#TeleMessage, that app used by the #Trump administration to archive Signal messages, has been #hacked. The #hacker managed to get some users' #Signal group chats and messages too. This is a hugely significant #breach not just for those individual customers, but also for the U.S. government more widely. #natsec #nationalsecurity https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/ #government #democracy #trump #hegseth

May the 5th Element be with you.

#MayThe5th #MultiPass

Sorry, I have a nasty hangover...

Quick note: https://arm.jonpalmisc.com/ has been updated to the latest version of the Arm spec. Any changes should be strictly improvements, but let me know if something seems off.

👊

I know this is gatekeeping, but spammers who can't replace "%victim%" should just leave the industry.

Want to see something cursed?

It's the Linux kernel 4.19 building *natively* under Windows XP under Services for UNIX. The amount of effort to get this far was immense ...

EDIT: Follow the adventure at https://YouTube.com/c/NCommander

Sent from Utrecht, Netherlands on August 21, 1995. https://postcardware.net/?id=37-32

The latest WatchTowr post reminded me of this classic:

https://www.youtube.com/watch?v=jTfwpWj4eqA

Miss this band :(

#punk #music

CVE ID: CVE-2024-58136
Vendor: Yiiframework
Product: Yii
Date Added: 2025-05-02
Vulnerability: Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52 ; https://nvd.nist.gov/vuln/detail/CVE-2024-58136
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-58136

Making Burp Suite snappy on Asahi Linux — https://dustri.org/b/making-burp-suite-snappy-on-asahi-linux.html

Good programming is 99% sweat and 1% coffee.

— anonymous

#programming

From iframes and file reads to full RCE. 🔥

We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.

👉 Read the full write-up here: https://neodyme.io/en/blog/html_renderer_to_rce/

Amateurs Solve [the Busy Beaver #5] Problem On Discord

https://www.youtube.com/watch?v=rmx3FBPzDuk

#ComputerScience #Mathematics #HaltingProblem

And the day is not over: Trying to fix some household stuff, I google for parts. First result is a recall notice claiming a dozen incidents with human injury o.O

(The part I was searching for was the cause of the failure too)

AFL++ v4.32c release - mostly minor bug fixes and improvements, LLVM 20 users should update! https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.32c #afl #fuzzing #fuzzing-tools #fuzzingtools

One of my favorite #SmallWeb site is this guy's, who documents disassembling the multitude of things he collected during several decades, while also blogging the nuances of everyday life like what he got fur lunch or finding a dead cockroach:

https://translate.kagi.com/translate/http://www.szetszedtem.hu/1717villanyvasut/apukamevolt.htm

Interesting Git repos of the week:

Strategy:

* https://github.com/TalEliyahu/awesome-CISO-maturity-models - modelling your strategy

Detection:

* https://github.com/yevh/TaaC-AI - threat modelling as code
* https://github.com/thalesgroup-cert/Watcher - build your own threat hunting platform with Thales
* https://github.com/microsoft/msticpy - Microsoft's TI tooling

Exploitation:

* https://github.com/specfy/stack-analyser - what's in the stack?

Hardening:

* https://github.com/nistorj/ISR1000 - guestshell on the ISR1000

#security, #research, #code

I struggled a couple of hours because my sshfs connections kept breaking, that made my browser hang in many different ways (fuse ftw!).

I suspected my router getting bust, but of course I was wrong. The problem - as always - was DNS.

[FD] Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing

https://seclists.org/fulldisclosure/2025/May/0

Just block egress SMB connections already!