Every project should have a "cursed"-page like that: 😆

"Cursed knowledge we have learned as a result of building #Immich that we wish we never knew."
https://immich.app/cursed-knowledge/

🤓

#FOSS #yakshaving #fun

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

Some cool things to note though: (1) the bug was mitigated via finch kill switch (https://developer.chrome.com/docs/web-platform/chrome-finch) one day after the report from TAG (2) we also fixed the V8 Sandbox bypass within 7 days even though it's not yet considered a security boundary.

And I've also updated our V8 Exploit Tracker sheet now: https://docs.google.com/document/d/1njn2dd5_6PB7oZGTmkmoihYnVcJEgRwEFxhHnGoptLk/edit?usp=sharing (see the 2025 tab) :)

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.
https://arstechnica.com/security/2025/06/headline-to-come/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

How to build a high-performance network fuzzer with LibAFL and libdesock https://lolcads.github.io/posts/2025/05/high_performance_network_fuzzing/

Stats: I collected ~2600 bookmarks during ~30 months, archiving all of them takes about 2 GB of disk space (with #Readeck)

Multiple vulnerabilities in Parallels Desktop for Mac disclosed by Talos:

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2123
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2126

CVE-2024-52561 CVE-2024-54189 CVE-2024-36486

shot, chaser

New Project Zero issues disclosed affecting Samsung media codecs:

https://project-zero.issues.chromium.org/issues/395975495
https://project-zero.issues.chromium.org/issues/396226992
https://project-zero.issues.chromium.org/issues/388115013

CVE-2025-20963 CVE-2025-20964 CVE-2025-20944

New assessment for topic: CVE-2025-48734

Topic description: "Improper Access Control vulnerability in Apache Commons. ..."

"On May 28 2025, Apache posted an [advisory](https://www.openwall.com/lists/oss-security/2025/05/28/6) to the OSS Security mailing list warning that Apache Commons BeanUtils versions 1.x before 1.11.0 and 2.x before 2.0.0-M2 were vulnerable to insecure access to the Java Classloader via exposed enum properties, namely the `declaredClass` property ..."

Link: https://attackerkb.com/assessments/1d98f952-f6f1-475a-8646-74062d040247

CVE-2025-31200 Writeup from noahhw

https://blog.noahhw.dev/posts/cve-2025-31200/

#jailbreak #ios #apple #vulnerability

Nietzsche Discovers AI Art
http://existentialcomics.com/comic/605

#existentialcomics #aiart #ai #art #comic

"ChatGPT isn't its own, unique problem. It's a symptom of a totalizing cultural paradigm in which passive consumption and regurgitation of content becomes the status quo"

Many strong quotes in this one

#LLM

Teachers Are Not OK
https://www.404media.co/teachers-are-not-ok-ai-chatgpt/

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit.

Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost.

https://techcrunch.com/2025/05/30/eight-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/

#OT #Advisory VDE-2025-020
WAGO: Switches affected by year 2k38 problem

#CVE CVE-2025-1235

https://certvde.com/en/advisories/VDE-2025-020

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-020.json

New blog post!

How I got a Root Shell on a Credit Card terminal

https://stefan-gloor.ch/yomani-hack

[RSS] Hypervisors for Memory Introspection and Reverse Engineering

https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html

[oss-security] Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v /by @hanno

https://www.openwall.com/lists/oss-security/2025/06/02/1

#NoCVE

I always learn something new from @tomasp . This time, it was the existence of this book.

Can you write a whole book about a program? About a *1-line program*?

Turns out you can, and it is totally worth reading:
https://10print.org/
I can't praise this enough.

Re: NetLock distrust, this ticket is a good starting point to figure out what exactly the compliance issues were:

https://bugzilla.mozilla.org/show_bug.cgi?id=1904041

It's not a nice read with comments like "was comment 20 AI generated?"...

I have no idea why this works now and why it didn't work before...

Praise be the Omnissiah!