Security product vulns are maddening but will also never not be funny to me.

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025.

https://www.cve.org/CVERecord?id=CVE-2025-10101

And another one:

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

https://www.cve.org/CVERecord?id=CVE-2025-8351

@R41N3RZUF477 the most concerning part of admin protection's design was just that UI Access seemed to not considered part of the boundary. Of the 9 bugs I reported, 5 were basically ways of getting control over a UI Access process and from there full admin. I think if you're going to break app compat anyway you might as well have done something more than UAC with bells on it.

I wasn't imagining things, Administrator Protection has indeed been pulled for now. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/administrator-protection/?tabs=intune#system-requirements

🌍Making #radare2 more portable and accessible to new audiences has been always a priority for us.

At #r2con2025, @AbhiTheModder created a web frontend for #radare2 using the webassembly builds to allow Chromebook students reverse engineer crackmes from the browser!

• Select version of r2
• Create multiple tabs
• Keyboard driven
• Analyze large binaries

This sandboxed environment is ideal for education as well as for malware analysis and the whole toolchain can be used from the commandline with wasmer.

• Try it online https://r2.revengi.in
• HTML radare2 Widget https://radareorg.github.io/r2wasm/index.html
• Source code https://github.com/radareorg/r2web
• Watch the presentation 👇

https://youtu.be/TblF4f91NnA

🎅🎁 Ho ho ho #Telco📡! 5GC Pentest Burp Suite ext under the tree! 🔐🎄 https://github.com/PentHertz/5GC_API_Pentest ✨🎉🚀 #5GSecurity

Petition in Germany to recognize unpaid contribution to free and open source software projects as 'society-beneficial volunteering' (ehrenamt)!

This will give volunteering for e.g. @postmarketOS , @freifunk , @kde , @nextcloud , @Mastodon and other libre projects the same legal status as taking care of an elderly family member or volunteering for a youth association, which provides tax benefits and relaxes requirements for receiving unemployment benefits.

Interested people may sign it using one of the two following links.

The petition in german language: https://www.openpetition.de/petition/online/anerkennung-von-open-source-arbeit-als-ehrenamt-in-deutschland#petition-main

The petition in english language: https://www.openpetition.de/petition/online/recognition-of-work-on-open-source-as-volunteering-in-germany

News article (German): https://www.heise.de/news/Petition-Open-Source-Arbeit-soll-als-Ehrenamt-gelten-11094436.html

News article (English): https://www.heise.de/en/news/Petition-Open-source-work-should-count-as-volunteer-activity-11095357.html

The petition is organized by @webvision.

If you're not a resident of Germany, go ahead and use this thread to organize similar initiatives in your country of residence.

#deutschland #foss #floss #volunteer #ehrenamt #freiwilligkeit #openSource #freeSoftware

@algernon gummy bears! (make you swallow a lot)

I had a particularly mind-numbing exchange with a chatbot today so decided to dedicate spare resources of one of my VPSs to #iocaine. I brought the domain online about an hour ago, and there are already dumb bots in the maze, continuously consuming my bandwidth and CPU.

/cc @algernon

@mattgodbolt @kouhai FTR it's https://xania.org/feed.atom

This December, I'll be posting an article & video each day until Christmas in the Advent of Compiler Optimisations! #AoCO2025

Each day we'll explore a fun optimisation in C or C++; some low-level, x86 or ARM-specific, some high-level. Hope you'll join me!

YT: https://youtube.com/mattgodbolt
Blog: https://xania.org

libmicrovmi - A cross-platform unified Virtual Machine Introspection API library

https://github.com/Wenzel/libmicrovmi

https://github.com/the-P1neapple/WinJS-Microsoft-Account-Bypass

>you can skip the forced microsoft account during setup by accessing the hidden javascript console

@crcollins unfortunately part of the problem is that the independet stores UX was simply shit as if they didn't really want my money...

Every Sora AI vid. burns 1 kW hour & emits 466 grams of carbon. The Sora 2 platform alone emits nearly a quarter of the carbon of all Meta/Facebook.

👉🏻 https://reclaimedsystems.substack.com/p/every-sora-ai-video-burns-1-kilowatt

The Algol68 compiler fronted has been merged in GCC and the very next gcc16 will ship it! Cant mention the author here, but good job Jose!

You can write '2' (0x32) anywhere in the filesystem of a Linux-based network switch. How do you get root?

That's basically what my talk at GreHack conference was about - enjoy!
https://youtu.be/F4CudbWHZ7Y?t=504 https://youtu.be/X-ZJH4d2tuE?t=1162

Some old buildings from the era of socialism in Hungary #Modernism
https://telex.hu/foto/2025/11/29/balaton-modern-epiteszet

It's 2025 and I tried to buy a book online:
- Had to register a new account
- Had to chat with a bot
- Had a card declined
- Fell back to rent instead of buy
- Got an OTP SMS
- Still can't download the book

I now have a pirated copy (took 2 clicks) and my refund is on the way.