Command injection, SQLi, and hardcoded creds in Infoblox NETMRI. tsk tsk

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32815

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00478ea0

ssl3_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=light

God I hate computers...

🎯 THIS SATURDAY: DFIR Labs CTF 🎯
⏰ June 7 | 1630–2030 UTC
🔗 Register Now → https://dfirlabs.thedfirreport.com/ctf

🚀 DFIR Labs CTF is back!
💥 Only $9.99 to join
💥 Choose Elastic or Splunk
💥 Access a brand-new, unreleased case
💥 Top 5 get invited to join The DFIR Report team!

📣 Hear from past participants:
⭐ “Real case makes it different!”
🚀 “Great hands-on learning experience”
💯 “Excellent CTF, super responsive and realistic”

Don’t miss your chance to level up with real-world incident response challenges.

"Paprika Csapat" (Team Paprika) ransomed the Hungarian Ministry of Home Affairs (education doesn't deserve a dedicated ministry around here) after dumped a database related to high school final exams (article in HU):

https://telex.hu/techtud/2025/06/03/hekkertamadas-paprika-csoport-erettsegi-adatbazis-masolas-oktatasi-hivatal

Wonder if perpetrators are in fact Hungarian (as the name suggests), or just using some LLM translator?

Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation

Every project should have a "cursed"-page like that: 😆

"Cursed knowledge we have learned as a result of building #Immich that we wish we never knew."
https://immich.app/cursed-knowledge/

🤓

#FOSS #yakshaving #fun

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html

Some cool things to note though: (1) the bug was mitigated via finch kill switch (https://developer.chrome.com/docs/web-platform/chrome-finch) one day after the report from TAG (2) we also fixed the V8 Sandbox bypass within 7 days even though it's not yet considered a security boundary.

And I've also updated our V8 Exploit Tracker sheet now: https://docs.google.com/document/d/1njn2dd5_6PB7oZGTmkmoihYnVcJEgRwEFxhHnGoptLk/edit?usp=sharing (see the 2025 tab) :)

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.
https://arstechnica.com/security/2025/06/headline-to-come/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

How to build a high-performance network fuzzer with LibAFL and libdesock https://lolcads.github.io/posts/2025/05/high_performance_network_fuzzing/

Stats: I collected ~2600 bookmarks during ~30 months, archiving all of them takes about 2 GB of disk space (with #Readeck)

Multiple vulnerabilities in Parallels Desktop for Mac disclosed by Talos:

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2123
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2126

CVE-2024-52561 CVE-2024-54189 CVE-2024-36486

shot, chaser

New Project Zero issues disclosed affecting Samsung media codecs:

https://project-zero.issues.chromium.org/issues/395975495
https://project-zero.issues.chromium.org/issues/396226992
https://project-zero.issues.chromium.org/issues/388115013

CVE-2025-20963 CVE-2025-20964 CVE-2025-20944

New assessment for topic: CVE-2025-48734

Topic description: "Improper Access Control vulnerability in Apache Commons. ..."

"On May 28 2025, Apache posted an [advisory](https://www.openwall.com/lists/oss-security/2025/05/28/6) to the OSS Security mailing list warning that Apache Commons BeanUtils versions 1.x before 1.11.0 and 2.x before 2.0.0-M2 were vulnerable to insecure access to the Java Classloader via exposed enum properties, namely the `declaredClass` property ..."

Link: https://attackerkb.com/assessments/1d98f952-f6f1-475a-8646-74062d040247

CVE-2025-31200 Writeup from noahhw

https://blog.noahhw.dev/posts/cve-2025-31200/

#jailbreak #ios #apple #vulnerability

Nietzsche Discovers AI Art
http://existentialcomics.com/comic/605

#existentialcomics #aiart #ai #art #comic

"ChatGPT isn't its own, unique problem. It's a symptom of a totalizing cultural paradigm in which passive consumption and regurgitation of content becomes the status quo"

Many strong quotes in this one

#LLM

Teachers Are Not OK
https://www.404media.co/teachers-are-not-ok-ai-chatgpt/

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit.

Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost.

https://techcrunch.com/2025/05/30/eight-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/

#OT #Advisory VDE-2025-020
WAGO: Switches affected by year 2k38 problem

#CVE CVE-2025-1235

https://certvde.com/en/advisories/VDE-2025-020

#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-020.json