It turns out that MrDeepFakes' sudden voluntary shutdown a few days ago was because Bellingcat was on their tail. https://www.bellingcat.com/news/2025/05/07/canadian-pharmacist-linked-to-worlds-most-notorious-deepfake-porn-site/

CONTENT WARNING: this article is a dox on someone credibly accused of running a nonconsensual porn site

Everyone agrees something needs to be done about our total dependence on US clouds. But what? And who should do it? Ample words have been written on the 'why', and we also have a lot of text on our values and that *someone* should do *something*. Here I elaborate on an earlier suggestion with a coherent strategy that is concrete enough to disagree with. This reads well with the latest Euro-Stack letter also: https://berthub.eu/articles/posts/a-coherent-non-us-cloud-strategy/

This is a gruelling summary of all the things wrong with OpenSSL https://www.haproxy.com/blog/state-of-ssl-stacks I've mostly watched this whole thing from the sidelines, but was also affected noting that private key parsing suddenly became 70 times slower. I think they've now improved it to "only" be 10-20 times slower, and there does not seem any effort to work on it any more.

This was such a relatable blog post, heck.

https://notashelf.dev/posts/curse-of-knowing

[CVE-2025-37752] Two Bytes Of Madness: Pwning The #Linux #Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds 🔥

https://syst3mfailure.io/two-bytes-of-madness/

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon.

Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver.

Slides: https://docs.google.com/presentation/d/1NulLxRowsHzgcL1AFzNF_w8nh3zk2BKKPfGi_1j76A8/edit?usp=sharing

(If you use newer Ubuntu and the code formatting looks off, use File → Print preview; @ubuntu still hasn't fixed the issues with their monospace fonts.)

CVE ID: CVE-2025-27363
Vendor: FreeType
Product: FreeType
Date Added: 2025-05-06
Vulnerability: FreeType Out-of-Bounds Write Vulnerability
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see https://source.android.com/docs/security/bulletin/2025-05-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-27363
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-27363

High level diff of iOS 18.5 beta 4 vs. iOS 18.5 RC 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_5_22F5068a__vs_18_5_22F75/README.md

#LazyWeb What is the minimum possible offset of the entry point of a PE executable inside the file?

* summoning @Ange *

We will not forget

https://truthout.org/articles/us-and-hungary-stand-alone-at-icj-in-favor-of-israels-blockade-on-gaza/

New aardwolf version 0.2.12 is out on Github and pip.
The frame decoder now has less imports and supports pyo3 with abi3 to keep it working on "all" python versions. This has the effect that 3.12 and above is now supported on Windows as well.
https://github.com/skelsec/aardwolf/releases/tag/0.2.12

The full webinar recording is out. 🔴
Watch time travel debugging in action: https://youtu.be/tEzumvwjUzo

#windows #crashanalysis #kernel

- There is no point using single letter identifiers in modern programming languages, make your names descriptive!
- `pe_mofs_to_fofs_ex`

(not sure which meme template would fit this one)

"Use TeleMessage, use Tor"

it's so fucking excruciating to watch everyone slowly get lobotomized by a dumb pile of linear algebra that burns forests to lie

[RSS] What are we on? A survey on substance use among cybersecurity professionals.

https://forms.gle/GdfVJDPnZHVz1jY67

On Google Forms of course /o\

How was it like to attend the exclusive #ZeroDayQuest event? How did a Unix #hacker even qualify in the first place? How can you become one of the #Microsoft MVRs?

Our technical director @raptor answers these and other questions in his latest article:

https://security.humanativaspa.it/my-zero-day-quest-bluehat-podcast

Happy birthday to Wolfenstein 3D, released on this day, 33 years ago on 5th May 1992!