NEW: A recently published court document shows the locations of WhatsApp victims targeted with NSO Group's spyware.

The document lists 1,223 victims in 51 countries, including Mexico, India, Morocco, United Kingdom, United States, Spain, Hungary, Netherlands, etc.

This targeting was over a span of around two months in 2019, according to WhatsApp's lawsuit against NSO Group.

http://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/

Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: https://oracle.github.io/kconfigs/?config=UTS_RELEASE&... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: https://oracle.github.io/kconfigs/?config=CFI_CLANG&...

Splitting water into hydrogen and oxygen takes more energy than it theoretically should, which is partly why it's not used on a large scale to generate hydrogen fuel.

Now scientists know why – and it's all down to a feat of nanoscale gymnastics.

https://physicsworld.com/a/splitting-water-takes-more-energy-than-theory-predicts-and-now-scientists-know-why/

#physics #chemistry #science

🔴 Our @reconmtl talk of last year has been published!

"Path of rev.ng-ance: from raw bytes to CodeQL on decompiled code"

Check it out: https://www.youtube.com/watch?v=0lrhCV14nVE

A call to memcpy() in a single binary that uses glibc may behave in 12 different ways depending on the features of the specific x86-64 CPU you run it on.

Here is a list of those impls in glibc:

https://github.com/bminor/glibc/blob/12a497c716f0a06be5946cabb8c3ec22a079771e/sysdeps/x86_64/multiarch/ifunc-impl-list.c#L1174-L1218

Fwiw this may matter a lot during binary exploitation. This was important in a challenge from PlaidCTF 2025. E.g. passing a negative (or: very huge) length allowed you to write past a buffer without a crash (the given implementation was not doing a wild copy).

#linux #binaryexploitation #ctf

Hardening the Firefox Frontend with Content Security Policies
https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html

This meeting could have been a nap.

Here’s the #Ghidriff output for CLFS.sys 10.0.20348.3328 vs. 10.0.20348.3453, likely corresponding to the CVE-2025-29824 use-after-free LPE:

https://gist.github.com/v-p-b/8c43fb8e0d72814dcd03764d478622ce

Announce: OpenSSH 10.0 released

https://www.openwall.com/lists/oss-security/2025/04/09/1

Oh is it time for another Fortinet crit again? Unauthenticated admin password change in FortiSwitch.

CVE-2024-48887, CVSSv3 9.3

https://fortiguard.fortinet.com/psirt/FG-IR-24-435

#CVE #ThreatIntel

“Seniors also recognize that understanding problems isn’t just coming up with an algorithm. It’s understanding who wants the problem solved, why they want it solved, who’s paying for the problem to be solved, what parts of the problem have already been solved, what different kinds of solutions are possible, whether those solutions can be scaled or extended—and much more.”

https://www.oreilly.com/radar/seniors-and-juniors/

Weaponizing DCOM for NTLM Authentication Coercions https://github.com/xforcered/RemoteMonologue

Debugging in the terminal isn't difficult anymore 🔥

🛠️ Meet **heretek** — A gdb TUI dashboard

🐛 Supports viewing stack, registers, instructions, hexdump & more!

🚀 Works with remote targets seamlessly (no gdbserver!)

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/wcampbell0x2a/heretek

#rustlang #ratatui #tui #gdb #debugging #terminal #linux #commandline

Wisdom of the Pentium-M Man

#unix_surrealism #comic #penguin #ai #technomage

Shopware Unfixed SQL Injection in Security Plugin 6 https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/

🚀#InQL v6.0 is here! Full Kotlin rewrite w/ improved performance & responsiveness!
🆕 Built-in GraphiQL & #GraphQL Voyager visualization regardless of the target
🆕Circular references detector
🆕Improved batch queries screen
🚀 SPEED!
#doyensec #appsec

https://github.com/doyensec/inql/releases/tag/v6.0.0