canonical mode

https://wizardzines.com/comics/canonical-mode/

👀 https://www.reuters.com/technology/cybersecurity/chinas-baidu-denies-data-breach-after-executives-daughter-leaks-personal-info-2025-03-20/

"But Ryan, the C preprocessor isn't a programming language!"

Skill issue.

The official website of zero-day broker Zerodium has been updated in December of last year. There are no price lists nor any information anymore, just an email and a PGP public key.

🤔

If you know what's happening there...let me know.

https://zerodium.com

New Project Zero issue:

msm_npu: Race between npu_host_unload_network and npu_host_exec_network_v2 leads to memory corruption

https://project-zero.issues.chromium.org/issues/380081941

CVE-2025-21424

[oss-security] [kubernetes] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

https://seclists.org/oss-sec/2025/q1/234

"The order in which objects are deleted
during namespace termination is not defined, and it is possible for network
policies to be deleted before the pods that they protect." whoops :)

Up-to-date fork of Sourcetrail:

https://github.com/petermost/Sourcetrail

h/t @brk

For those just learning about LibGen because of the reporting on Meta and other companies training LLMs on pirated books, I’d highly recommend the book Shadow Libraries (open access: https://direct.mit.edu/books/oa-edited-volume/3600/Shadow-LibrariesAccess-to-Knowledge-in-Global).

I just read it while working on the Wikipedia article about shadow libraries, and it’s a fascinating history. https://en.wikipedia.org/wiki/Shadow_library

I fear the already fraught conversations about shadow libraries will take a turn for the worse now that it’s overlapping with the incredibly fraught conversations about AI training.

#AI #LibGen #OpenAccess

[RSS] What could cause a memory corruption bug to disappear in safe mode?

https://devblogs.microsoft.com/oldnewthing/20250320-00/?p=110981

Let's also talk about our failures!

We tried to make a consortium for a cool EU-funded project about malware analysis, but didn't manage to do it in time. 🫤

We'll try again! If you're an SME owned and controlled in the EU, feel free to get in touch 💪

https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-eccc-2024-deploy-cyber-07-keytech

Linux kernel hfsplus slab-out-of-bounds Write

Outstanding article by Attila Szasz about exploiting a slab out-of-bounds bug in the HFS+ filesystem driver.

The author discovered that Ubuntu allows local (not remote/SSH'd) non-privileged users to mount arbitrary filesystems via udisks2 due to the used polkit rules. This includes filesystems whose mounting normally requires CAP_SYS_ADMIN in the init user namespace.

The article thoroughly describes a variety of techniques used in the exploit, including a cross-cache attack, page_alloc-level memory shaping, arbitrary write via red-black trees, and modprobe_path privilege escalation.

https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

🦘🛜Compromising bastion host to gain full control over the internal infrastructure.
Read more about the vulnerabilities we uncovered in JumpServer in our recent blog post:

https://www.sonarsource.com/blog/diving-into-jumpserver-attackers-gateway-to-internal-networks-1-2?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-diving-into-jumpserver-attackers-gateway-to-internal-networks-250319-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #security #vulnerability

🌪️ TyphoonPWN is back for its 7th year at TyphoonCon! 💻💰
This year, we’re offering up to $70,000 for discovering and exploiting Linux Privilege Escalation vulnerabilities.
Remote participation is allowed, so grab your gear, sharpen your knowledge, and sign up: https://typhooncon.com/typhoonpwn-2025/

In case anyone is wondering why people use VSCode: I spent most of the day configuring LSP's for graybeard editors (vim/emacs) and God my head hurts!

[RSS] Advisory X41-2025-001: Multiple Vulnerabilities in OpenSlides

https://x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides/

How is that Sourcetrail development was not picked up by anyone?

https://github.com/CoatiSoftware/Sourcetrail

Useful piece. Solar panels are largely cloud managed, and now in The Netherlands alone create the same power as 50 of our nuclear power plants. If you switch this 25GW on/off remotely, the consequences could be huge. And we do not regulate these cloud platforms at all: https://www.dw.com/en/how-hackers-capture-your-solar-panels-and-cause-grid-havoc/a-71593448

It seems that our Veeam CVE-2025-23120 post is live.

I would never do this research without @SinSinology He insisted a lot, thx man. 😅

If you know CVE-2024-40711, this vuln can be patch-diffed and exploit armed in 5 minutes. Unfortunately, it's super simple at this point.

https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

[RSS] You can't simulate keyboard input with PostMessage, revisited

https://devblogs.microsoft.com/oldnewthing/20250319-00/?p=110979

Love the prank call example :D