CVE-2025-66293: libpng: Out-of-bounds read vulnerability fixed in 1.6.52 https://www.openwall.com/lists/oss-security/2025/12/03/5
Unlike typical image parsing vulnerabilities, this bug is triggered by valid PNG files. Web browsers use the low-level API rather than the simplified API and are not affected by this.

@tallison I'm sure Fedi can also cheer you up, we have quality memes!

BoF in glib.

https://access.redhat.com/security/cve/CVE-2025-14512

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

We're so cooked

https://gizmodo.com/librarians-arent-hiding-secret-books-from-you-that-only-ai-knows-about-2000698176

New vulnerability report from Talos:

The Biosig Project libbiosig MFER parsing multiple stack-based buffer overflow vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296

CVE-2025-66048,CVE-2025-66043,CVE-2025-66047,CVE-2025-66044,CVE-2025-66046,CVE-2025-66045,CVE-2025-66043,CVE-2025-66044,CVE-2025-66045,CVE-2025-66046,CVE-2025-66047,CVE-2025-66048

A modern tale of Blinkenlights, cheap Christmas shopping and curiosity, narrated by @virtualabs

Firmware extraction and reverse engineering of a smartwatch FTW!

https://blog.quarkslab.com/modern-tale-blinkenlights.html

@cR0w @catsalad sounds like the same principle as googling "google"

[RSS] Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis

https://blog.trailofbits.com/2025/12/11/introducing-mrva-a-terminal-first-approach-to-codeql-multi-repo-variant-analysis/

vim user doing God's work

@cR0w Microservices deserve work-life balance too yknow #unionize

In #IBMi 7.6 TR1 and 7.5 TR7 three new date formats have been introduced that will make solving 2040 issue easier.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/12/new-date-formats-for-rpg.html

We currently have three pending CVEs to be announced in the next #curl release (severity low + medium x 2)

All three found with AI powered tooling.

So it is happening.

@robpike

[RSS] The Fragile Lock: Novel Bypasses For SAML Authentication

https://portswigger.net/research/the-fragile-lock

[RSS] How Citrix Fixed an ESC1 Risk in Their Documentation

https://medium.com/@Debugger/how-citrix-fixed-an-esc1-risk-in-their-documentation-5051bf410139?source=rss-3ba65b326b28------2

@gsuberland styropyro? :)

Sources of Deception

#webcomic #krita #miniFantasyTheater

@davidrevoy @eri that frog made my day <3 go frog!

Random realization: MS Teams is the Lotus Notes of web meetings.

@damieng archive.ph seems to have at least some of it: https://archive.ph/IIOAR

Oh dear the entire https://www.lyonlabs.org site is offline *and* excluded from archive.org.

It's a massive archive of vintage and modern GEOS and C64 material a lot of it seemingly not found elsewhere.