RUMOURS are TRUE 🤷‍♀️

PHRACK will be releasing a SPECIAL #71.5 👉HARDCOVER👈
at https://www.offensivecon.org/
BERLIN ("The 𞅀-Day Edition").

Main #72 release THIS SUMMER at MULTIPLE conferences (main release at WHY2025). ❤️

If you've discovered a potential vulnerability in Firefox, please see our way to get rewarded for your work. We do not require exploits. Just a bug description is enough.

Of course, we reward and encourage sending us more details (PoC, detailed report, regression range, potential fix). But to qualify for a bug bounty, all you need is a bug.

Please check our bounty FAQ at https://www.mozilla.org/en-US/security/bug-bounty/faq/

If you've discovered vulnerabilities in major browsers like Chrome, Safari, or Firefox, our program offers a fast, efficient way to get rewarded for your work. We focus exclusively on browsers with a large market share, ensuring your findings have real impact.

Our process is designed for efficiency—eliminating the usual delays and bureaucratic hurdles. You can submit vulnerabilities in minutes, receive detailed feedback within 72 hours, and be compensated with quick payouts within 15 days after validation.

We handle the full disclosure process, including vendor communications and paperwork, so you can focus on what matters: your research. Plus, you can maintain anonymity while receiving fair compensation for your contributions.

Check out the list of supported browsers and get started here: https://ssd-disclosure.com/product-index/

[RSS] Symbol Database for Reverse Engineers

https://symbol.exchange/grep?q=apr_

#ReverseEngineering

UVB-76 operator talking with a pirate - YouTube
https://www.youtube.com/watch?v=jKrNyPnTucQ

"Your call is so important to us, we have fired all the humans and replaced them with a terrible automated system that cannot understand you.

Please hold while we pay our executives another bonus for some reason.

Did you know you can use the Internet to discover our website can't answer your question?"

That SAP NetWeaver bug is pretty ouchy:

https://x.com/gothburz/status/1915755189019017411

#sap, #threatintel

Sent by Remington from Seattle, Washington, U.S.A. on October 16, 1995. https://postcardware.net/?id=27-70

this seems fun
https://www.fixbrowser.org/blog/fixproxy

"Back in 2018, [hyp3rlinx] reported a '.library-ms' File NTLM information disclosure vulnerability [...] this security flaw was finally deemed important by Microsoft and it received CVE-2025-24054"

https://seclists.org/fulldisclosure/2025/Apr/28

Original post:
https://web.archive.org/web/20190106181024/https://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.LIBRARY-MS-FILETYPE-INFORMATION-DISCLOSURE.txt

It's kinda been raised, but its nuts that (according to Mandiant/M-Trends) in 2025:

- vulnerabilities/exploits are the most frequently observed initial vector;

- the top 4 exploited vulns belong to security vendors.

What are we doing here? 🤯😱

Understanding the classical model for linking series by Raymond Chen

The algorithm:
https://devblogs.microsoft.com/oldnewthing/20130107-00/?p=5633

You can override an LIB with another LIB, and a LIB with an OBJ, but you can’t override an OBJ:
https://devblogs.microsoft.com/oldnewthing/20130109-00/?p=5613

Using the classical model for linking to provide unit test overrides:
https://devblogs.microsoft.com/oldnewthing/20250416-00/?p=111077

“Going to the cloud” can mean renting services/servers that you could get from anywhere. There’s little lock-in. The same four words “going to the cloud” might also mean locking your operations to a specific cloud provider, forever. This difference is vital, yet often ignored: https://berthub.eu/articles/posts/beware-cloud-is-part-of-the-software/

"Intel admits what we all knew: no one is buying AI PCs"

People would rather buy older processors that aren't that much less powerful but way cheaper. The "AI" benefits obviously aren't worth paying for.

https://www.xda-developers.com/intel-admits-what-we-all-knew-no-one-is-buying-ai-pcs/

Today we broke 12k stars on #GitHub remaining #1 on Reverse Engineering there and #1 for, “Reverse Engineering Tutorial” on Google. Thanks again for all of your continued support to help get new folks free training on #ReverseEngineering for everyone! https://github.com/mytechnotalent/Reverse-Engineering

🌪️ Something new is coming to TyphoonPWN 2025!

This year, we’re expanding our scope with LG webOS! If you’ve been researching webOS, this is your moment to earn up to $20,000 for discovering an Unauthenticated Remote Code Execution vulnerability.💰

TyphoonPWN is less than a month away — don’t miss your chance to showcase your skills and get the recognition (and rewards) you deserve. 🏆

Remote participation is fully supported. Register now and secure your spot:
👉 https://typhooncon.com/typhoonpwn-2025/

[RSS] Exploiting Undefined Behavior in C/C++ Programs for Optimization: A Study on the Performance Impact

https://web.ist.utl.pt/nuno.lopes/pubs.php?id=ub-pldi25

[RSS] RomHack 2025 Call for Papers

https://cfp.romhack.io/romhack-2025/

[RSS] Linternals: Exploring The mm Subsystem via mmap [0x02]

https://sam4k.com/linternals-exploring-the-mm-subsystem-part-2/

"How many calories in one gram of Uranium?" from CalorieHealthy.com

In fact the answer varies from Uranium 235 fissile isotope at 34 billion calories/gram all the way down to Natural Uranium in a light water reactor at a diet friendly 100,000,000 calories/gram

If you're dieting, try to switch out the Uranium for Plutonium 238, or Hafnium 178m2 isomer

And definitely no bread!