Here are my notes on using a Python virtual environment with IDA Pro:

https://williballenthin.com/post/using-a-virtualenv-for-idapython/

#idapro

use-after-free (maybe?) in libspf2 /by @hanno

https://www.openwall.com/lists/oss-security/2025/03/28/1

Maybe @thezdi could shed some light on CVE-2023-42118 ?

I'm not promising you perfection, BUT

Rivers of Nihil featured in the CMS Live stream :D

https://www.youtube.com/watch?v=r7IoAtt8r24

#metal

Spent the morning with my amazing friend Diána Laurent. We sat in a café, talked, laughed, plotted a short comic, and she did character sketches for the MCs I came up with. It was inspiring and wonderful. Seeing an artist bring characters to life will always feel like absolute magic to me. ✨️

(AI can suck it. It will never replicate this.)

#art #artist #sketching #writing #CharacterArt #flow #image

Alright, let's get the #nakeddiefriday going.

Today's exhibit is AR9281 by Atheros, a very classic Wi-Fi chip found in many devices. Comes in very pink hues. A short thread with highlights follows.

SiPron page: https://siliconpr0n.org/archive/doku.php?id=infosecdj:atheros:ar9281-al1e

#electronics #reverseengineering #microscopy

Would you like to join the #CMS Virtual Visit today? Go to the CMS Youtube Channel at 14:30PM CET and join the LIVE streaming!

https://www.youtube.com/@cmsexperiment

#CERN

Sam Altman’s Studio Ghibli memes are another distraction from OpenAI’s money troubles

https://pivot-to-ai.com/2025/03/27/sam-altmans-studio-ghibli-memes-are-another-distraction-from-openais-money-troubles/ -text
https://www.youtube.com/watch?v=38T84uF771U - video

The IP-law debate around #LLM's reminded me of this old joke:

A cute little girl walks up to the ice cream stand:
- Hello, how much is an empty cone?
- Oh, I can give you that for free - smiles the shop owner
- OK, then I'd like to have 5000 of them!

OpenAI is using Studio Ghibli-style memes as an ad hoc promotional campaign for its new image generator—despite Ghibli founder Hayao Miyazaki's famous hatred of AI. Sam Altman even made his X avatar a 'Ghiblified' portrait.

Disgracing Miyazaki is part of the point: It's more proof to the industry's biggest boosters that they have won—that they're free to use, appropriate, and commoditize art however they see fit.

https://www.bloodinthemachine.com/p/openais-studio-ghibli-meme-factory

The root cause of the Chrome 0-day logical vulnerability CVE-2025-2783, which we discovered used in attacks with sophisticated malware, also affects the Firefox! New CVE-2025-2857 has just been fixed in Firefox 136.0.4 https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

AppSec Ezine - 580th https://pathonproject.com/zb/?94fef6e1d88cee84#fBDZtrz8GV61O1oJd+9JWBeCO0Kuzyeb3/rheyA/NLA= #AppSec #Security

CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability https://cenobe.com/blog/cve-2025-27407/

[RSS] CrushFTP Authentication Bypass: Indicators of Compromise

https://www.horizon3.ai/attack-research/crushftp-authentication-bypass-indicators-of-compromise/

CVE-2025-2825

[RSS] MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities

https://www.thezdi.com/blog/2025/3/20/mindshare-using-binary-ninja-api-to-detect-potential-use-after-free-vulnerabilities

[RSS] The Evolution of Dirty COW (1)

https://u1f383.github.io/linux/2025/03/27/the-evolution-of-COW-1.html

After its legendary curator passed away a few years ago the reel-to-reel museum reopened in Keszthely:

https://www.youtube.com/watch?v=rySEk-eXFaY

#Hungary

wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149)

https://seclists.org/oss-sec/2025/q1/254

Three bypasses of Ubuntu's unprivileged user namespace restrictions

https://www.openwall.com/lists/oss-security/2025/03/27/6

This weeks published vulnerability research is strong enough already, now Qualys enters the party.

Reading the latest BLASTPASS writeup I can only wonder how many engineer hours must have gone into this thing. Incredible stuff!