[RSS] Announcing Pwn2Own Berlin and Introducing an AI Category

https://www.thezdi.com/blog/2025/2/24/announcing-pwn2own-berlin-2025

P2O will be at OffensiveCon :O Also, AI pwn means RCE (as it should be)

This isn't a sexy exploit, but this is exactly the kind of thing that can ruin people's lives. Inform your network about how to spot these.

https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/

New from 404 Media: all 50 states have introduced right to repair legislation. Not all have passed, but it's just a massive milestone for the right to repair movement that just a few years ago was demonized by big tech https://www.404media.co/all-50-states-have-now-introduced-right-to-repair-legislation/

New video: “rev.ng: an overview”.

Check it out: https://www.youtube.com/watch?v=qbt6Ukoa-sQ

The Register so YMMV but still https://www.theregister.com/2025/02/20/gitlab_thrice_sued/. #ai

Five things we DID NOT do last week

1. Track users
2. Send data to another company or organisation
3. Boost or demote political content
4. Use Google or Bing Search API
5. Train AI using indexed content

[RSS] Learn Assembly the FFmpeg Way

https://hackaday.com/2025/02/23/learn-assembly-the-ffmpeg-way/

[RSS] Linux Kernel Some Vsock Vulnerabilities Analysis

https://u1f383.github.io/linux/2025/02/24/linux-kernel-some-vsock-vulnerabilities-analysis.html

Analysis of CVE-2025-21669, CVE-2025-21670 and CVE-2025-21666

Dan Farmer, who spoke at the first #DEFCON is still at it, this time pointing out some #BMC #IPMI problems on SuperMicro (and most likley other) systems:

https://trouble.org/?p=1227

forgot how good these are

https://www.pixiv.net/en/users/24431887

How auto-generated passwords in Sitevision leads to signing key leakage - CVE-2022-35202 https://www.shelltrail.com/research/how-auto-generated-passwords-in-sitevision-leads-to-signing-key-leakage-cve-2022-35202/

Unhacked Mattress Phones Home

https://hackaday.com/2025/02/24/unhacked-mattress-phones-home/

PSA #BinDiff for IDA 9.1+ will happen: https://github.com/google/bindiff/issues/50#issuecomment-2677767234

„For more than 20 years, we’ve been buying nothing else; our own industry has withered. We regret that the local baker, butcher, and poulterer have disappeared from the shopping street. But we never bought anything from them anymore, so it’s our own fault.“ - @bert_hubert
#cloud
https://berthub.eu/articles/posts/communicating-without-musk-and-trump-cloud-kootwijk/

How have I not heard about https://wtrace.net before?!

#ReverseEngineering #Windows

[RSS] Exploiting LibreOffice (CVE-2024-12425 and CVE-2024-12426)

https://codeanlabs.com/blog/research/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426/

#lotr #memes

The system cannot.

My RSS notified me about this interesting #ReverseEngineering tool, but when I opened the repo
- It included a README and a **.zip**
- The URL was written like this: https:\\www.exetools[.]net (surprisingly, it did even work in my browser!)

Absolutely barbaric!

A couple of weeks ago, I wanted to show a friend how to use PHP.

The `foreach` docs showed `foreach ($array as &$value) {}` as the first example and was otherwise out of date with current PHP practices as well. Using `list($a, $b)` over `[$a, $b]`, old array syntax, and so on.

So I learned how the docs work these days and sat down to fix it: https://github.com/php/doc-en/pull/4451/

Big thanks to @Girgias for the great review.

Wasn't hard, you can do it too! :)

https://www.php.net/manual/en/control-structures.foreach.php