New assessment for topic: CVE-2025-48734

Topic description: "Improper Access Control vulnerability in Apache Commons. ..."

"On May 28 2025, Apache posted an [advisory](https://www.openwall.com/lists/oss-security/2025/05/28/6) to the OSS Security mailing list warning that Apache Commons BeanUtils versions 1.x before 1.11.0 and 2.x before 2.0.0-M2 were vulnerable to insecure access to the Java Classloader via exposed enum properties, namely the `declaredClass` property ..."

Link: https://attackerkb.com/assessments/1d98f952-f6f1-475a-8646-74062d040247

CVE-2025-31200 Writeup from noahhw

https://blog.noahhw.dev/posts/cve-2025-31200/

#jailbreak #ios #apple #vulnerability

Nietzsche Discovers AI Art
http://existentialcomics.com/comic/605

#existentialcomics #aiart #ai #art #comic

"ChatGPT isn't its own, unique problem. It's a symptom of a totalizing cultural paradigm in which passive consumption and regurgitation of content becomes the status quo"

Many strong quotes in this one

#LLM

Teachers Are Not OK
https://www.404media.co/teachers-are-not-ok-ai-chatgpt/

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit.

Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost.

https://techcrunch.com/2025/05/30/eight-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/

#OT #Advisory VDE-2025-020
WAGO: Switches affected by year 2k38 problem

#CVE CVE-2025-1235

https://certvde.com/en/advisories/VDE-2025-020

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-020.json

New blog post!

How I got a Root Shell on a Credit Card terminal

https://stefan-gloor.ch/yomani-hack

[RSS] Hypervisors for Memory Introspection and Reverse Engineering

https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html

[oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v /by @hanno

https://www.openwall.com/lists/oss-security/2025/06/02/1

#NoCVE

I always learn something new from @tomasp . This time, it was the existence of this book.

Can you write a whole book about a program? About a *1-line program*?

Turns out you can, and it is totally worth reading:
https://10print.org/
I can't praise this enough.

Re: NetLock distrust, this ticket is a good starting point to figure out what exactly the compliance issues were:

https://bugzilla.mozilla.org/show_bug.cgi?id=1904041

It's not a nice read with comments like "was comment 20 AI generated?"...

I have no idea why this works now and why it didn't work before...

Praise be the Omnissiah!

Google Chrome is removing Hungarian CA NetLock from its trust store:

https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html

Stated reason: "a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports"

I've personally ran into revoked NetLock certs during the past months, the reason for revocation was unclear ("administrative").

NetLock was compromised previously as part of the Stuxnet/Duqu campaign:

https://theintercept.com/2014/11/12/stuxnet/

Hidden Bear: The GRU hackers of Russia’s most notorious kill squad

https://theins.press/en/inv/281731

I don't want to log in with a fucking Microsoft account.

I want to use my fucking serial port.

Data from the domain DNS shows that many European public services rely on proprietary cloud services: https://jurgen.gaeremyn.be/2025/03/08/european-critical-dependencies/

"Querying mail-servers teaches that in some countries, over 70% of all public services rely on this American provider."

Last week, #Microsoft allegedly decided to cancel MS365 services of Chinese universities with a notice of about one week: https://www.scmp.com/tech/tech-war/article/3305889/microsoft-abruptly-cuts-services-chinese-university-genomics-firm

1/2

#endof10 #Trump #EuroStack #DigitalSovereignty #EU_OS

Has anyone set up kernel debugging with a Windows 11 target with Proxmox (QEMU-KVM)?

This only works with Win10, Win11 doesn't boot for me:

https://forum.proxmox.com/threads/windbg-remote-kernel-debugging-and-proxmox-not-working.163625/

Serial would also be an option if I could make them recognized by guests:

https://forum.proxmox.com/threads/two-windows-guests-communicating-via-serial-console-comn.67588/

Beating the kCTF PoW with AVX512IFMA for $51k

https://anemato.de/blog/kctf-vdf

A casual player finds a memory corruption in Super Mario allowing arbitrary code execution and speedrunners exploit it *by hand* to warp to the credits screen.

https://www.youtube.com/watch?v=WdadpHLAfdA

#GameHacking is really something else!