"Bavarian pensioner lays trap to catch phone fraudster who was out for his gold":

https://www.theguardian.com/world/2025/dec/18/german-pensioner-lays-trap-catch-fraudsters-after-gold

Any of the @offsec folks on here?

This is my experience with LLMs. To paraphrase @apps3c “sometimes you just need to ask nicely”

https://hnsecurity.it/blog/attacking-genai-applications-and-llms-sometimes-all-it-takes-is-to-ask-nicely/
https://mastodon.cloud/@slashdot/115742100395423331

It's done. I can't believe it's finally done. I've been working on this in mostly secret for so long, and I'm so excited to share it with y'all!

https://taggart-tech.com/ringspace/

https://ringspace.net

[RSS] Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)

https://mdisec.com/inside-posthog-how-ssrf-a-clickhouse-sql-escaping-0day-and-default-postgresql-credentials-formed-an-rce-chain-zdi-25-099-zdi-25-097-zdi-25-096/

[RSS] Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent

https://xmcyber.com/blog/jumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-34352-in-jumpcloud-agent/

[RSS] Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

https://blog.talosintelligence.com/libbiosig-grassroot-dicom-smallstep-step-ca-vulnerabilities/

@cR0w That's OK, been there!

We wrote a little bit on FortiCloud SSO login bypass CVE-2025-59718 (and 59719). Both the known PoCs for the former are fake / invalid. There does appear to be real exploitation evidence, but detections based on fake PoCs ain't it (and it seems like that's where a lot of chatter is coming from)

https://www.vulncheck.com/blog/forticloud-sso-login-bypass

@cR0w I think this is slop.

Perfect 10 in HPE OneView with no description and the advisory behind a login? Must be good. Go hack that shit please. 🥳

https://www.cve.org/CVERecord?id=CVE-2025-37164

New Project Zero issue:

Adobe DNG SDK: Linearize uses full image on trimmed source image, leading to out-of-bounds read

https://project-zero.issues.chromium.org/issues/452483592

CVE-2025-64784

New Project Zero issue:

Adobe DNG SDK: out-of-bounds read in RefBaselineABCDtoRGB during the Render phase

https://project-zero.issues.chromium.org/issues/457419672

CVE-2025-64893

New Project Zero issue:

Adobe DNG SDK: out-of-bounds write in dng_resample_weights::Initialize due to invalid floating point arithmetic

https://project-zero.issues.chromium.org/issues/457987854

CVE-2025-64894

French authorities said they arrested the man who hacked their Ministry of Interior email servers.

He's a known hacker who was already convicted this year. Anyone has any ideas who this could be?

https://www.rfi.fr/en/france/20251218-france-detains-suspect-over-interior-ministry-cyberattack-as-probe-widens

Update on the iOS emulator 🔥

We’ve been deep into acceleration work lately, and the performance is already very promising for an emulated iOS18.

Still cooking, but we’re getting close to sharing it with you. And more is coming with iOS26...

#ios #emulation #devsecops

@pancake You're the Man! I uploaded two samples here (.reshare.json):

https://scrapco.de/dataslate/

Do you need the binaries too? Should I generate the C (de)serializers for you?

The Amphora of Great Intelligence (AGI)

#webcomic #krita #miniFantasyTheater

ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities https://www.elttam.com/blog/leaking-more-than-you-joined-for/

@davidrevoy Frog <3