[CVE-2025-38001] #Exploiting All Google #kernelCTF Instances And Debian 12 With A #0Day For $82k: A RBTree Family Drama (Part One: LTS & COS)

https://syst3mfailure.io/rbtree-family-drama/

My office computer just crashed and now all the other computers have slowed down so they can see whats happening.

How I do it.

Some words on how I work on #curl and lead the #curl project. Every day of the week. Year in, year out. It never ends.

https://daniel.haxx.se/blog/2025/07/13/how-i-do-it/

I just released #iocaine version 2.5.0, probably the last 2.x version, as I'm starting to lay out the roadmap for 3.0.

Apart from a couple of handy new features to aid in bot detection and data collection, there's an important fix in it too: previously, the built-in templates did not escape the generated text properly, which could lead to all kinds of weirdness. Now they do.

The templates also have access to a new filter - urlencode -, which helps escaping random text generated to be used as URLs.

Europe appears to just have given up on doing anything technical. Perhaps we should hurry up & stop pretending we want to do anything ourselves, so we can speed up getting to our eventual destiny of a full time holiday destination for American, Chinese and Russian tourists. And mind you, that is the _best_ outcome I can see right now. https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps

#eprint Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog by Peter Gutmann, Stephan Neuhaus (https://ia.cr/2025/1237)

Some of my bugs in Windows Kernel ETW have been fixed by MSRC this month.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47985
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49660
These bugs are triggered from NTOS syscall.

Truly humbled to share I had the honor of being a guest on the legendary @darknetdiaries. We talked about some wild stories, the epic screw ups, and others adventures. Really grateful for the chance to tell a few tales and hope it resonates with some

https://darknetdiaries.com/episode/160/

The slides from our @reconmtl talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolodev), are now online!

Slides: https://synthesis.to/presentations/recon25_mba_obfuscation.pdf

Plugin: https://github.com/mrphrazer/obfuscation_analysis

Interesting Git repos of the week:

Detection:

* https://github.com/telekom-security/tpotce - have some honey

Exploitation:

* https://github.com/tlsfuzzer/tlsfuzzer - fuzz TLS
* https://github.com/ShawnDEvans/smbmap - map SMB shares
* https://github.com/nccgroup/fuzzowski - another nice fuzzer

Data:

* https://github.com/sneakers-the-rat/gpu-free-ai - the AI implementation you don't want to use!

#code, #security, #research

Again with the showing Bill how wrong he was when he said memory interference flaws were just theoretical.

https://www.securityweek.com/rowhammer-attack-demonstrated-against-nvidia-gpu/

#rowhammer #nvidia

using government traffic cams for free selfies ^_^

New Daily Disc! #Kraftwerk: Computer World 😻🎹 💿 https://youtube.com/shorts/w5xbsBiBCcc?feature=share

Yes, I did sound the alarm on agentic AI's privacy threat, and rightly so.

https://observer.com/2025/07/signal-meredith-whittaker-agentic-ai-risk/

#FortiWeb Pre-Auth #RCE (CVE-2025-25257)

https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce