[RSS] Reporting on the IBM 2025 Report

https://jericho.blog/2025/04/22/reporting-on-the-ibm-2025-report/

ATT&CK v17 is now live! This release includes the first version of the ESXi platform, a pile of defensive upgrades, and fresh content across Enterprise, Mobile, and ICS.

Check out our blog post describing the changes by Amy Robertson & @whatshisface at https://medium.com/mitre-attack/attack-v17-dfb59eae2204

The year is 2031.
Chrome development has accelerated even more under OpenAI, to the point where every tab now needs 16GB of RAM.
Mozilla has been restructured and is now a joint venture between IBM and Oracle, aiming to put the "Java" back in "JavaScript" and some vague statements about quantum computing.
Opera's parent company has been absorbed by Tencent and now requires sign-in with a China mainland phone number.
Microsoft has rebranded Edge to "Copilot for Web" and is gradually removing the last hacks that allow manual text input. Amazon and Meta are currently lobbying the government to force Microsoft to sell Copilot to them. It's not clear what "Copilot" they're talking about, but that may be intentional.
Apple's Safari has escaped regulatory scrutiny for the most part, but its market share is slow to recover after half a decade of an "Apple Intelligence first" user interface that Apple has now finally reversed course on.

https://mastodon.social/@verge/114383625601142305

Today I found an unauthenticated Docker API endpoint, and couldn't find a working exploit script, so I made one. It exfils out-of-band if you can't get output (I couldn't) and auto-cleans up after itself.

Nessus: Docker Remote API Detection

https://github.com/n00py/DockerKnocker

The what where now?

"Bad programmers worry about the code. Good programmers worry about data structures and their relationships."

Are there any (case-)studies about using LLM's to create data models?

SEC-T 0x10: Jonas Vestberg - Hello my name is QSECOFR /by @bugch3ck

https://www.youtube.com/watch?v=Zt5AOR5zLhM

Very nice presentation about #IBMi security, including post-exploitation steps and lateral movement via pass-the-hash!

‘Reasoning’ AI is LYING to you! — or maybe it’s just hallucinating again /by @davidgerard

https://pivot-to-ai.com/2025/04/18/reasoning-ai-is-lying-to-you-or-maybe-its-just-hallucinating-again/

Let's talk about xPal, which purports to be an encrypted messaging app. https://xpal.com

Anyone that reads my blog probably already knows where this is going.

If this post accidentally reaches escape velocity and people that don't know me find it: Hi, I'm a furry cryptography nerd. Usually when I talk about so-called private apps, it's to disclose vulnerabilities in them.

(Today, I just don't have the damn energy to do a formal write-up.)

Let's start with how they market their app.

Interesting AI Act case in Europeaj Court of Justice may decide if just about any algorithms, including non-AI ones, are subject to the AI Act (regulation about Artificial Intelligence). It would be a fascinating expansion of the regulation applications. https://curia.europa.eu/juris/showPdf.jsf?text=&docid=298104&pageIndex=0&doclang=PL&mode=lst&dir=&occ=first&part=1&cid=12213338

Hash Resolver Resolve hashed API names by emulating the hashing function in-place using Unicorn Engine + #IDA integration.

https://github.com/moreveal/hash-resolver

Tracing malloc calls in PCode

https://scribe.rip/@cy1337/tracing-data-flow-with-pcode-f879278d9fc1

#Ghidra #ReverseEngineering

[RSS] Zero Day Quest 2025: $1.6 million awarded for vulnerability research

https://msrc.microsoft.com/blog/2025/04/zero-day-quest-2025-1.6-million-awarded-for-vulnerability-research/

Russia is quietly rewriting reality — but not through tanks or troops, but by feeding disinformation and propaganda into the tools people may increasingly trust to understand the world: AI chatbots. It's gaming of the system, feeding propaganda in ways that people might never know what’s happening. Efforts to influence chatbot results are growing, as former SEO marketers now use "generative engine optimization" (GEO) to boost visibility in AI-generated responses https://www.washingtonpost.com/technology/2025/04/17/llm-poisoning-grooming-chatbots-russia/

i'm very excited about this new work my team at @trailofbits is doing: we're building an ASN.1 API for PyCA Cryptography, giving users direct access to the same memory-safe, high-performance DER parser that Cryptography already uses for X.509:

https://blog.trailofbits.com/2025/04/18/sneak-peek-a-new-asn.1-api-for-python/

[RSS] A First Glimpse of the Starlink User Ternimal

https://www.darknavy.org/blog/a_first_glimpse_of_the_starlink_user_ternimal/

[RSS] Cybersecurity (Anti)Patterns: Busywork Generators

https://spaceraccoon.dev/cybersecurity-antipatterns-busywork-generators/

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a287bec

yy_destructor

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a287bec.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a287bec.json&colors=light

A blog explaining V8 Parser Workflow with a case study by w1redch4d

https://w1redch4d.github.io/post/parser-workflow/