... what makes this esp. frustrating is that the code is _right there_ in the current virtualenv, but oh no, let's make those servers in us-east-1 work, we gotta pump those CO2 numbers up!

#python #uv

@algernon lol, IMO this verges on the edge of obfuscation but fulfills my criteria :D

The lesson for today is that you must always give your code weird ass names because tools tend to go online and fetch something completely unrelated if they can find the name :P

New Project Zero issue:

Windows: Administrator Protection RAiLaunchAdminProcess Application Name EoP

https://project-zero.issues.chromium.org/issues/437291456

CVE-2025-60718

Reversing public #security advisories has been a lot of fun lately. Here's an exploit I've built for CVE-2025-9501 that potentially affects 1+ million #WordPress installations:

https://www.rcesecurity.com/2025/11/exploiting-a-pre-auth-rce-in-w3-total-cache-for-wordpress-cve-2025-9501/

@david_chisnall @j Wait people refuse to use services if they don't have *stickers*??

When Updates Backfire: RCE in Windows Update Health Tools https://research.eye.security/rce-windows-update-health-tools/

[RSS] LITE XL RCE (CVE-2025-12121)

https://bend0us.github.io/vulnerabilities/lite-xl-rce/

[RSS] Remotely crashing the Spooler service

https://incendium.rocks/posts/Remotely-crashing-spooler/

RCE via a malicious SVG in mPDF https://medium.com/@brun0ne/rce-via-a-malicious-svg-in-mpdf-216e613b250b

Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/

In case you had missed it - I had. VirtualBox now supports Windows on Arm.

https://blogs.oracle.com/virtualization/oracle-virtualbox-72

Not a bad alternative to the departed Windows Services for Android.

Long overdue, but here’s my writeup for #FlareOn12 Task 9: https://hshrzd.wordpress.com/2025/11/20/flare-on-12-task-9/

New assessment for topic: CVE-2025-58034

Topic description: "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. ..."

"Based on writing the [Rapid7 Analysis](https://attackerkb.com/topics/zClpINmLCh/cve-2025-58034/rapid7-analysis), I have rated the exploitability as `Very High`, as exploitation is trivial and reliable ..."

Link: https://attackerkb.com/assessments/c67a510c-5ac5-43a7-affd-7b7655c4b62f

@rebane2001 that booster thing is plain witchcraft.

pretty fun stuff in here :)
https://hackaday.com/2025/11/18/congratulations-to-the-2025-component-abuse-challenge-winners/

@Baa

Postmortem of the Xubuntu.org download site compromise

https://lwn.net/Articles/1047056/ #LWN

Sent from San Francisco, California, U.S.A. on December 20, 1995. https://postcardware.net/?id=12-38

RCE in Apache Causeway.

https://lists.apache.org/thread/rjlg4spqhmgy1xgq9wq5h2tfnq4pm70b