We wrote a little bit on FortiCloud SSO login bypass CVE-2025-59718 (and 59719). Both the known PoCs for the former are fake / invalid. There does appear to be real exploitation evidence, but detections based on fake PoCs ain't it (and it seems like that's where a lot of chatter is coming from)

https://www.vulncheck.com/blog/forticloud-sso-login-bypass

Perfect 10 in HPE OneView with no description and the advisory behind a login? Must be good. Go hack that shit please. 🥳

https://www.cve.org/CVERecord?id=CVE-2025-37164

French authorities said they arrested the man who hacked their Ministry of Interior email servers.

He's a known hacker who was already convicted this year. Anyone has any ideas who this could be?

https://www.rfi.fr/en/france/20251218-france-detains-suspect-over-interior-ministry-cyberattack-as-probe-widens

Update on the iOS emulator 🔥

We’ve been deep into acceleration work lately, and the performance is already very promising for an emulated iOS18.

Still cooking, but we’re getting close to sharing it with you. And more is coming with iOS26...

#ios #emulation #devsecops

The Amphora of Great Intelligence (AGI)

#webcomic #krita #miniFantasyTheater

ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities https://www.elttam.com/blog/leaking-more-than-you-joined-for/

r2renef - Renef IO Plugin for Radare2 released!

Github: https://github.com/ahmeth4n/r2renef

I built a small radare2 IO plugin to combine radare2’s powerful binary analysis features with Renef’s Android runtime instrumentation.

This allows you to use static analysis (disasm, analysis) together with runtime capabilities like hooking, memory and module operations in a single workflow, without constant context switching.

The project is still early, but already useful in daily Android reverse-engineering tasks.

Feedback and contributions are always welcome, especially from those working with radare2, Android, or low-level instrumentation👌

🚀 Big News! Docker Hardened Images are now free! We’re partnering with @Docker to bundle Socket Firewall into supported images, adding supply chain protection during dependency installs and builds.

Details → https://socket.dev/blog/socket-firewall-now-available-in-docker-hardened-images

Wow! @ferrous published a really interesting vacancy.
A full-time PhD research to implement #Rust network stack and prove it with Rocq.

Anyone wants to try? :)

Project Zero have finally got around to updating the blog to something less blogger-esc, check it out at https://projectzero.google. To coincide with this momentous occasion I dug out the draft of my blog post about Windows Object Manager performance which became the basis of my article in PoC||GTFO #13 and updated it to see if it still worked in Windows 11. You can read it at https://projectzero.google/2025/12/windows-exploitation-techniques.html

Wowzers, another perfect 10 from Cisco on Secure Email Gateway, Secure Mail, and Web Manager. This one has:

• RCE
• No patch
• No workaround
• No public IoCs

This attack campaign affects Cisco Secure Email Gateway, both physical and virtual, and Cisco Secure Email and Web Manager appliances, both physical and virtual, when both of the following conditions are met:

• The appliance is configured with the Spam Quarantine feature.
• The Spam Quarantine feature is exposed to and reachable from the internet.

Recommendation is to reimage to a known-good config. Whatever that is, without indicators.

Good luck I guess??

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4