🚨 Calling all Chromium developers and fans! 🚨

Ready to showcase your coding skills and earn up to $10,000? The Supporters of Chromium Based Browsers (SOCBB) Bug Bounty Program is live! Fix bugs in Chromium-based browsers like Chrome & Edge.

Contribute to repos like chromium, v8, Skia, and more!
🖥️ Payment via GitHub Sponsors.

Get started now: https://github.com/Supporters-Of-Chromium-Based-Browsers/Bug-Bounty-Program/blob/main/README.md

#Chromium #BugBounty #OpenSource #DeveloperCommunity

Why 40,000 People Die for Every 1% Increase in Unemployment - The Big Short

https://www.youtube.com/watch?v=_XgU6ZT1QDk

Companies are refusing to hire or even laying off plumbers because hucksters backed by massive unicorn-chasing investment money told them they can build plumbing faster and cheaper out of cardboard.

A few years from now, there’s going to be a hell of a market for people who can replace cardboard toilets with real ones.

And also for people who can replace carpets. And walls and floors.

This is a post about LLM-generated code.

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 004f2a10

tls_post_process_client_hello

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F004f2a10.json&colors=light

We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab in partnership with @ostifofficial and commissioned by the @sovtechfund.

Learn more: https://thephp.foundation/blog/2025/04/10/php-core-security-audit-results/

DECORE posted some ADCS magic but I couldn’t yet figure out how to switch language o.O

https://devco.re/blog/2025/04/10/taking-over-the-entire-domain-in-minutes-what-have-you-overlooked-in-active-directory/

Edit: This doesn’t seem like anything Earth-shattering, but a nice summary of state of ADCS security (spoiler: it is bad)

TIL PHP OpCache has a Lua interpreter embedded o.O

https://github.com/php/php-src/blob/master/ext/opcache/jit/ir/dynasm/minilua.c

After installing April's updates, Windows 10 and 11 systems now have an empty C:\inetpub directory.

This seems... unexpected?

🚨 New advisory was just published! 🚨

A critical Remote Code Execution (RCE) vulnerability has been discovered in Calix. This vulnerability arises due to improper sanitation of user input in a CWMP (CPE WAN Management Protocol) service. Exploiting this flaw allows an attacker to execute arbitrary system commands with root privileges, leading to full system compromise: https://ssd-disclosure.com/ssd-advisory-calix-pre-auth-rce/

I just published a post on my blog about the IBM i 7.6 announcement - enjoy!

https://www.ibmi4ever.com/posts/20250409-ibmi-76-has-been-announced/

#IBMi #ACS

Static Analysis via Lifted PHP (Zend) Bytecode | Eptalights https://eptalights.com/blog/04-php-support

Our new Testing Handbook section on snapshot fuzzing helps security engineers test software that's traditionally difficult to analyze, such as kernel components and antivirus, where a single crash can take down the entire system.

Snapshot fuzzing captures memory and register states at critical execution points, allowing security engineers to:

- Test thousands of code paths without time-consuming system restarts
- Ensure fully deterministic testing where the same input always produces the same result
- Eliminate unreproducible crashes by starting each test from identical states
-Easily track code coverage and detect failures in emulated environments

In this section, we provide step-by-step instructions for building custom harnesses, fuzz campaigns, and more using What the Fuzz (wtf), an open-source snapshot-based fuzzer.

https://blog.trailofbits.com/2025/04/09/introducing-a-new-section-on-snapshot-fuzzing-for-kernel-level-testing-in-the-testing-handbook/

New blog post: With Carrots & Sticks - Can the browser handle web security? https://frederikbraun.de/madweb-keynote-2025.html - This is the blog version of my keynote from MADWeb 2025 earlier this year. It's about how web security could become the browser's responsibility.

okay. if you ever want to get the previous version of a file that Windows Update has updated, do i have an utility for you https://github.com/whitequark/ApplyDeltaB

We've open-sourced another core Binary Ninja feature: SCC. If you're not familiar with it, the Shellcode Compiler has been built-in to BN from the beginning, allowing you to build small PIE shellcode in a variety of architectures right from the UI: https://scc.binary.ninja/ (Source: https://github.com/Vector35/scc)

Seriously, this HAS to be insider trading.

Come on! First you announce tariffs, every stock tanks, you play the hard to get dude and proclaim with a swollen chest that there will be no delays, everything tanks even more.

And now you delay everything by 90 days? In the mean time your buddies bought everything at a low and now the stock recovers.

Come the fuck on!

pleased to hear the penguins have won the trade bargains

#USpolitics #USpol