The year is 2025. I have an .ics export of ~2000 items with <1MB size total. It seems I'll have to keep my computer running for the night to get it imported.

CalDAV is a still a dumpster of dumpster fires.

Timeline cleanse: pleased to report that Greg is still blowing stuff up with electricity https://www.youtube.com/watch?v=Cse3pUxvecY

🚧 What do dancing babies, "under construction" signs, and bubble-gum-blowing Furbys tell us about digital preservation? In the latest essay for the Internet Archive's Vanishing Culture series, writer JD Shadel explores the rise, fall, and cultural legacy of early Internet GIFs—and why they matter today.⁠
⁠
🔗 https://blog.archive.org/2025/02/05/vanishing-culture-what-early-internet-era-gifs-show-us-about-preserving-digital-culture/
⁠
🕳️ #VanishingCulture⁠

"Thinkers like Jean-Paul Sartre and Hannah Arendt warned us that the point of this deluge is not to persuade, but to overwhelm and paralyze our capacity to act. More recently, researchers have found that the viral outrage disseminated on social media in response to these ridiculous claims actually reduces the effectiveness of collective action.

The result is a media environment that keeps us in a state of debilitating fear and anger, endlessly reacting to our oppressors instead of organizing against them."

https://www.404media.co/you-cant-post-your-way-out-of-fascism/

#SocialMedia #organizing #fascism #FightFascism

🪝Introducing HyperHook! 🪝
A harnessing framework for snapshot-based #fuzzing using Nyx. ⚒️
HyperHook simplifies guest-to-host communication & automates repetitive tasks, making snapshot-fuzzing easier & more efficient!
🔗 Read more: https://neodyme.io/en/blog/hyperhook/

Cisco security advisories (PatchTuesday-ishing @shellsharks):

• Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Vulnerabilities
  • CVE-2024-20184 (6.5 medium) Cisco Secure Email Gateway and Cisco Secure Web Appliance Command Injection Vulnerability
  • CVE-2024-20185 (3.1 low) Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance Privilege Escalation Vulnerability
• Cisco Secure Web Appliance Range Request Bypass Vulnerability CVE-2025-20183 (5.8 medium)
• Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities
  • CVE-2025-20169, CVE-2025-20170, CVE-2025-20171, CVE-2025-20173, CVE-2025-20174, CVE-2025-20175, CVE-2025-20176 (7.7 high) Cisco IOS and IOS XE Software SNMP Software Denial of Service Vulnerabilities
  • CVE-2025-20172 Cisco IOS and IOS XE (7.7 high), and IOS XR (4.3 medium) Software SNMP Denial of Service Vulnerabilities
• Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities CVE-2025-20204 and CVE-2025-20205 (4.8 medium)
• Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
  • CVE-2025-20124 (9.9 critical) Cisco ISE Insecure Java Deserialization Vulnerability
  • CVE-2025-20125 (9.1 critical) Cisco ISE Authorization Bypass Vulnerability
• Cisco Expressway Series Cross-Site Scripting Vulnerability CVE-2025-20179 (6.1 medium)
• Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability CVE-2025-20180 (4.8 medium)
• Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance SNMP Polling Information Disclosure Vulnerability CVE-2025-20207 (4.3 medium)

"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."

#cisco #vulnerability #cve #infosec #cybersecurity

In response to a popular demand, here is DOOM running on Apple Lightning to HDMI dongle

https://youtu.be/4XCkeN0XuqA?feature=shared

Veeam: CVE-2025-23114
CVE-2025-23114 (9.0 critical) A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions. This CVE impacts multiple versions of Veeam Backup. No mention of exploitation. h/t: @cR0w

#veeam #cve #CVE_2025_23114 #infosec #vulnerability #cybersecurity

While working on a nday vulnerability research project, we stumbled upon a vulnerability in the core of the TCP subsystem of the Linux kernel. We reported it upstream, which was fixed in May of last year. This blog post shares how we came across it and our vulnerability analysis. It is a reference counter issue, and a mechanism in the Linux kernel usually prevents those issues from being exploitable. Still, in this case, it could even be with the mechanism present. Read it and see how it could be done.

Accidentally uncovering a seven years old vulnerability in the Linux kernel

https://allelesecurity.com/accidentally-uncovering-a-seven-years-old-vulnerability-in-the-linux-kernel/

Zyxel says it has no plans to release patches for two zero-days under active attack and is advising customers to replace vulnerable routers.

The company says these devices have been “end of life for years” - but the devices are not listed on Zyxel’s EOL page, and some are still available to buy on Amazon https://techcrunch.com/2025/02/05/router-maker-zyxel-tells-customers-to-replace-vulnerable-hardware-exploited-by-hackers/

Embrace. This is the new #curl CVE I expect I will get a fair amount of... "traffic" about: https://curl.se/docs/CVE-2025-0725.html

[RSS] Micropatches Released for Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)

https://blog.0patch.com/2025/02/micropatches-released-for-windows-task.html

We've been collecting and mirroring what we can find of public data scrapes of data that has recently gone missing from federal sites or is likely to in the near future. The repos here include public data from CDC, NIH, and NOAA. Be warned that some of these repos are quite large!

https://git.lsit.ucsb.edu/publicdata

[RSS] Secure by Design: Google's Blueprint for a High-Assurance Web Framework

https://bughunters.google.com/blog/6644316274294784/secure-by-design-google-s-blueprint-for-a-high-assurance-web-framework

Unofficial #PatchTuesday continues with Google Chrome: Stable Channel Update for Desktop
Chrome 133.0.6943.53 (Linux) and 133.0.6943.53/54( Windows, Mac) includes 12 security fixes, 3 are externally reported:

• CVE-2025-0444 (high) Use after free in Skia
• CVE-2025-0445 (high) Use after free in V8
• CVE-2025-0451 (medium) Inappropriate implementation in Extensions API

No mention of exploitation.

#google #chrome #vulnerability #cve #infosec #cybersecurity

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! https://portswigger.net/research/top-10-web-hacking-techniques-of-2024

NETGEAR did this earlier than #PatchTuesday on 01 February 2025 but here you go:

• Security Advisory for Unauthenticated RCE on Some WiFi Routers, PSV-2023-0039An unassigned (no CVE) unauthenticated remote code execution vulnerability (CVSSv3.0: 9.8 critical) has been patched in NETGEAR XR1000, XR1000v2, and XR500 WiFi routers.
• Security Advisory for Authentication Bypass on Some Wireless Access Points, PSV-2021-0117An unassigned (no CVE) authentication bypass security vulnerability (9.6 critical) was patched on NETGEAR WAX206, WAX220 and WAX214c2 wireless access points.

#netgear #vulnerability #infosec #cybersecurity

Top 10 web hacking techniques of 2024 https://portswigger.net/research/top-10-web-hacking-techniques-of-2024

#PatchTuesday continues with Zyxel: Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE
Zyxel's security advisory confirms the existence of CVE-2024-40890, CVE-2024-40891, and CVE-2025-0890 affecting end-of-life DSL CPE products. While they link to GreyNoise's blog post, Zyxel does not acknowledge the fact that CVE-2024-40891 (8.8 high) post-auth command injection is a zero-day being exploited in the wild by a Mirai botnet variant. They reiterate that EoL products don’t receive further support and:

"we strongly recommend that users replace them with newer-generation products for optimal protection."

Note: DSL CPE likely stands for Digital Subscriber Line Customer-Premises Equipment cc: @fellows for more Patch Tuesday Madness.

#zyxel #vulnerability #cve #CVE_2024_40891 #zeroday #eitw #activeexploitation #mirai #botnet #infosec #cybersecurity