DECORE posted some ADCS magic but I couldn’t yet figure out how to switch language o.O

https://devco.re/blog/2025/04/10/taking-over-the-entire-domain-in-minutes-what-have-you-overlooked-in-active-directory/

Edit: This doesn’t seem like anything Earth-shattering, but a nice summary of state of ADCS security (spoiler: it is bad)

TIL PHP OpCache has a Lua interpreter embedded o.O

https://github.com/php/php-src/blob/master/ext/opcache/jit/ir/dynasm/minilua.c

After installing April's updates, Windows 10 and 11 systems now have an empty C:\inetpub directory.

This seems... unexpected?

IDK what Yii 2 is but its GitHub page says "Yii 2 is a modern framework designed to be a solid foundation for your PHP application." Also it has 14.3k stars on GitHub so clearly someone is using it. And regression vulns are bad in general, but especially in EITW ones.

https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52

sev:CRIT - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

https://nvd.nist.gov/vuln/detail/CVE-2024-58136

🚨 New advisory was just published! 🚨

A critical Remote Code Execution (RCE) vulnerability has been discovered in Calix. This vulnerability arises due to improper sanitation of user input in a CWMP (CPE WAN Management Protocol) service. Exploiting this flaw allows an attacker to execute arbitrary system commands with root privileges, leading to full system compromise: https://ssd-disclosure.com/ssd-advisory-calix-pre-auth-rce/

I just published a post on my blog about the IBM i 7.6 announcement - enjoy!

https://www.ibmi4ever.com/posts/20250409-ibmi-76-has-been-announced/

#IBMi #ACS

Static Analysis via Lifted PHP (Zend) Bytecode | Eptalights https://eptalights.com/blog/04-php-support

Our new Testing Handbook section on snapshot fuzzing helps security engineers test software that's traditionally difficult to analyze, such as kernel components and antivirus, where a single crash can take down the entire system.

Snapshot fuzzing captures memory and register states at critical execution points, allowing security engineers to:

- Test thousands of code paths without time-consuming system restarts
- Ensure fully deterministic testing where the same input always produces the same result
- Eliminate unreproducible crashes by starting each test from identical states
-Easily track code coverage and detect failures in emulated environments

In this section, we provide step-by-step instructions for building custom harnesses, fuzz campaigns, and more using What the Fuzz (wtf), an open-source snapshot-based fuzzer.

https://blog.trailofbits.com/2025/04/09/introducing-a-new-section-on-snapshot-fuzzing-for-kernel-level-testing-in-the-testing-handbook/

New blog post: With Carrots & Sticks - Can the browser handle web security? https://frederikbraun.de/madweb-keynote-2025.html - This is the blog version of my keynote from MADWeb 2025 earlier this year. It's about how web security could become the browser's responsibility.

Have a couple Juniper CVEs, in case you get bored.

https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U

An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).

In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed. Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.

https://nvd.nist.gov/vuln/detail/CVE-2025-21594

https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591

sev:HIGH 7.1 - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.

Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.

https://nvd.nist.gov/vuln/detail/CVE-2025-21591

okay. if you ever want to get the previous version of a file that Windows Update has updated, do i have an utility for you https://github.com/whitequark/ApplyDeltaB

We've open-sourced another core Binary Ninja feature: SCC. If you're not familiar with it, the Shellcode Compiler has been built-in to BN from the beginning, allowing you to build small PIE shellcode in a variety of architectures right from the UI: https://scc.binary.ninja/ (Source: https://github.com/Vector35/scc)

Seriously, this HAS to be insider trading.

Come on! First you announce tariffs, every stock tanks, you play the hard to get dude and proclaim with a swollen chest that there will be no delays, everything tanks even more.

And now you delay everything by 90 days? In the mean time your buddies bought everything at a low and now the stock recovers.

Come the fuck on!

pleased to hear the penguins have won the trade bargains

#USpolitics #USpol

NEW: A recently published court document shows the locations of WhatsApp victims targeted with NSO Group's spyware.

The document lists 1,223 victims in 51 countries, including Mexico, India, Morocco, United Kingdom, United States, Spain, Hungary, Netherlands, etc.

This targeting was over a span of around two months in 2019, according to WhatsApp's lawsuit against NSO Group.

http://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/

CISA added CVE-2024-53150 to the KEV catalog.

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.

Interestingly, the NVD and NIST disagreed on the vector. NVD rated it as sev:HIGH 7.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H while CISA-ADP updated it two days ago as sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://nvd.nist.gov/vuln/detail/CVE-2024-53150

Just saw it mentioned on LWN, handy site for checking which distros enable a certain config option: https://oracle.github.io/kconfigs/?config=UTS_RELEASE&... Just replace UTS_RELEASE with whatever config option name minus CONFIG_, for example: https://oracle.github.io/kconfigs/?config=CFI_CLANG&...