We did a presentation at Null Byte Security Conference last year entitled "The importance of a rigorous methodology in information security research". The presentation aimed to introduce security professionals to the importance of rigor in information security research, but also to other aspects.

We consider rigor very important for the information security industry.

We have observed, over more than 15 years in the field, that many beginners lack a solid understanding of rigor and the scientific method, which hinders their learning and growth.

The audience was mostly people starting in the information security industry, and we tried to make it simple, but not simpler. The slides can be found at the link below:

https://allelesecurity.com/wp-content/uploads/2025/06/The-importance-of-a-rigorous-methodology-in-information-security-research.pdf

CVE-2025-48706 - Out-of-bounds read in COROS PACE 3

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-028.txt

Watch Out! Bluetooth Analysis of the COROS PACE 3

https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/

[RSS] exploits.club Weekly Newsletter 76 - Tesla Wall Charger Bugs, Chrome PoCs, Secure Boot Arb Writes, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-76-tesla-wall-charger-bugs-chrome-pocs-secure-boot-arb-writes-and-more/

[RSS] Frida 17.2.0 Released

https://frida.re/news/2025/06/18/frida-17-2-0-released/

[RSS] [Today] is the 37th birthday of the IBM Power servers and the #IBMi operating system.

https://www.rpgpgm.com/2025/06/happy-birthday-to-ibm-power-and-ibm-i.html

ClamAV 1.4.3 and 1.0.9 security patch versions published

https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

CVE-2025-20260
CVE-2025-20234
+1 upstream vuln in lzma-sdk

📣 Exciting opportunity in our iOS team for a Senior Vulnerability Researcher with experience in Apple platforms.

Remote or office based.

https://jobs.gohire.io/interrupt-labs-zcocopee/senior-ios-vulnerability-researcher-237538/

Do you know of examples of a software library's test suite catching a bug in its upstream dependencies? I've seen a few of these over the years, and I'd like to put together a small list. Things like:

- A programming language implementation's test suite uncovering a bug in other implementations
- A library's test suite uncovering a bug in the language implementation itself
- A framework addon's / extension's test suite uncovering a bug in the framework

Some pictures of KICKI a DEC PDP-10 model KI10 sn 522 currently in preservation.

Would you like to support us? Visit: https://icm.museum

#retrocomputing #vintagecomputing

You've been asking for the slides from my x33fcon talk this year - here they are!

I covered most modern anti-phishing protections and how to evade them, with a particular focus on how URL rewriting can be used to bypass Google Safe Browsing.

Enjoy! 🪝🐟

🔗👇

Newsletter: Issue 86 – State power sponsored by Coinbase

Coinbase’s sponsorship of Trump’s military parade angered some in the crypto world, who described the move as “deeply disturbing” and “an insult to everything our industry stands for”. But this is only the latest example of crypto companies aligning with state power.

Earlier this month, the cryptocurrency firm Ripple made a $9.4 million contribution to the San Francisco Police Department to fund a surveillance center outfitted with drones. “We’re going to be covering the entire city with drones,” enthused a SFPD Captain about the donation.

https://www.citationneeded.news/issue-86/

#crypto #cryptocurrency #USpolitics #USpol

[RSS] Sleepless Strings - Template Injection in Insomnia

https://tantosec.com/blog/2025/06/insomnia-api-client-template-injection/

[RSS] Exploiting the Tesla Wall connector from its charge port connector

https://www.synacktiv.com/en/publications/exploiting-the-tesla-wall-connector-from-its-charge-port-connector

👷 After 15 years of entrepreneurship and a few months of sabbatical I'm looking for a regular old job.

My ideal role would be primarily technical, aimed to dissect software to uncover vulnerabilities. Beyond bug mining I'd love to learn to mine better and make new kinds of pickaxes.

My public works and contact info are on my homepage:

https://scrapco.de

Get in touch if you want to know more!

Boosts are appreciated! #FediHire

The latest #IBMi LPE bulletins are now correctly attributed to @silentsignal :

https://www.ibm.com/support/pages/node/7236663 - CVE-2025-33108

https://www.ibm.com/support/pages/node/7237040 - CVE-2025-33122

ChatCVE

If anyone has any adb based root exploits for Android 8.1, that would be nice. Link below as an example of something i'm looking for.

https://github.com/j0nk0/GetRoot-Android-DirtyCow

no .exe files in the releases section though /s

Snatched from LinkedIn...it was a message I needed to hear today.

https://www.linkedin.com/posts/alexpyatkovsky_getting-a-job-these-daysespecially-if-you-activity-7340526541010780160-q60s?utm_source=share&utm_medium=member_desktop&rcm=ACoAAANn8noBhoatCaVRJgqSQDhHEuCUOhVPms4