[RSS] Discovery & Analysis of CVE-2025-29969

https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)

[RSS] Mailbag: URLs as UI

https://unsung.aresluna.org/mailbag-urls-as-ui

[RSS] OpenCFD OpenFOAM Code Stream directive arbitrary code execution vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2292

Before launch, Perplexity hired us to test the security of Comet, their AI browser assistant. We demonstrated how four prompt injection techniques could extract users' private information from Gmail. https://blog.trailofbits.com/2026/02/20/using-threat-modeling-and-prompt-injection-to-audit-comet/

@leyrer Wait till one of those techbros announce they reserved capacity for future weapons manufacturing...

SGI stack overflow 😱
booting the IRIS Indigo R3k..

Just shipped updates for rhabdomancer, haruspex, and augur. Now compatible with @HexRaysSA IDA 9.3 and @xorpse's idalib-rs 8.0.

These headless #IDA plugins are built for #VulnerabilityResearch workflows where you want IDA's power without the GUI. This release brings a bunch of small improvements and bug fixes.

https://hnsecurity.it/blog/streamlining-vulnerability-research-with-the-idalib-rust-bindings-for-ida-9-2/

[RSS] CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad

https://www.thezdi.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad

ZDI analysis of the notorious vuln

[RSS] "Good enough" emulation: Fuzzing a single thread to uncover vulnerabilities

https://blog.talosintelligence.com/good-enough-emulation/

I'm pleased to announce a new release of the Rust bindings for @HexRaysSA IDA SDK! This release includes v9.3 compatibility.
Code: https://git.idalib.rs
Docs: https://docs.idalib.rs
Thank you to @yegor who contributed to this release, and to @HexRaysSA for their support.

I KNOW somebody in this community can win this money.

“Fulu’s latest bounty is for Ring’s video doorbell cameras, meant to encourage hackers and tinkerers to disable software features that require the devices to send data to Amazon. The reward is a potential payout of $10,000 or more.” https://www.wired.com/story/a-10k-bounty-awaits-anyone-who-can-hack-ring-cameras-to-stop-sharing-data-with-amazon/

RE: https://infosec.exchange/@Weld/116100770024505311

One of my best memories was staying up all night drinking and exchanging stories with Par at a DEF CON decades ago. Stores about him inspired me in my earlier days, and to finally get to "meet your hero" left a lasting impression.

"Parmasterisgod" is legend in the old school circles, a story I heard second hand many years and many times before I got to meet him to hear it first hand.

I'll definitely have a drink this evening and talk to some friends and share Par stories.

After decades of research, a seemingly unremarkable find retrieved from a Roman shipwreck proved to be a sensational scientific discovery, proving that the ancient Greeks were capable of making mechanical models of the cosmos. The Antikythera Mechanism is the world‘s first known analog computer.

https://blog.nationalmuseum.ch/en/2023/11/an-ancient-greek-computer/

My virtual replica:

https://www.thomasweibel.ch/anticythera2/

#history #sciencehistory #antiquity #archaeology #astronomy #digitalhumanities #mathematics #physics #astrophysics

The most monstrous lie that I regularly tell myself is "I'll get that work done while I'm on the plane."

Paged Out zine #8

https://pagedout.institute/download/PagedOut_008.pdf

the watchers: how #openai, the US government, and #persona built an identity #surveillance machine that files reports on you to the feds

https://vmfunc.re/blog/persona/

Just posted a little follow-up on the #Messenger asset format #Microsoft uses!

https://vito.io/articles/2026-02-19-the-specification

Includes a PDF with the whole spec for nerds tagging along! <3

#retrocomputing #reverseengineering #windowslivemessenger #writing #blog #smallweb

Connect with us on Friday 2/20 @ 3pm for some advanced exploitation! Brandon (teaching Firmware RE at RE//verse) has a spicy meshtastic bug from class for us to preview, then we'll continue with more advanced C++ reversing! https://www.youtube.com/watch?v=k0s7W3Wuipg

So the apparent concurrency bug I've been chasing for the last couple of days turned out to be:

- a thread panic!ing
- because it couldn't allocate a trivial amount of memory
- probably related to the fact that when I passed a struct to a library, the library apparently decided that the passed fields are not important and made up new ones

The best part was that I saw no indication of the panic until I carefully yanked out half of the code (using a different library), some of which apparently swallowed all panics.

Yes, I work with weird shit.

#Rust

LLMs can generate 'secure' passwords that are actually just predictable garbage. Because, you know, predicting is what LLMs do best.

https://www.irregular.com/publications/vibe-password-generation