66 weeks in a row...whatchu know about it 📰 THE vuln research newsletter out NOW

MCPGhidra from @lauriewired

@u1f383 talks DirtyCOW

Mitigations galore with @standa_t and @slowerzs

XSS -> RCE with @chudypb and @watchtowrcyber

+ Jobs and MORE 👇

https://blog.exploits.club/exploits-club-weekly-newsletter-66-mitigations-galore-dirtycow-revisited-program-analysis-for-uafs-and-more/

XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115)

https://www.openwall.com/lists/oss-security/2025/04/03/1

"Our belief is that it's highly impractical to exploit on 64-bit systems
where xz was built with PIE (=> ASLR), but that on 32-bit systems,
especially without PIE, it may be doable."

The Exploit Development Life Cycle: From Concept to Compromise /by @chompie1337

https://www.youtube.com/watch?v=ce0bXORSMX4

Frida 16.7.0 is out w/ brand new APIs for observing the lifecycles of threads and modules, a profiler, multiple samplers for measuring cycles/time/etc., MemoryAccessMonitor providing access to thread ID and registers, and more 🎉 https://frida.re/news/2025/03/13/frida-16-7-0-released/

#NotepadPlusPlus v8.7.9 released.
The author is totally my spirit animal.
#arm64 #windows #freeware

https://notepad-plus-plus.org/news/v879-we-are-with-ukraine/ https://notepad-plus-plus.org/news/v879-we-are-with-ukraine/

Edit: we is fedi-trending, guyzz! 🤗

[RSS] Finding an Unauthenticated RCE nday in Zendto, patched quietly in 2021. Lots of vulnerable instances exposed to the internet.

https://projectblack.io/blog/zendto-nday-vulnerabilities/

#NoCVE

I'm sad to say that we're following the lead of many others and putting in proof-of-work proxies into place to protect ourselves against "AI" crawler bots. Yes, I hate this as much as you, but all other options are currently worse (such as locking us into specific vendors).

We'll be rolling it out on lore.kernel.org and git.kernel.org in the next week or so.

Another day, another bug...

In 2020, I solved a gnarly reverse engineering challenge in PlaidCTF. Only 9 teams solved.

It's a huge pile of Typescript. Everything is named after a fish.

The catch? There's no code, only types. How do they perform computation using just the type system?

(Spoiler: Circuits!)

High level diff of iOS 18.4 vs. iOS 18.5 beta 1 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_4_22E240__vs_18_5_22F5042g/README.md

We've been teasing it for a while, but the full features of Firmware Ninja are officially available on dev and will be in the 5.0 release later this month! Doing reverse engineering of embedded firmware? Check out how FWN can make your life better:

https://binary.ninja/2025/04/02/firmware-ninja.html

How can one engage in algorithmic sabotage to poison "AI" scrapers looking for images when one is running a static website? Thanks to @pengfold, I've implemented a quick and easy way for my own blog:

https://tzovar.as/algorithmic-sabotage-ii/

Also thanks to @rostro & @asrg for the pointers and discussion!

#ai #sabotage #luddite

[RSS] What keeps kernel shadow stack effective against kernel exploits?

https://tandasat.github.io/blog/2025/04/02/sss.html

LLM use case: as "github syntax highlighter" doesn't give very good results when I try to find out what GitHub specifically uses, I turned to FastGPT.

Its answer ("Tree-sitter grammars are used for syntax highlighting") was wrong, while pointed to the correct SO answer (pointing to Linguist) as a reference:

https://stackoverflow.com/questions/8886360/what-javascript-syntax-highlighter-does-github-use

It's time to explain Thunderbird's relationship to Mozilla again.

Thunderbird is in its own legal entity - MZLA Technologies and is governed in part by a Community Council elected by and from our open source contributors.

Thunderbird is currently 100% donation-funded. We do not receive any money outside what our donors give us.

This is good for Thunderbird and makes us unique. Our whole structure only works to serve the interests of our users and contributor community.

70 DIY Synths on One Webpage

https://hackaday.com/2025/04/02/70-diy-synths-on-one-webpage/

[RSS] Time Travel Analysis for fuzzing crash analysis

https://eshard.com/posts/back-to-the-crash

Accidental timing: this one from eShard is different from my previous #TimeTravelDebugging post!

Time Travel Analysis with a full-system android emulator gives you the full picture.

But if you're just looking at one part of an app, a lighter method can be enough.

Here’s how we used Frida to do it: https://eshard.com/posts/frida-tracer-lightweight-time-travel-analysis

#mobilesecurity #android #androidsecurity #reverseengineering

Sorry, I blogged:

Debugging loadlibrary Through Space and Time

https://scrapco.de/blog/debugging-loadlibrary-through-space-and-time.html

#ReverseEngineering #TimeTravelDebugging #rr #ASAN