Would you like to join the #CMS Virtual Visit today? Go to the CMS Youtube Channel at 14:30PM CET and join the LIVE streaming!

https://www.youtube.com/@cmsexperiment

#CERN

Sam Altman’s Studio Ghibli memes are another distraction from OpenAI’s money troubles

https://pivot-to-ai.com/2025/03/27/sam-altmans-studio-ghibli-memes-are-another-distraction-from-openais-money-troubles/ -text
https://www.youtube.com/watch?v=38T84uF771U - video

The IP-law debate around #LLM's reminded me of this old joke:

A cute little girl walks up to the ice cream stand:
- Hello, how much is an empty cone?
- Oh, I can give you that for free - smiles the shop owner
- OK, then I'd like to have 5000 of them!

OpenAI is using Studio Ghibli-style memes as an ad hoc promotional campaign for its new image generator—despite Ghibli founder Hayao Miyazaki's famous hatred of AI. Sam Altman even made his X avatar a 'Ghiblified' portrait.

Disgracing Miyazaki is part of the point: It's more proof to the industry's biggest boosters that they have won—that they're free to use, appropriate, and commoditize art however they see fit.

https://www.bloodinthemachine.com/p/openais-studio-ghibli-meme-factory

The root cause of the Chrome 0-day logical vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4 https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

AppSec Ezine - 580th https://pathonproject.com/zb/?94fef6e1d88cee84#fBDZtrz8GV61O1oJd+9JWBeCO0Kuzyeb3/rheyA/NLA= #AppSec #Security

CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability https://cenobe.com/blog/cve-2025-27407/

[RSS] CrushFTP Authentication Bypass: Indicators of Compromise

https://www.horizon3.ai/attack-research/crushftp-authentication-bypass-indicators-of-compromise/

CVE-2025-2825

[RSS] MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities

https://www.thezdi.com/blog/2025/3/20/mindshare-using-binary-ninja-api-to-detect-potential-use-after-free-vulnerabilities

[RSS] The Evolution of Dirty COW (1)

https://u1f383.github.io/linux/2025/03/27/the-evolution-of-COW-1.html

After its legendary curator passed away a few years ago the reel-to-reel museum reopened in Keszthely:

https://www.youtube.com/watch?v=rySEk-eXFaY

#Hungary

wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149)

https://seclists.org/oss-sec/2025/q1/254

Three bypasses of Ubuntu's unprivileged user namespace restrictions

https://www.openwall.com/lists/oss-security/2025/03/27/6

This weeks published vulnerability research is strong enough already, now Qualys enters the party.

Reading the latest BLASTPASS writeup I can only wonder how many engineer hours must have gone into this thing. Incredible stuff!

My small child BlogFlock (https://blogflock.com) is a social RSS feed reader - share the blogs you follow with friends and strangers!

BlogFlock will always be free to use and never show you ads.

But running a feed aggregator is expensive at scale.

On top of BlogFlock's pretty decent feature set (if I say so myself), what features or service guarantees would convince you to spend $25/year on a social feed reader?

"The designer of a new system must not only be the implementor and the first large-scale user; the designer should also write the first user manual. If I had not participated fully in all these activities, literally hundreds of improvements would never have been made, because I would never have thought of them or perceived why they were important."

-- Donald Knuth, “The Errors of TeX”

looks like the AI + MCP-assisted reverse engineering hype train is gaining steam! 🚂✨

in just the past few days, we've seen:
• @itszn13 integrating MCP into @vector35’s Binary Ninja (https://x.com/itszn13/status/1903227860648886701)
• @jh_pointer casually dropping his IDA MCP project, which I had to nerdsnipe myself into trying (https://github.com/MxIris-Reverse-Engineering/ida-mcp-server, https://x.com/bl4sty/status/1904631424663379973)
• @mrexodia rolling out a clean (judging by a quick code quality check) MCP implementation for IDA (https://github.com/mrexodia/ida-pro-mcp)
• @lauriewired dropping GhidraMCP for @nsagov’s Ghidra (https://github.com/LaurieWired/GhidraMCP)

these tools are early-stage but already hint at the potential for interactive RE software running on (semi) autopilot.

makes me wonder—should we formalize a set of MCP primitives across RE tools and unify them under one overarching framework? 🤔

of course, these aren’t silver bullets. but much like typical LLM usage, in the right hands, they could be powerful time-savers.

curious to see what comes next! might be time for hacking competitions focused on small/constrained binaries to start thinking about countermeasures against AI-assisted cheesing. 👀

https://bird.makeup/@itszn13/1903227860648886701

New Signal update just dropped

#SignalGate #USpolitics #WorldPolitics

Napalm Death is like fine wine, but with napalm.

Today we are very proud to announce that the United Nations has switched from Google Forms to CryptPad Form for collecting endorsements on the UN Open Source Principles: https://unite.un.org/news/sixteen-organizations-endorse-un-open-source-principles

CryptPad Form is a full-fledged application allowing you to build privacy-preserving questionnaires for your respondents.

Try it for free, without even registering an account, on our CryptPad.fr flagship instance!

#UnitedNations #UN #Privacy #OpenSource #Forms #Studies #FOSS