JeNS1ZNHQs8

"DiaSymbolView is a tool for visually inspecting debug information recorded in .pdb files. It relies on MSDIA API and presents a hierarchy of debug symbols and their 200+ properties."

https://github.com/diversenok/DiaSymbolView

#fromBsky

@freddy You mean Claude? :)

I bet I can use Atomic Rockets to calculate the kinetic energy of an IBM PS/2 Model 80 dropped from low orbit

Making .NET Serialization Gadgets by Hand https://www.vulncheck.com/blog/making-dotnet-gadgets

@freezr @GustavinoBevilacqua On the bright side seeing "AI" and "quantum" in the same post is a great way to identify complete fools on LinkedIn.

@aleksorsist By total coincidence, I have this tab open: https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/ :)

@GustavinoBevilacqua I guess they will figure out a way to squeeze a bunch of Nvidia chips in there too. The line must go up!

LibAFL 0.15.4 has just been released 🎉

Of the 30 Contributers for this release, almost half are new faces <3

https://github.com/AFLplusplus/LibAFL/releases/tag/0.15.4

#Fuzzing #LibAFL #AFLplusplus

The open-source FFmpeg project, used by companies like Google for multimedia processing, urged Google to fund its volunteer developers. FFmpeg is overwhelmed by bugs reported by Google's AI security tools and lacks resources to fix them quickly. https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/

⏫ After many many years, we upgrade our QEMU fork!

Goodby libptc, welcome libtcg!

Here you can find a summary of the improvements this brings: https://github.com/revng/revng/commit/1429b526abcc65d5cdd04d6f5608b916e4e20d1b

Moreover, we can now support Hexagon, RISC-V and Loongarch.

Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/

TIL about #git subtree split

https://git-memo.readthedocs.io/en/latest/subtree.html

Our Java stacktrace fingerprinting database finally got a long overdue update. Enjoy!
https://x41-dsec.de/security/research/news/2025/11/12/x41-beanstack-update/

Best commit message: https://github.com/torvalds/linux/commit/f076ef44a44d02ed91543f820c14c2c7dff53716

This is a reminder to everyone that security is more than just memory safety. https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10

#rust #vulnerability #sudo_rs

Hackers abuse #Triofox #antivirus feature to deploy remote access tools

https://www.bleepingcomputer.com/news/security/hackers-abuse-triofox-antivirus-feature-to-deploy-remote-access-tools/

#cybersecurity #cybercrime