Oh. yay.

"mongobleed" — https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

CVE-2025-14847

"Exploits zlib decompression bug to leak server memory via BSON field names.”

"Technique: Craft BSON with inflated doc_len, server reads field names from leaked memory until null byte.”

"What if Bitcoin was one big mining company?":

https://no01.substack.com/p/what-if-bitcoin-was-one-big-mining

You'd be insane buying its shares.

Do you or somebody you know have a Windows 10 that isn't fit for a Windows 11 upgrade? (e.g. no TPM)

1. Get a Windows 11 25H2 ISO
2. Run setup /product server

Enjoy your Windows 11 with no coerced Microsoft Account, TPM features, etc.

AFL++ 4.35c release! Complete hidden coverage gathering, GUIFuzz++ support, IJON for qemu, various fixes! https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.35c #fuzzing #fuzzer

c3nav is out!!! come hang out with your favorite has-beens and get lectured about the good old days at the console hackers retirement home! non-retired hackers also welcome we are here to support the new generation 🫡

Console Hackers Retirement Home
Assembly, F6, Hall 3, Level 0

#39c3

https://39c3.c3nav.de/l/nintenbros/

Christmas Eve miracle: Fortinet admits new exploitation of a 2020 bug

https://www.fortinet.com/blog/psirt-blogs/product-security-advisory-and-analysis-observed-abuse-of-fg-ir-19-283

does anyone know of an artist taking commissions who has a sense of humour and a style somewhere in the realms of Hieronymus Bosch / medieval era classical painting, who would be willing to make me a t-shirt design? (paid work, of course.)

I'm looking to get a seasonal parody recreation of Slayer's Seasons In The Abyss album cover, in the theme of "Sleigher - Season's Greetings In The Abyss".

I didn't sleep well last night so had way way way too much caffeine to compensate and that usually leads me to strange thoughts. Today's strange thought: I see parallels between what cell phones did to telephone service audio quality and what Cloudflare is doing to internet availability.

My fellow hose drinkers will remember the MCI ads about hearing a pin drop on a phone call to the other side of the world, and from there it was a race to have the best audio quality. Then cell phones came and the convenience was so compelling that no one gives a crap about audit quality now, so long as it's intelligible.

I see the same sort of thing happening with Cloudflare - it's so convenient that we are coming to accept outages (NB: it's not just cloudflare, they are just on my mind - also AWS, Azure, et al), and it makes me wonder if 5 years how we are going to be thinking about high availability Internet services.

He was covered in cables, from head to his foot,
patched 'em in switchports, he doubled throughput!
He opened his laptop, his terminal: no hype.
No Electron, no XCode, only in 'vi' did he type.

His code -- so readable! His Makefiles how clean!
His scripts were well structured, his includes pristine!
His CFLAGS? Warn 'all', warn 'extra', be extra pedantic
Turn warnings to errors, it's almost romantic!

We (Orange Cyberdefense) are attempting to become a CVE CNA & in prep for that collected the various vulns we had reported over the years that had corresponding public information. 108 of them! It’s mostly a vanity list but will be where we publish new vulns in future. https://advisories.orangecyberdefense.com/advisories

Lately I have noticed that when you purchase a ticket you don’t get a static PDF/PNG anymore.

Increasingly often, you get a .pkpass file, which is supposed to be opened in wallet apps (like Google Wallet or any 3rd-party).

Since I don’t like to share information about the events I attend with strangers on the Internet, I have decided to take a closer look at these .pkgpass files.

They are usually just zip files that contain a background image, an icon and a pass.json with the actual information about the ticket. Nothing that can’t be handled by a script rather than a 3rd-party 100 MB mobile app.

I have thus put together a simple #shell script that does exactly that.

Dependencies:

• jq
• zint
• magick
• unzip
• curl or wget

Usage:

pkpass2png https://domain.tld/myticket.pkpass ticket.png

https://gist.manganiello.tech/fabio/pkpass2png

The US is sanctioning Thierry Breton and Trusted Flaggers that are critical for the application and enforcement of the #DSA.

Full solidarity with the unjustly sanctioned individuals. As Breton called out, 90% of the European Parliament and all 27 Member States unanimously voted the DSA.

This bullying into vassalisation of Europe is unacceptable.