[RSS] Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

[RSS] exploits.club Weekly Newsletter 73 - AI Finds Bugs, MTE Bypasses, Old Jailbreaks, and More

https://blog.exploits.club/exploits-club-weekly-newsletter-73-ai-finds-bugs-mte-bypasses-old-jailbreaks-and-more/

"[Qualys] discovered a vulnerability in apport [...], and a similar vulnerability in systemd-coredump [...]: a race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"

https://www.openwall.com/lists/oss-security/2025/05/29/3

CVE-2025-5054 CVE-2025-4598

Google’s search quality has declined, filled with spam and low-quality results, while it maintains dominance through default placements. Cory Doctorow highlights Kagi as a superior alternative, offering cleaner, more relevant search outcomes. Though it requires a subscription, Kagi provides a user-focused experience that recaptures the efficiency Google once had.

I personally HAPPILY pay for @kagihq.

#Kagi #enshittification #tech #privacy

https://pluralistic.net/2024/04/04/teach-me-how-to-shruggie/#kagi

New assessment for topic: CVE-2025-41232

Topic description: "Spring Security Aspects may not correctly locate method security annotations on private methods ..."

"On May 19 2025, Spring released an [advisory](https://spring.io/security/cve-2025-41232) warning that Spring Security versions before `6.4.6` were vulnerable to a flaw in how Spring security annotations were identified and processed, that could lead to annotations being ignored on private methods, potentially leading to authorization bypasses on those private methods ..."

Link: https://attackerkb.com/assessments/c3734c78-c018-4e5f-9c70-b5f3c074a411

[RSS] Micropatches Released for Preauth DoS on Windows Deployment Service (CVE-2025-29957)

https://blog.0patch.com/2025/05/micropatches-released-for-preauth-dos.html

Good bathroom reads.

Unfortunately the #OpenStreetMap wiki is very slow today. We are fighting an aggressive web scraper bot. 10,000 of IPs involved. Randomised User-Agent. Ignoring robots.txt #aibot #ddos

Update: Fixed. We've been able to mitigate the bot traffic. #fail2ban

Looks like @bluehatil talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: https://youtu.be/Dk2rLO2LC6I

It looks like Kerio Control was PWNed with a Pre auth RCE! We're going through the exploit now to see everything works like it should #TyphoonCon25

[RSS] CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender

https://www.netspi.com/blog/technical-blog/red-teaming/elevating-privileges-with-sonicwall-netextender/

[RSS] The Windows Registry Adventure #8: Practical exploitation of hive memory corruption

https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html

The Junkyard - An End-of-Life Pwnathon is now open:

https://www.districtcon.org/junkyard

"We want you to bring your most impactful, creative, or most meme-worthy bugs in end-of-life (EOL) targets (both software or hardware), and demonstrate them live on stage."

Would you?

"In the Who Cares Era, the most radical thing you can do is care." – @dansinker
https://dansinker.com/posts/2025-05-23-who-cares/

"I miss the insanity of 80s processor design.

Intel’s iAPX 432 was a 'micromainframe'.

It had no general purpose registers, supported object orientation *directly*, and performed garbage collection on-chip." - Also by @lauriewired

https://threadreaderapp.com/thread/1925982635903398106.html

The i960 post by @kenshirriff is also worth checking out if you are interested in revolutionary architectures that just didn't really make it (while some concepts are still working in #IBMi and #CHERI I guess?):

https://www.righto.com/2023/07/the-complex-history-of-intel-i960-risc.html

"Want to recognize a song from just a few seconds of distorted audio? Use Constellation Maps." by lauiriewired

https://threadreaderapp.com/thread/1927474297909489852.html?s=09

A small slide deck for a 15 minute impulse talk at Cycon 2025 in Talinn: https://docs.google.com/presentation/d/1_3Iu74UijAjfSLHzqWDkDEaIwoB6WBSo9-mY5e0u0HM/edit?usp=drivesdk

[RSS] Inside GitHub: How we hardened our SAML implementation

https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/