Micropatches Released for "WSPCoerce" Coerced Authentication via Windows Search Protocol (NO CVE/WONTFIX) https://blog.0patch.com/2025/07/micropatches-released-for-wspcoerce.html

In a rare move, CISA gave federal agencies just one day to patch Citrix Netscaler bug CVE-2025-5777

Patch ASAP #CitrixBleed2 #2Citrix2Bloody

https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2

Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) - watchTowr Labs https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257

It has officially begun. The CRA info request counter is no longer at zero.

It makes me laugh/cry that we spent decades trying to get the software industry to internalise that it takes far more effort to support & maintain systems than it does to write them in the first place, and yet seemingly every trendy development in the last 5-10 years has been about making that initial stage faster & sloppier at the expense of everything else

Laravel: APP_KEY leakage analysis https://www.synacktiv.com/en/publications/laravel-appkey-leakage-analysis

No notes.

🎞️ A developer managed to reverse pixelation in video using FFmpeg, GIMP and edge detection - no AI involved.

By analyzing motion and edges across frames, they could reconstruct original content from blurred areas.

It’s a reminder: pixelation is visual, not secure.

🛠️ Code & demo: https://github.com/KoKuToru/de-pixelate_gaV-O6NPWrI

#infosec #opensource #ffmpeg #linux #osint #devtools #technews

#writers, #blog aficionados, #web enjoyers, #website browsers: lend me your ears! i need help with a big push to get the word out about #writing for GOOD INTERNET magazine's autumn issue! a digital AND physical magazine that ships all over the world, run & contributed to by volunteers! (‼️)

in case you're unaware, GOOD INTERNET covers a lot of different aspects of the #SmallWeb: unplugging from the corporate web, fighting #enshittification, migrating from data-harvesting corpo social media, creating your own personal website, using code and website-building as an art form, federation, and creating websites for fun. the aim is to be approachable for beginners and enjoyable for seasoned #indieweb travelers!

you don't have to be a professional #webdev or a #coding smartypants to write about all the good things happening on "this side" of the web. the idea here is to spread the word about and share thoughts, independent web projects, services, methods, sites, meet-ups, and celebrate the non-corporate web together while making it easier for us to partake and unplug from #bigtech.

📏 looking for 1,000- to 4,000-word articles aimed at website owners and hobbyists, digital (and traditional) #artists, #internet culture enthusiasts, #technology nerds, #socialmedia expatriates, & anyone who wants to unplug from the corporate-owned #web.

⏲️ the deadline is AUGUST 22, 2025 ⏲️

ℹ️ more info here: https://goodinternetmagazine.com/contact/

#personalweb #websites #web #fediverse #neocities #nekoweb #html #css #zine #zines #indie #independent #creativity #tech #smalltech #opensource #degoogle #media

Jurisdiction Is Nearly Irrelevant to the Security of Encrypted Messaging Apps

Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a dedicated, singular-focused blog post about this topic without worrying too much about tertiary matters. Here's the TL;DR: If you actually built your cryptography properly, you shouldn't give a shit which country hosts the ciphertext for your…

http://soatok.blog/2025/07/09/jurisdiction-is-nearly-irrelevant-to-the-security-of-encrypted-messaging-apps/

Exploit Wednesday is underway. Unconfirmed PoC for CVE-2025-49677:

https://attackerkb.com/topics/ERsooKem2E/cve-2025-49677

If you have a machine with PKEY support and somewhat recent Linux kernel you can now play around with hardware support for the V8 sandbox. When active, JS + Wasm code has no write permissions outside the sandbox address space. To enable, simply set `v8_enable_sandbox_hardware_support = true` at build time.

It's not (yet) meant for production use, but should offer a preliminary look at where things might be heading. See https://crbug.com/350324877 for more details.

Feedback welcome! :)

More links to information about the IBM Power11, that was announced yesterday.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/07/more-details-about-power11.html

🔓⏫ After compromising every endpoint within an organization, our “Caught in the FortiNet” blog series comes to an end with one more thing.
Read more about FortiClient's XPC mistake that allows local privilege escalation to root on macOS:

https://www.sonarsource.com/blog/caught-in-the-fortinet-how-attackers-can-exploit-forticlient-to-compromise-organizations-3-3?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=blog-caught-in-the-fortinet-080725-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #security #vulnerability

The #Adobe patches may be late, but 130 new CVEs from #Microsoft, there's still plenty to talk about. Join @TheDustinChilds as he covers the release and point out why it's a bad month to be a SQL Server admin. https://www.zerodayinitiative.com/blog/2025/7/8/the-july-2025-security-update-review

#Adobe has (finally!) released their updates for July. 13 bulletins addressing 60 CVEs in various products. Nothing is listed as under active attack. The patch blog has bee updated with all the details. https://www.zerodayinitiative.com/blog/2025/7/8/the-july-2025-security-update-review