🎉 KeePassXC 2.7.10 is out! 🥳

The most prominent changes in this release are the addition of a Proton Pass importer and (due to popular request) a new setting for changing the application font size. You can find the full list of changes on our website:
https://keepassxc.org/blog/2025-03-04-2.7.10-released/

𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝗹𝗶𝘃𝗲 𝘄𝗲𝗯𝗶𝗻𝗮𝗿 𝗼𝗻 𝗠𝗮𝗿𝗰𝗵 𝟲𝘁𝗵!
Discover how to eliminate debugging inefficiencies and accelerate vulnerability research with time travel analysis.

Register now 👇
https://www.linkedin.com/events/exploitingaroutervulnerabilityw7299810055170805761/

#cybersecurity #webinar #vulnerability #malware #reverseengineering

I wonder what the person who took that famous photo of the Doge Shiba Inu makes of all this now?

High level diff of iOS 18.4beta1 vs iOS18.4beta2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_4_22E5200s__vs_18_4_22E5216h/README.md

Adapt to removal of Windows Arm32 .NET debugging

> .NET support for Windows on Arm32 has ended. Debugging support for this platform will be removed from Visual Studio 2022 starting with the 17.14 update.

https://learn.microsoft.com/en-us/visualstudio/debugger/adapt-to-removal-of-windows-arm32-dotnet-debugging?view=vs-2022

I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!

These five stood out among the 352 CVEs actively discussed across the Fediverse.

For each CVE, I’ve included a standout post from the community.

Enjoy exploring! 👇

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #CVE #CveCrowd

Listen, I'm not going to pretend that I'm even remotely surprised, but I will tell you that this is a slap in the face to every person in the infosec community that has worked to track and thwart Russian APTs for the last several decades.

https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security

Happy #303day to all who celebrate.

It took me a whole year to finally upload last year's jam...

https://music.axwax.eu/axwax-303-day-2024/

#MyMusic #BonkWaveAdjacent

today, i have IP-blocked the entirety of alibaba cloud’s IPv4 range (47.80.0.0/13, 47.74.0.0/15, 47.76.0.0/14). And you could ask - domi, what the hell, that’s kinda sorta a lot of addresses?

fucking watch this: that’s sakamoto Mk5, my Ryzen 9 7950X3D server. Never before have I seen forgejo taking this much CPU.

They’ve generated 9GB of access logs (!) and 230GB of generated tarballs (!!!) before I got to my laptop, investigated and ip-banned them. I’m positive that most forgejo deployments in existence wouldn’t survive this.

If you needed another reason to fuck generative AI today - here’s one

So I didn't know, but Europe already has a backup of PubMed, the database of biomedical research publications. The US PubMed broke down over the weekend. And here is our alternative: https://europepmc.org/ #pubmed #pmc

🚀 New Blog & PoC Release: Abusing IDispatch for COM Object Access & PPL Injection 🚀
I've developed a PoC exploit that demonstrates an interesting bug class in COM servers implementing IDispatch, allowing indirect object creation within the target process. Specifically, by leveraging the ability to instantiate STDFONT—a legacy COM class not designed for cross-process use—I was able to achieve code injection into a Windows PPL (Protected Process Light) process. This technique enables interaction with protected processes like LSASS.
This research builds on the work of @tiraniddo who identified how COM object manipulation via IDispatch can lead to unexpected process interactions. My PoC takes this concept further by demonstrating its practical impact through registry manipulation and .NET payload execution inside PPL processes.
🔍 Blog Post: https://mohamed-fakroud.gitbook.io/red-teamings-dojo/abusing-idispatch-for-trapped-com-object-access-and-injecting-into-ppl-processes
💻 PoC & Source Code: https://github.com/T3nb3w/ComDotNetExploit
Key Highlights:
🔹 Exploiting IDispatch in OOP COM servers
🔹 Abusing STDFONT instantiation for process injection
🔹 Achieving code execution inside PPL and accessing LSASS
🔹 Bypassing SEC_IMAGE integrity checks
🔹 Leveraging OnlyUseLatestCLR for compatibility

I keep hearing that Sup shouldn't exist because X exists.

I made Sup to replace Snapchat and Facebook Messenger in my own friend group

I think it might be useful to other friend groups or families too, being that you can join with an email or Pixelfed/Loops or Mastodon account

Not only that, but Sup will be modular, allowing for rich integration with pretty much any other chat platform (Signal, Matrix, Delta, etc)

It's like Beeper, but federated and open source. 🚀

#sup #supApp #supMessenger

Hi! The slides for my talk today at RE//verse 2025 (@REverseConf), "Reconstructing Rust Types: A Practical Guide for Reverse Engineers", are now published: https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025

It's been great to catch up with so many folks - if you're at the conference, come by and say hi!

The presentation was recorded, and the video will be published at a future date!

#reverseengineering #rust #rustlang #malware #infosec #REverse2025

This is the most important comment I have heard this week — Poland’s Prime Minister Donald Tusk:

“500 million Europeans are asking 300 million Americans to defend them against 140 million Russians […] Europe, if there is something we lack today, it is not economic or demographic power, but the belief that we are truly a global force.”

I think Tusk hits the bullseye here. Those 140 million Russians are already fully occupied by fighting Ukraine, and our leaders act like we are Liechtenstein.

If you are looking for my slides from my Reverse talk, you can find it and useful artifacts here: https://github.com/mahaloz/talks/tree/main/2025/REverse_SAILR