Big update: The Internet Archive has launched a new version of GifCities, the search engine for vintage GeoCities GIFs. It's now easier to explore the glitter, chaos, and charm of early web animation.

Search better. Share better. Blink more.

Learn more: https://blog.archive.org/2025/06/09/keep-on-gifin-a-new-version-of-gifcities-internet-archives-geocities-animated-gif-search-engine/

NEW: Four months after releasing iOS 18.3.1, Apple has published details about a zero-day that it fixed at the time, but did not publicize.

This is the iPhone zero-day used against the two European journalists targeted with Paragon spyware, according to Citizen Lab.

It's unclear why Apple did not publish information about this zero-day until today.

https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/

Meta launched a stand-alone AI app and now it is full of sensitive content from Facebook users who appear to be unaware that they have made their conversations public: https://www.businessinsider.com/mark-zuckerberg-meta-ai-chatbot-discover-feed-depressing-why-2025-6

Forget about whether 100 men would win against 1 gorilla... the real question is how would 100 CISSP's fare against a gorilla?

🆕 New blog post!

"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"

This blog post is not so much about PrivescCheck in the end, but rather brings additional insight to the original article published by MDSec on the subject.

👉 https://itm4n.github.io/checking-symantec-account-credentials-privesccheck/

#redteam #research #pentest #pentesting

I wonder if there are tried and tested guides about _documenting_ deceptive technologies deployed in a system?

Trivially this would be something like "srv01:443 is a canary, don't decommission", but of course if the attacker sees this first, that's a problem.

/cc @haroonmeer

When we throw up our hands and say none of it matters, we're doing the fascists’ work for them. They don't need to hide their corruption if they can convince us it's pointless to look. They don't need to silence truth-tellers if we've already decided truth is meaningless.

https://www.citationneeded.news/it-matters-i-care/

[RSS] X41 Audited Ruby on Rails

https://x41-dsec.de/security/research/job/news/2025/06/11/ruby-on-rails/

[RSS] Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck

https://itm4n.github.io/checking-symantec-account-credentials-privesccheck/

[RSS] Streaming Zero-Fi Shells to Your Smart Speaker

https://blog.ret2.io/2025/06/11/pwn2own-soho-2024-sonos-exploit/

[RSS] Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'?

https://www.404media.co/spam-blogs-ai-slop-domains-wowlazy/

Instant reshare!

“Localhost tracking” explained. It could cost Meta 32 billion. https://www.zeropartydata.es/p/localhost-tracking-explained-it-could

"Donald Trump’s director of national intelligence fed the JFK files into an AI program, asking it to see if there was anything that should remain classified, she told a crowd at an Amazon Web Services conference Tuesday"

Is there any way we can convince The Onion to not keep publishing their stuff under different domain names? 🤪

https://www.thedailybeast.com/tulsi-gabbard-admits-to-asking-ai-what-to-classify-in-jfk-files/

Bypassing GitHub Actions policies in the dumbest way possible

https://blog.yossarian.net/2025/06/11/github-actions-policies-dumb-bypass

#security

New vulnerability report from Talos:

Adobe Acrobat Reader Font CFF2 PrivateDict vsindex Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2159

CVE-2025-43578

New vulnerability report from Talos:

Adobe Acrobat Reader Annotation Destroy Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2170

CVE-2025-43576

[RSS] CVE-2025-33073: A Look in the Mirror - The Reflective Kerberos Relay Attack

https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/

Fun fact: Microsoft Code Signing PCA 2010 will expire next month 🍿