was not expecting to be writing a vulnerability report for Command & Conquer Generals: Zero Hour today but here we are

https://github.com/TheSuperHackers/GeneralsGameCode/issues/272

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00734fe0

ossl_cms_EncryptedContent_init_bio

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00734fe0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00734fe0.json&colors=light

Alice and Bob

3 different VMware zero days, under active exploitation by ransomware groups

CVE-2025-22224, CVE-2025-22225, CVE-2025-22226

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion
VMware Cloud Foundation
VMware Telco Cloud Platform

(Exploitation actually ESXi)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

I need to do a blog post on this, but it seems like a lot of old tricks have been lost over the years. One thing I was thinking about is all the ways to obscure an executable name in command prompts. For example, and I'm not sure how many of them are documented, but all of these work:

BlackHoodie will be back at @_ringzer0 Bootcamp on March 21st with a training about Compiler Internals for Security Engineers, brought to you by.. me 😊 Registration is open, please tell your friends and hacker family, alternatively Shares appreciated 😁 https://blackhoodie.re/Ringzer0_Bootstrap_2025/

My team designed and is maintaining Enclaves. Good article here :-)

https://bird.makeup/@dwizzzlemsft/1896624017903325658

Two seemingly blockbuster stories published on Friday that reported that the Trump admin had ordered US Cyber Command and CISA to "stand down" on their work to detect and counter Russian cyber threats. But new info has come out to contradict the stories or qualify them. I dug into what we know and don't know. As always, if anyone has any additional information related to these stories, please contact me on Signal at KimZ.42.

https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/

go to the cloud they said
it'll be fine they said

New blog post: Electronic signing in Collabora Online https://vmiklos.hu/blog/cool-esign.html

CP/M Users: Looking for a copy of Avocet XASM85 for a resurrection project. #retrocomputing

🎉 KeePassXC 2.7.10 is out! 🥳

The most prominent changes in this release are the addition of a Proton Pass importer and (due to popular request) a new setting for changing the application font size. You can find the full list of changes on our website:
https://keepassxc.org/blog/2025-03-04-2.7.10-released/

𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝗹𝗶𝘃𝗲 𝘄𝗲𝗯𝗶𝗻𝗮𝗿 𝗼𝗻 𝗠𝗮𝗿𝗰𝗵 𝟲𝘁𝗵!
Discover how to eliminate debugging inefficiencies and accelerate vulnerability research with time travel analysis.

Register now 👇
https://www.linkedin.com/events/exploitingaroutervulnerabilityw7299810055170805761/

#cybersecurity #webinar #vulnerability #malware #reverseengineering