High level diff of iOS 18.6 beta2 vs. iOS 18.6 beta3 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_6_22G5064d__vs_18_6_22G5073b/README.md

WHAT IS THIS SOURCERY?!

#Winget has #DSC support now?!

I can start #WindowsSandbox and have the required security tools installed #automagically!

https://github.com/microsoft/winget-dsc/tree/main/samples/DscResources/Microsoft.WindowsSandbox.DSC

There’s an entire rant buried in here but, in short, I absolutely agree.

[RSS] [CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

https://karmainsecurity.com/KIS-2025-04

📣"Debuggers 1103: Introductory Binary Ninja" is released!📣
https://ost2.fyi/Dbg1103

This class by Xusheng Li of Vector 35 @binaryninja provides students with a hands-on introduction to the free version of Binja as a debugger, thus providing decompilation support!

Like all current #OST2 classes, the core content is made fully public, and you only need to register if you want to post to the discussion board or track your class progress. This mini-class takes approximately 2 hours to complete, and can be used as standalone cross-training for people who know other reverse engineering tools, or by students learning assembly for the first time in the https://ost2.fyi/Arch1001 x86-64 Assembly class.

"Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt."

https://www.openwall.com/lists/oss-security/2025/07/11/2

CVE-2025-7424 CVE-2025-7425

#OSS #FOSS

#PHP Security fixes:

- CVE-2025-1735 SQLi via pgsql (related to CVE-2025-1094)
https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3

- CVE-2025-1220 SSRF via fsockopen()
https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r

- CVE-2025-6491 NULL deref in SOAP handling
https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x

Want to influence the rules for vulnerability handling for every internet-connected product sold in the EU? Of course you do!

You are invited to the vulnerability handling deep dive session for the Cyber Resilience Act. July 22, online, free registration:

https://www.stan4cra.eu/event-details/deep-dive-session-vulnerability-handling

More info: https://www.stan4cra.eu/resources

#CRA #InfoSec

Revisiting automating MS-RPC vulnerability research and making the tool open source https://www.incendium.rocks/posts/Revisiting-MS-RPC-Vulnerability-Research-automation/

Many static site generator templates don't include meta tags for #RSS / #Atom feeds, but the data is generated by default. It's worth to check:

/index.xml
/feed.xml

#syndication

No-AI and solid end-to-end encryption is the new tech hype.

If you don't invest heavily in solid end-to-end encryption, privacy-protective and No-AI features, you will be left behind. People might even laugh at you.

Tell everyone.

#NoAI #Encryption #RootForE2EE #Privacy #Tech

Buried in the Log. Exploiting a 20 years old NTFS Vulnerability

https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/

I think I missed this one about CVE-2025-49689

[CVE-2025-38001] #Exploiting All Google #kernelCTF Instances And Debian 12 With A #0Day For $82k: A RBTree Family Drama (Part One: LTS & COS)

https://syst3mfailure.io/rbtree-family-drama/

My office computer just crashed and now all the other computers have slowed down so they can see whats happening.

How I do it.

Some words on how I work on #curl and lead the #curl project. Every day of the week. Year in, year out. It never ends.

https://daniel.haxx.se/blog/2025/07/13/how-i-do-it/

I just released #iocaine version 2.5.0, probably the last 2.x version, as I'm starting to lay out the roadmap for 3.0.

Apart from a couple of handy new features to aid in bot detection and data collection, there's an important fix in it too: previously, the built-in templates did not escape the generated text properly, which could lead to all kinds of weirdness. Now they do.

The templates also have access to a new filter - urlencode -, which helps escaping random text generated to be used as URLs.

Europe appears to just have given up on doing anything technical. Perhaps we should hurry up & stop pretending we want to do anything ourselves, so we can speed up getting to our eventual destiny of a full time holiday destination for American, Chinese and Russian tourists. And mind you, that is the _best_ outcome I can see right now. https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps

#eprint Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog by Peter Gutmann, Stephan Neuhaus (https://ia.cr/2025/1237)

Some of my bugs in Windows Kernel ETW have been fixed by MSRC this month.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47985
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49660
These bugs are triggered from NTOS syscall.

Truly humbled to share I had the honor of being a guest on the legendary @darknetdiaries. We talked about some wild stories, the epic screw ups, and others adventures. Really grateful for the chance to tell a few tales and hope it resonates with some

https://darknetdiaries.com/episode/160/