“Localhost tracking” explained. It could cost Meta 32 billion. https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

"Donald Trump’s director of national intelligence fed the JFK files into an AI program, asking it to see if there was anything that should remain classified, she told a crowd at an Amazon Web Services conference Tuesday"

Is there any way we can convince The Onion to not keep publishing their stuff under different domain names? 🤪

https://www.thedailybeast.com/tulsi-gabbard-admits-to-asking-ai-what-to-classify-in-jfk-files/

Bypassing GitHub Actions policies in the dumbest way possible

https://blog.yossarian.net/2025/06/11/github-actions-policies-dumb-bypass

#security

Last week, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. https://docs.google.com/presentation/d/1rEPiqV0KBHAI0lVym283OHzYRXNCCuGudmDby1Z1qyc/edit?usp=sharing

Scumbag Google is at it again and introduces delays when loading a video on YouTube with an active ad blocker. With a nice litter banner on the lower left saying "Experiencing interruptions? Here's why!" with a link to a page telling you to disable ad blockers.

Guess what, you pissheads! It's still faster and less annoying to wait for the delay than actually watching the ads.

I finally found the perfect bug to play with wrapwrap and get RCE on Monero forums

After that, very classic exploitation steps. The only twist is that I didn't expect Laravel to unserialize() session cookies when the session driver is set to Redis (at least this version).

https://swap.gs/posts/monero-forums/

#php

This Video Can #Exploit Your #iPhone (CVE-2025-31200)

https://www.youtube.com/watch?v=nTO3TRBW00E

Besides the clickbaity title, this video is actually a simple and fun initial analysis of the #1day in question.

As a side note, I started watching it on a device with no #adblocker and damn, YouTube has become so annoying and utterly unusable 😠

CVE ID: CVE-2025-24016
Vendor: Wazuh
Product: Wazuh Server
Date Added: 2025-06-10
Notes: https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24016

Apparently, if you have facebook or Instagram installed on your phone, #Meta was able to track your browsing habits and link them to your real identity even if you never logged in on the web, used incognito mode or a VPN. I hope Meta gets hit with every fine in the book.

https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

#Hydroph0bia (CVE-2025-4275) - a trivial #SecureBoot bypass for UEFI-compatible firmware based on Insyde #H2O, part 1

https://coderush.me/hydroph0bia-part1/