So, my technical report on fuzzing CPython with fusil is almost done.

I'd really appreciate some help categorizing the found issues by relevance/severity/importance or any other name for impact.

Do you have the chops to help with that? And do you have time and interest? Please get in touch if so! And please boost if you can :)

A plot, some tables, links to the report and some discussion are available in this thread:

https://discuss.python.org/t/feedback-on-the-recent-fusil-fuzzing-campaign-of-cpython/91737

#Python #CPython #fuzzing #fuzzer #fusil

I tried to improve on @carrot_c4k3 's work to bypass Windows KASLR with a prefetch side-channel. I summarized my results in a new blog post, spiced up with some geek art:

https://scrapco.de/blog/visualizing-prefetch-infoleaks-to-defeat-kaslr.html

[RSS] SonicDoor - Cracking SonicWall's SMA 500

https://blog.scrt.ch/2025/06/04/sonicdoor-attacking-sonicwalls-sma-500/

Project: microsoft/typescript https://github.com/microsoft/typescript
File: src/compiler/program.ts:3242 https://github.com/microsoft/typescript/blob/81c951894e93bdc37c6916f18adcd80de76679bc/src/compiler/program.ts#L3242

function checkModifiers(modifiers: NodeArray<ModifierLike>, isConstValid: boolean)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2Ftypescript%2Fblob%2F81c951894e93bdc37c6916f18adcd80de76679bc%2Fsrc%2Fcompiler%2Fprogram.ts%23L3242&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2Ftypescript%2Fblob%2F81c951894e93bdc37c6916f18adcd80de76679bc%2Fsrc%2Fcompiler%2Fprogram.ts%23L3242&colors=light

USMC AH-1Z Viper working the pattern at Pt. Mugu, July 2024 #USMC #choppa #rotor #Mugu #AH1Z #aviationphotography #planespotting #AvGeek #spotter #photography #Nikon #aircraft #nikonphotography

[RSS] Solo: A Pixel 6 Pro Story (When one bug is all you need)

https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/

[RSS] exploits.club Weekly Newsletter 74 - iOS 18 mitigations, CoreAudio RCAs, kCTF optimizations, and More

https://blog.exploits.club/exploits-club-weekly-newsletter-74/

Fucking stupid UI/UX choices.

Fortigate Firewall/Routers - All options for BGP/IPSEC are behind an "advanced options" user preference.... IT'S A FORTIFUCKINGROUTER the only people in this interface are advanced users.

PaloAlto XDR portal - Right-click for options on a line... fine... But wait, if you hold option/alt, you get even more options. I get the need to define which options are less common choices, but you should not be hiding things behind click-modifiers. The only people using the XDR interface will be advanced users. If a user doesn't have authorization for a command, then don't show it. If the option is destructive, then confirm with N number of dialogs. Also, the ENTIRE user interface is in italics.

Admin interfaces should never have hidden options.

Make some noise!

There’s still time for you to submit your article for the 40th anniversary edition of Phrack!

https://bird.makeup/@phrack/1901633924532408680

What is the most inappropriate connector with enough pins to support USB-C?

I suggest:

[RSS] Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea

https://kaist-hacking.github.io/publication/yun-ksa/

Our journey with our #iOS emulator continues.

We show how we reached the home screen, enabled multitouch, unlocked network access, and started running real apps 👉 https://eshard.com/posts/emulating-ios-14-with-qemu-part2

#iosdev #reverseengineering #cybersecurity

Command injection, SQLi, and hardcoded creds in Infoblox NETMRI. tsk tsk

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32815

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00478ea0

ssl3_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=light

God I hate computers...

🎯 THIS SATURDAY: DFIR Labs CTF 🎯
⏰ June 7 | 1630–2030 UTC
🔗 Register Now → https://dfirlabs.thedfirreport.com/ctf

🚀 DFIR Labs CTF is back!
💥 Only $9.99 to join
💥 Choose Elastic or Splunk
💥 Access a brand-new, unreleased case
💥 Top 5 get invited to join The DFIR Report team!

📣 Hear from past participants:
⭐ “Real case makes it different!”
🚀 “Great hands-on learning experience”
💯 “Excellent CTF, super responsive and realistic”

Don’t miss your chance to level up with real-world incident response challenges.

"Paprika Csapat" (Team Paprika) ransomed the Hungarian Ministry of Home Affairs (education doesn't deserve a dedicated ministry around here) after dumped a database related to high school final exams (article in HU):

https://telex.hu/techtud/2025/06/03/hekkertamadas-paprika-csoport-erettsegi-adatbazis-masolas-oktatasi-hivatal

Wonder if perpetrators are in fact Hungarian (as the name suggests), or just using some LLM translator?

Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation