Backdooring Your Backdoors - Another $20 Domain, More Governments - watchTowr Labs https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/

This is it! Its on!

Save the date and polish your speaking or training skills-> call for papers, workshops, trainings, sponsors and volunteers open!

Submit: https://pretalx.com/bsidesluxembourg-2025/cfp

PS: sponsor package options available on info@bsides.lu!

#bsidesluxembourg

Please support one of our own! If you ever have been to defcon, needed network security, used MFA, touched HAM radio, etc… dearest cjunkie made your life better one way or another - one of the most awesome human beings I know (and I know tons of them!) https://www.gofundme.com/f/support-marc-rogers-road-to-recovery

Confirmed. ChatGPT is actively indexing the Fediverse, even small servers like mine who have not explicitly consented to their indexing.

So while people on Mastodon got angry about Mastodon having built-in discovery features, ChatGPT just went ahead and slurped up all your posts.

High level diff of iOS 18.3 beta 1 vs. iOS 18.3 beta 2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_3_22D5034e__vs_18_3_22D5040d/README.md

Google Chrome security advisory: Stable Channel Update for Desktop
New Google Chrome version 131.0.6778.264/.265 for Windows, Mac and 131.0.6778.264 for Linux includes 4 security fixes, including 1 externally reported: CVE-2025-0291 (high severity) Type Confusion in V8. No mention of exploitation

#google #chrome #vulnerability #cve #infosec #cybersecurity #CVE_2025_0291

Project: golang/go https://github.com/golang/go
File: src/cmd/cgo/ast.go:358 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/cgo/ast.go#L358

func (f *File) walk(x interface{}, context astContext, visit func(*File, interface{}, astContext))

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fast.go%23L358&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Fcgo%2Fast.go%23L358&colors=light

Project: golang/go https://github.com/golang/go
File: src/runtime/pprof/pprof_test.go:1553 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/runtime/pprof/pprof_test.go#L1553

func containsCountsLabels(prof *profile.Profile, countLabels map[int64]map[string]string) bool

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fpprof%2Fpprof_test.go%23L1553&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fpprof%2Fpprof_test.go%23L1553&colors=light

In the latest Doyensec research, our Nobert Szetei (@sine) takes a closer look at the SMB3 Kernel Server (ksmbd) component of the Linux kernel. Check it out today to learn what he found, which led to multiple CVEs!

#Doyensec #Appsec #Security #Linux

https://blog.doyensec.com/2025/01/07/ksmbd-1.html

RULECOMPILE - Undocumented Ghidra decompiler rule language

https://msm.lt/re/ghidra/rulecompile/

#Ghidra #Decompiler

[RSS] CVE-2024-53141: an OOB Write Vulnerability in Netfiler Ipset

https://u1f383.github.io/linux/2025/01/07/cve-2024-53141-an-oob-write-vulnerability-in-netfilter-ipset.html

US adds web and gaming giant Tencent to list of Chinese military companies

This could be the start of a saga to rival TikTok’s troubles, and embroil Tesla and Microsoft The US Department of Defense has added Chinese messaging and gaming Tencent to its list of “Chinese military company”, a designation that won’t necessarily result in a ban but is nonetheless unpleasant.…
#theregister #IT
https://go.theregister.com/feed/www.theregister.com/2025/01/07/tencent_catl_chinese_military_company_list/

One of my favorite things is asking LLMs "what's wrong with <this>?" when nothing is wrong with <this>. Works with code, circuit schematics, and so on.

You usually get a wall of *really* convincing text, and I imagine myself in the shoes of some poor student trying to make sense of this.

Last year I asked a question about the state of tracing JITs, and it led to a wonderful exchange. @cfbolz has written a terrific summary that captures a lot of folk knowledge that would otherwise be lost. Thanks!
https://pypy.org/posts/2025/01/musings-tracing.html

Real-time bidding, which powers nearly every ad you see online, might be the most privacy-invasive surveillance system that you’ve never heard of. Learn how it works and how to protect yourself. https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how

- You have to understand that back in my day, it was possible to make a career out of sending a lot of AAAAAAs to computer programs

- Sure grandpa, let's get you to bed

please don't let maths journals go this way...

Elsevier adds AI to the "proofreading" of publications. Editors resign.

https://retractionwatch.com/2024/12/27/evolution-journal-editors-resign-en-masse-to-protest-elsevier-changes/

https://pivot-to-ai.com/2025/01/05/elsevier-rewrites-academic-papers-with-ai-without-telling-editors-or-authors/

Now that it's actually 2025, you may want to give this a gander.

https://taggart-tech.com/20241212-2025-jobs-guide/