[RSS] The Fragile Lock: Novel Bypasses For SAML Authentication

https://portswigger.net/research/the-fragile-lock

[RSS] How Citrix Fixed an ESC1 Risk in Their Documentation

https://medium.com/@Debugger/how-citrix-fixed-an-esc1-risk-in-their-documentation-5051bf410139?source=rss-3ba65b326b28------2

@gsuberland styropyro? :)

Sources of Deception

#webcomic #krita #miniFantasyTheater

@davidrevoy @eri that frog made my day <3 go frog!

Random realization: MS Teams is the Lotus Notes of web meetings.

@damieng archive.ph seems to have at least some of it: https://archive.ph/IIOAR

Oh dear the entire https://www.lyonlabs.org site is offline *and* excluded from archive.org.

It's a massive archive of vintage and modern GEOS and C64 material a lot of it seemingly not found elsewhere.

Indicators that your machine has been infected with a virus:

- The computer slows down.

- The computer beeps.

- The OS doesn't load.

- The BIOS logo changes. (WTF?!)

- The computer freezes, has BSODs, etc.

(I thought these were indicators that you're infected with CrowdStrike.)

Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge.
https://research.google/resources/datasets/
Dataset is available for download at:
▪️https://console.cloud.google.com/storage/browser/net-ntlmv1-tables [Login required]
▪️gs://net-ntlmv1-tables

hmmmm idk about this verification method Discord is offering

It's the final Patch Tuesday of 2025! #Microsoft and #Adobe took it easy on us with a smaller release, but there's 1 0-day being exploited & an Exchange bug reported by the NSA. @dustin_childs fills you in on the details & where to focus your priorities. https://www.zerodayinitiative.com/blog/2025/12/9/the-december-2025-security-update-review

i finally gave in and started using uv to manage the dependencies for my Python scripts and it’s great https://jvns.ca/til/python-inline-dependencies/

I recently posted about looking for an artist and got a bunch of replies.

Problem is 1) there are many obvious bots 2) those who are likely not bots also seem to use LLM/templates to communicate, making them look like bots.

If you don't want to get reported, use your own voice!

#fedihire

MS advisories are live. Looks like two publicly disclosed and one EITW.

https://msrc.microsoft.com/update-guide/vulnerability

Phrack #72 PUZZLE CHALLENGE >>> WALKTHROUGH <<< is OUT.

Everyone who did not find the hidden secrets in the hardcopy release: This is your chance.

♥️ Stay curious and live forever ♥️

http://phrack.org/dl/72/puzzle-challenge.pdf

We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: https://issuetracker.google.com/issues?q=componentid:1836411%20title:JavascriptCore

All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!

V8 now has a (experimental) JS bytecode verifier!

IMO a good example for the benefits of the V8 Sandbox architecture:
- Hard: verify that bytecode is correct (no memory corruption)
- Easier: verify that it is secure (no out-of-sandbox memory corruption)

The sandbox basically separates correctness from security.

More details: https://docs.google.com/document/d/1UUooVKUvf1zDobG34VDVuLsjoKZd-CeSuhvBcLysc7U/edit?usp=sharing

Implementation: https://source.chromium.org/chromium/chromium/src/+/main:v8/src/sandbox/bytecode-verifier.cc

@buherator What are the best anti-scam resources I can link to? It's not the focus on Hacklore but I can make sure there is a smoother on ramp to good guidance.

@boblord That'd make sense, but unfortunately I don't know of any resources I could recommend (in part because of the reasons Hacklore exists...). I keep this in mind though and let you know if I find anything!