Hey Andy, you should build that AI workforce _before_ you alienate the rest of your real worksforce. https://www.aboutamazon.com/news/company-news/amazon-ceo-andy-jassy-on-generative-ai

Todays Advice from Archive Andy

Check your DVD-Rs**

Don’t leave em laying about in random places

This is the only copy of a Wedding Video. Or, it was the only copy. Its got severe Disc Rot. Might be hard to see but it’s gone dark & is now unplayable

*also +R, -RW, +RW
Get the data off quick

[RSS] Unexpected security footguns in Go's parsers

https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/

New report for the month of May: https://rust-gcc.github.io/2025/06/04/2025-05-monthly-report.html

We are making good progress on core and plan on begin testing the Rust code in the kernel at the end of the summer!

At Akamai, we're launching a blog post series on various topics relating to post-quantum cryptography. The first post is by @rsalz, discussing some related IETF initiatives, including the two #TLS drafts he co-authored:

https://www.akamai.com/blog/trends/building-quantum-safe-internet-ietf-plan-tls

#pqc

Hungarian urbexer sneaks into an operating power plant and orders pizza o.O #OT #urbex

https://www.youtube.com/watch?v=_YtzaU9d-1M

Looks like today's theme is

lol, ok!

source:

https://www.youtube.com/watch?v=bzGuq97oROc

[RSS] NHook - Minimal Inline Hooking Library for Windows x64

https://github.com/woldann/NHook

[RSS] Introduction to Kmemdump

https://www.linaro.org/blog/introduction-to-kmemdump/

"A smarter way to Capture Crash Data on Embedded Linux Devices"

Exploring fault injection on ESP32 V3!

Inspired by Delvaux work, we tested voltage #glitching as an attack vector. With advanced triggers & GDB, we achieved a ~1.5% success rate. #Hardware #FaultInjection is becoming more practical!

https://security.humanativaspa.it/fault-injection-follow-the-white-rabbit/

Oh WhatsApp, you changed. Meta got the best out of you.

"No one wakes up excited to see more advertising, no one goes to sleep thinking about the ads they'll see tomorrow.”

"Advertising isn't just the disruption of aesthetics, the insults to your intelligence and the interruption of your train of thought.“

~ WhatsApp Blog, June 18th 2012
https://blog.whatsapp.com/why-we-don-t-sell-ads

A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices

https://frycos.github.io/vulns4free/2025/06/17/zyxel-nday-variant.html

New Qualys reports to read while sipping your morning coffee:

https://www.openwall.com/lists/oss-security/2025/06/17/4

CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15's PAM
CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks

So glad someone properly called out kWh!

https://www.youtube.com/watch?v=kkfIXUjkYqE

#CursedUnits

🚨 New Rowhammer paper 🔨

Our latest work McSee reveals that Intel & AMD CPUs don't use DDR5's RFM cmds 🚫 and Intel uses pTRR on client CPUs 💥

Meet McSee, our oscilloscope-based platform that exposes hidden DDR4/5 behaviors 🧐

👉 http://comsec.ethz.ch/mcsee #Rowhammer #Security

Today, Kagi celebrates over 50,000 paying subscribers! Check out our latest blog post for exciting updates, including the free Kagi Search portal, Kagi for Libraries, new swag and stickers:

https://blog.kagi.com/50k

#Kagi #Search #NoAds

My Sitecore CMS pre-auth RCE chain blog is public now. Enjoy 🫡

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform

Recording of my Hexacon talk "Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization" is available!

Talk: https://youtu.be/_CJmUh0_uOM?si=81Tot7HUgp7RQAlL
White paper: https://github.com/thezdi/presentations/blob/main/2023_Hexacon/whitepaper-net-deser.pdf

I hope you will find it useful :)

And domain-level RCE in Veeam B&R fixed today (CVE-2025-23121). My first (and hopefully not last) CVE, where I'm credited together with @codewhitesec 😎

https://www.veeam.com/kb4743