@buherator

Confirmed.

Age Verification: Teaching the world how to evade censorship
https://alecmuffett.com/article/132609
#AgeVerification #OnlineSafety #TheVpnEffect #censorship #missouri #surveillance

@synnfynn FTR this was it: https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp/503169#503169

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

@synnfynn nah, no SELinux, and with a brilliant move I now just log to the console :)

I'm writing this network thing and there are always problems that you only recognize during implementation - this is why it's so enlightening to implement stuff.

What I didn't expect is getting stuck because I can't write to a damn log file as root...

#Ghidra 11.4.3 is out:

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.4.3_build

Changes:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_11.4.3_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

AI Warning: Google has been caught A/B testing replacing real article headlines with AI-generated substitutes, which are of course sometimes wildly misleading/against journalistic ethics. If you see a blatantly horrible headline in a news aggregator, check whether the site's own page matches before blaming the site! https://www.pcgamer.com/software/ai/googles-toying-with-nonsense-ai-made-headlines-on-articles-like-ours-in-the-discover-feed-so-please-dont-blame-me-for-clickbait-like-bg3-players-exploit-children/

"We did a number of refactors [...] This also fixes a critical security vulnerability." 👀

CVE-2025-55182, an RCE in React Server Components just landed:

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Enjoy your patching, and make sure to check your bundled frameworks and dependencies.

Here's the commit:
https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700

Critical Security Vulnerability in React Server Components

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

CVE-2025-55182 CVSS 10.0

Hey developers and vulnerability researchers!

I'm currently working on improving my #Semgrep ruleset for C/C++ static code analysis, and I've just published the new v1.1.0 release: https://github.com/0xdea/semgrep-rules

Some notable changes since the previous battle-tested release: new rules for detecting high-entropy assignments and ReDoS vulnerabilities, numerous enhancements to existing rules, reduced false positives without sacrificing coverage, optimized patterns across the board, and overall better documentation. Check the changelog for the full list (yes, there’s a changelog now).

Please test it inside and out, and feel free to open issues or submit pull requests. Your feedback is invaluable and will help shape the project roadmap. I'm aiming for a major release sometime before spring.

UAF in ImageMagick.

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m

That progress bar...

WhatsApp Android: Contact gating bypass in groups, leading to interactionless media download

https://project-zero.issues.chromium.org/issues/442425914

Re: https://old.reddit.com/r/crypto/comments/1pca3r8/introducing_constanttime_support_for_llvm_to/nrzywmp/?context=2

It is simultaneously true that:

• Most data breaches do not require any cryptographic wizardry
• Of the ones that involve cryptography, side-channels (timing, power, etc.) are not an attacker's first choice
• The inability to have guarantees that the compiler will not make code variable-time as part of an "optimization" is a massive pain point in writing secure implementations of cryptography

And, sure, the LLVM work won't stop app developers from fucking up something on the OWASP Top 10 list for a given year. Nor will it stop phishing from being hella effective against most users and services.

But it does reduce compiler doom and various forms of auditor bikeshedding, which makes applied cryptography work a little easier to get done.

And the best mitigation we have for phishing attacks today is WebAuthn... which uses cryptography. :P

Sometimes, naysaying is actually counterproductive.

Nice community contribution! James Downs built a Kagi News app for Pebble watches:

https://apps.rebble.io/en_US/application/692b3f0549be450009b545ce

#Kagi #News #Pebble

pov: your a nvidia board partner in 2026 frantically "sourcing" vram from playstation 5s
https://bird.makeup/users/falconryfinance/statuses/1994764207649427621

🎄 Missed last year’s #radare2 Advent Calendar? No worries — the challenges are still live and ready to hack! Share your progress in the fediverse! 💪✨ #ReverseEngineering #CTF #infosec #radare2
https://radare.org/advent/

@pancake he should be gradually introduced to the wonders of LSDJ

[RSS] The Importance of Diverse Knowledge in Vulnerability Research - The Transferability of Knowledge

https://allelesecurity.com/transferability-knowledge/

/by @allelesecurity