With the Kagi for Libraries program, we'll offer free access to Kagi for public library patrons worldwide 📚

If your library is interested or you know a local public library that could benefit, encourage them to apply and help us expand this program:

https://kagi.com/libraries

#Kagi #Search #Libraries

It's a mild release from #Microsoft and a record-breaking release from #Adobe. There's a single 0-day to deal with in WEBDAV and, as always, a few deployment challenges. @TheDustinChilds provides all the details at
https://www.zerodayinitiative.com/blog/2025/6/10/the-june-2025-security-update-review

[RSS] Exploiting Heroes of Might and Magic V

https://www.synacktiv.com/en/publications/exploiting-heroes-of-might-and-magic-v

[RSS] Getting started with Wirego

http://blog.quarkslab.com/getting-started-with-wirego.html

This looks extremely useful!

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

https://arstechnica.com/security/2025/06/unearthed-in-the-wild-2-secure-boot-exploits-microsoft-patches-only-1-of-them/

This was a fun one to discover!
SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align:

@SonarResearch https://infosec.exchange/@SonarResearch/114659742648728633

[RSS] CVE-2025-47934 - Spoofing OpenPGP.js signature verification

https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/

Terrific summary of Linux process injection techniques https://www.akamai.com/blog/security-research/the-definitive-guide-to-linux-process-injection

[RSS] Strong Typing + Debug Information + Decompilation = Heap Analysis for C++

https://core-explorer.github.io/blog/c++/debugging/2025/06/09/snapshot-analysis-for-modern-c++.html

I've published my 8086 CPU Test suite for emulators.

It contains 646,000 single-step opcode executions with initial and final register and memory states.

https://github.com/SingleStepTests/8086

New ISPConfig Authenticated Remote Code Execution Vulnerability https://ssd-disclosure.com/ssd-advisory-ispconfig-authenticated-remote-code-execution/

[RSS] Dubious security vulnerability: Tricking a program into running non-elevated

https://devblogs.microsoft.com/oldnewthing/20250609-00/?p=111258

This essay by @baldur on why individual experiments on the usefulness of "AI" (or similar stuff) don't teach us anything useful and might actually harm us is brilliant.

Go read it. Too many insights to pull a quote TBH: https://www.baldurbjarnason.com/2025/trusting-your-own-judgement-on-ai/

I asked the old punk
how we will get through this,
and he replied:
we will get through this
by taking care of each other.

So I told the old punk
that isn’t very specific,
and he replied:
taking care of each other
isn’t about doing something specific,
it’s about doing something.

[RSS] Bruteforcing the phone number of any Google user

https://brutecat.com/articles/leaking-google-phones

Remarkable investigation into Telegram by IStories (in Russian):
https://www.istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

English version by OCCRP:
http://www.occrp.org/en/investigation/telegram-the-fsb-and-the-man-in-the-middle

tl;dr:

👉 Telegram uses a single company with ties to the Russian FSB as their sole infrastructure provider, globally.

👉 Combined with a cleartext device identifier Telegram's protocol requires to be prepended to all encrypted messages, this allows for global surveillance of Telegram users.

I am quoted in this story.

#Telegram #InfoSec #Privacy

We’ll trace what really happens inside Telegram when you send or receive a message. 📨

Learn how to capture clean execution traces for Time Travel Analysis, step by step. Register here: https://eshard.eventbrite.fr/ 👈

#android #cybersecurity #mobileapp #telegram

A Cult AI Computer’s Boom and Bust

https://www.youtube.com/watch?v=sV7C6Ezl35A

Asianometry about Lisp machines!

"Vibe coding has no place in Linux kernel maintenance. The vulnerability inserted into 5 LTS kernels at once apparently without any review is yet another instance of AUTOSEL fallout, here with the 'new' LLM-powered version."

Thread by @spendergrsec on Thread Reader App

https://threadreaderapp.com/thread/1932079435571671137.html