New Qualys reports to read while sipping your morning coffee:

https://www.openwall.com/lists/oss-security/2025/06/17/4

CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15's PAM
CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks

So glad someone properly called out kWh!

https://www.youtube.com/watch?v=kkfIXUjkYqE

#CursedUnits

🚨 New Rowhammer paper 🔨

Our latest work McSee reveals that Intel & AMD CPUs don't use DDR5's RFM cmds 🚫 and Intel uses pTRR on client CPUs 💥

Meet McSee, our oscilloscope-based platform that exposes hidden DDR4/5 behaviors 🧐

👉 http://comsec.ethz.ch/mcsee #Rowhammer #Security

Today, Kagi celebrates over 50,000 paying subscribers! Check out our latest blog post for exciting updates, including the free Kagi Search portal, Kagi for Libraries, new swag and stickers:

https://blog.kagi.com/50k

#Kagi #Search #NoAds

My Sitecore CMS pre-auth RCE chain blog is public now. Enjoy 🫡

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform

Recording of my Hexacon talk "Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization" is available!

Talk: https://youtu.be/_CJmUh0_uOM?si=81Tot7HUgp7RQAlL
White paper: https://github.com/thezdi/presentations/blob/main/2023_Hexacon/whitepaper-net-deser.pdf

I hope you will find it useful :)

And domain-level RCE in Veeam B&R fixed today (CVE-2025-23121). My first (and hopefully not last) CVE, where I'm credited together with @codewhitesec 😎

https://www.veeam.com/kb4743

in case you missed it, someone has been porting mario64 to the gameboy advance

in what i can only describe as incredible hackery

https://www.youtube.com/watch?v=kueoO3b4B-M

technically speaking, it isn't the first 3d game on the gba, there's games like "asterix and obelix xxl"

technically speaking though, porting an n64 game to the gba is even more ridiculous

Exploiting the CVE-2025-21756 1-day vulnerability

@v4bel and @_qwerty_po posted a kernelCTF report about exploiting a UAF in the vsock subsystem of the Linux kernel:
https://github.com/google/security-research/blob/f7dbb569a8275d4352fb1a2fe869f1afa79d4c28/pocs/linux/kernelctf/CVE-2025-21756_lts_cos/docs/exploit.md

Another sev:CRIT ../ ? This time in ZendTo. LMAO. PoC in the post.

https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/

We discovered a path traversal vulnerability in ZendTo versions 6.15-7 and prior. This vulnerability allows malicious actors to bypass the security controls of the service to access or modify potentially sensitive information of other users. This issue is patched in 6.15-8, and we encourage all users to upgrade as soon as possible.

#directoryTraversalMemes

Slides like this will always have a special place in my heart! Source:

https://www.youtube.com/watch?v=goEb7eKj660

[oss-security] pam_namespace local privilege escalation (CVE-2025-6020)

https://www.openwall.com/lists/oss-security/2025/06/17/1

New post: Disclosure: Multiple Vulnerabilities in X.Org X server prior to 21.1.17 and Xwayland prior to 24.1.7 https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/

🚀 We have just released a new Security Advisory for NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes & other vulnerabilities discovered by our Adrian Denkiewicz !

https://www.doyensec.com/resources/Doyensec_Advisory_CFITSIO_Q22025.pdf

#doyensec #appsec #security

[oss-security] "the security policy of libxml2 has been changed to disclose vulnerabilities before fixes are available"

https://www.openwall.com/lists/oss-security/2025/06/16/6

CVE-2025-49794 CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170

CVE-2025-6021 looks like the most severe (integer overflow in xmlBuildQName())

Off-By-One Conference Day 1&2 videos, without stupid redirectors:

https://www.youtube.com/playlist?list=PLiIDIO1Gp6V9t5jA1WnTVAfHNPPR9OhSx

https://www.youtube.com/playlist?list=PLiIDIO1Gp6V8_CMvMVabhyeABTW1yZrRZ

[RSS] Junk Code Engines for Polymorphic Malware

https://r0keb.github.io/posts/Junk-Code-Engines-for-Polymorphic-Malware/

The Day 2 videos are finally out 🥳🥳

https://bird.makeup/@offbyoneconf/1934401036460167285

The Day 1 videos are finally out 🥳🥳

https://bird.makeup/@offbyoneconf/1934400701767270409

this is a nice post on strace (I didn't know that strace had a --stack-traces option!) https://rrampage.github.io/2025/06/13/strace-tips-for-better-debugging/