Today we celebrate #curl having been part of OSS-fuzz for eight years. Imagine the amount of junk libcurl APIs have received in this time...

https://google.github.io/oss-fuzz/

If case there was any doubt, Fediverse account are prefered over X mirror bots. Considering how poorly reliable X bridges are, the amount of api restrictions and the lack of interop for boostings and replies, consider posting here if you are a casual visitor!

It has gone zero days since the latest slop

Wikipedia has a cheat sheet of well-known tells for identifying generated text. (With an appropriate warning not to over-index on minor ones as absolute proof) https://en.m.wikipedia.org/wiki/Wikipedia:WikiProject_AI_Cleanup/AI_catchphrases

https://x.com/lauriewired/status/1939833276228890849/photo/1

https://bird.makeup/@buffys/1938089514838159783

Thanks for celebrating our anniversary with us, REcon! Enjoy the special release.

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

[RSS] Does anyone happen to know why certain profile names corrupt text elements in Tony Hawk's Pro Skater for N64?

https://banyaszvonat.github.io/breaking-videogames/2025/06/30/tony-hawks-pro-skatyr.html

#GameHacking #ReverseEngineering

New sudo LPE's just dropped:

Sudo Host Option Elevation of Privilege (CVE-2025-32462):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host

Sudo local privilege escalation via chroot option (CVE-2025-32463):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Linking oss-security too, because researcher advisories don't like to load for me:

https://www.openwall.com/lists/oss-security/2025/06/30/2

https://www.openwall.com/lists/oss-security/2025/06/30/3

Chrome’s AppBound Cookie Encryption Bypassed via Side-Channel Timing Attack https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption

AI Slop is strong on HackerOne. After some break when Daniel added the "AI disclosure" questions, people are back now (and ignoring it).

Such a silly world.

once you have mastery, you can half ass things correctly, because you know which half of the ass you need

System says I’m low on memory. Let’s see what Activity Monitor says…

I’m sorry, my *wallpaper* is using *how much* RAM?!? WTAF?!?

#3109 - Dehumidifier

[RSS] The hidden JTAG in your Qualcomm/Snapdragon device's USB port

https://www.linaro.org/blog/hidden-jtag-qualcomm-snapdragon-usb/

75% of web traffic flows through Google's Chromium. Apple controls Safari. American companies control how billions access the web.

Building a competitive browser alternative: ~€50-70M annually, 3-4 years. @servo proves it's technically possible with a small team.

The challenge isn't technical, it's institutional: can democratic societies coordinate long-term tech projects?

Read more: https://tarakiyee.com/digital-sovereignty-in-practice-web-browsers-as-a-reality-check/
#DigitalSovereignty

Some professional news:

1. I’m now a Special Rapporteur for the Cyber Resilience Act.

2. My company is hiring EU subcontractors with network and security expertise!

Bow Shock Systems won a contract with ETSI to lead development of "vertical" cybersecurity standards for specific products. I'm leading the one for operating systems.

We're looking for people with technical expertise and leadership ability to lead three other verticals.

1/n

#fediHire

'On November 28th, 2012, Randall Munroe published an xkcd comic that was a calendar in which the size of each date was proportional to how often each date is referenced by its ordinal name (…) "In months other than September, the 11th is mentioned substantially less often than any other date. It's been that way since long before 9/11 and I have no idea why." After digging into the raw data, I believe I have figured out why.'

https://drhagen.com/blog/the-missing-11th-of-the-month/

A Scanner for Arduino-Powered Book Archiving

https://hackaday.com/2025/06/29/a-scanner-for-arduino-powered-book-archiving/

[RSS] BinDSA: Efficient, Precise Binary-Level Pointer Analysis with Context-Sensitive Heap Reconstruction

https://dl.acm.org/doi/10.1145/3728928