"Much of the essence of building a program is in fact the debugging of the specification." — Fred Brooks

Hey fedi, if someone knows how to correctly define parallelized instructions in Ghidra's SLEIGH, well, I'm more than interested !

Or if you are aware of any decent documentation on how to define parallelized instructions in SLEIGH and want to share some pointers, that would be awesome too 😊

#reverse #ghidra

Types of codebases my customers send me:

- Enterprise javabean factory factory... on a SIM card

- C# programmer retasked to write an authenticated bootloader in C for an arm platform with no training

- Beautiful well-written, easy-to-read C by an experienced systems programmer, with one mind-blowing 100-out-of-100-risk-severity bug buried in miscutils.c

- There is a hermit monk in a cave in Czechia. Once every three years, he emerges with a new revision of the codebase. It is horrifying spaghetti logic that repulses the human soul, but no matter how long and how hard you look, you can't actually find anything wrong with it

Germany’s largest telecommunication provider Deutsche Telekom is owned by Chinese hackers. And its managed IT service subsidiaries are too. No media reporting on it yet. Deutsche Telekom (addicted to cheap Huawei equipment) chose not to go public. Wake up! https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability

CVE-2025-0927 details here!

https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/

I talked AI slop with @joshbressers on Open Source Security:

https://opensourcesecurity.io/2025/2025-05-curl_vs_ai_with_daniel_stenberg/

Interesting story about Google publishing someone's phone number on searches for them when they gave the number to Google for account verification/security:

https://danq.me/2025/05/21/google-shared-my-phone-number/

Reminds me of the time a company I worked for (AFAIK) accidentally used phone numbers obtained the same way for ad targeting and got fined $150M

Mateusz Jurczyk from GP0 has been been writing a blog series on the implementation details of the Windows Registry, and there's a truly monumental amount of work on show here.

this one post alone is 24,000 words long, and covers a huge range of security issues discovered across the registry attack surface.

practically mandatory reading if you're doing Windows appsec assessments. really incredible stuff.

https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html

Sad times, John Young of Cryptome is no longer with us:

https://www.theregister.com/2025/05/24/john_young_obituary/

Happy #TowelDay hoopy froods everywhere!

We have five winners from our contest, and will be publishing their works on our site soon, along with details of our (members only) June competition, with an Curious King illustrated fine press edition of Hitchhiker's on offer!

CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs https://www.openwall.com/lists/oss-security/2025/05/23/2
the full command-line input, including the plaintext password, is embedded at the beginning of the generated PDF file

Happy towel day! We hope you know where your towel is, as one who still knows where their towel is, is clearly someone to be reckoned with.

And we also hope you know you have less then 24 hours to fill in the WHY2025 CfP!

https://cfp.why2025.org

Project: facebook/react https://github.com/facebook/react
File: compiler/packages/babel-plugin-react-compiler/src/Optimization/OutlineJsx.ts:53 https://github.com/facebook/react/blob/c250b7d980864be49facf2306f06455e7f9e305d/compiler/packages/babel-plugin-react-compiler/src/Optimization/OutlineJsx.ts#L53

function outlineJsxImpl( fn: HIRFunction, outlinedFns: Array<HIRFunction>, ): void

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Ffacebook%2Freact%2Fblob%2Fc250b7d980864be49facf2306f06455e7f9e305d%2Fcompiler%2Fpackages%2Fbabel-plugin-react-compiler%2Fsrc%2FOptimization%2FOutlineJsx.ts%23L53&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Ffacebook%2Freact%2Fblob%2Fc250b7d980864be49facf2306f06455e7f9e305d%2Fcompiler%2Fpackages%2Fbabel-plugin-react-compiler%2Fsrc%2FOptimization%2FOutlineJsx.ts%23L53&colors=light