We just updated our bug bounty hall of fame to include the great security researchers from the last two quarters. Thank you for securing the best #Firefox yet :)

https://www.mozilla.org/en-US/security/bug-bounty/hall-of-fame/

in the interest of helping other small publications, i want to pass along a request for elpis zine, an online zine about the small web, retro tech, and alternate protocols that recently celebrated its 10th issue!

for their next issue, they want to focus on #women of the #internet: "who, one way or another, influenced the creation of the modern Internet, which is why the modern World Wide Web looks exactly like this."

from elpis:

These are women who are at the forefront of the attack and work on the technologies that surround us. These are women who have influenced design, content, and politics. But we're not just talking about the modern Internet, we're also talking about the small web.

There are legendary women here, too. We want to write about you, about your sites, if you have ideas about whom we can also write about, or links to pages (feel free to give your sites), that's cool! We'll publish them.

the editors are looking specifically for "ideas about who can be written about from the great women who influenced the modern Internet (designers, programmers, and so on)." there's so many women in internet #history that we must keep their stories going! <3

the editor of the zine, turboblack, is a 32-bit cafe member and a passionate member of the independent web. :) i hope you appreciate this departure to spread some internet-focused publication love!

I'm pleased to announce a new version of the Rust bindings for IDA Pro! With: - Improved strings, metadata, and core APIs. - Support for the names API. Thank you to @raptor.infosec.exchange.ap.brid.gy & Willi Ballenthin for contributing! Docs: idalib.rs Code: git.idalib.rs

idalib documentation

Project: kubernetes/kubernetes https://github.com/kubernetes/kubernetes
File: staging/src/k8s.io/api/certificates/v1/generated.pb.go:1378 https://github.com/kubernetes/kubernetes/blob/a62752db5110225a89a83ec844a5884413e550ff/staging/src/k8s.io/api/certificates/v1/generated.pb.go#L1378

func (m *CertificateSigningRequestSpec) Unmarshal(dAtA []byte) error

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fstaging%2Fsrc%2Fk8s.io%2Fapi%2Fcertificates%2Fv1%2Fgenerated.pb.go%23L1378&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fstaging%2Fsrc%2Fk8s.io%2Fapi%2Fcertificates%2Fv1%2Fgenerated.pb.go%23L1378&colors=light

local restaurants I love you but please have a website that isn't your instagram profile and has your hours of business on it. kthx

ImageMagick with four vulnerabilities published.

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g ( sev:HIGH )

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f ( sev:LOW )

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 ( sev:HIGH )

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc ( sev:LOW )

[RSS] CVE-2025-5333 - CVSS 9.5: Remote Code Execution in Broadcom Symantec Endpoint Management Suite (Altiris)

https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/

High level diff of iOS 18.6 beta2 vs. iOS 18.6 beta3 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_6_22G5064d__vs_18_6_22G5073b/README.md

WHAT IS THIS SOURCERY?!

#Winget has #DSC support now?!

I can start #WindowsSandbox and have the required security tools installed #automagically!

https://github.com/microsoft/winget-dsc/tree/main/samples/DscResources/Microsoft.WindowsSandbox.DSC

There’s an entire rant buried in here but, in short, I absolutely agree.

[RSS] [CVE-2024-58258] SugarCRM <= 14.0.0 (css/preview) LESS Code Injection Vulnerability

https://karmainsecurity.com/KIS-2025-04

📣"Debuggers 1103: Introductory Binary Ninja" is released!📣
https://ost2.fyi/Dbg1103

This class by Xusheng Li of Vector 35 @binaryninja provides students with a hands-on introduction to the free version of Binja as a debugger, thus providing decompilation support!

Like all current #OST2 classes, the core content is made fully public, and you only need to register if you want to post to the discussion board or track your class progress. This mini-class takes approximately 2 hours to complete, and can be used as standalone cross-training for people who know other reverse engineering tools, or by students learning assembly for the first time in the https://ost2.fyi/Arch1001 x86-64 Assembly class.

"Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt."

https://www.openwall.com/lists/oss-security/2025/07/11/2

CVE-2025-7424 CVE-2025-7425

#OSS #FOSS

#PHP Security fixes:

- CVE-2025-1735 SQLi via pgsql (related to CVE-2025-1094)
https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3

- CVE-2025-1220 SSRF via fsockopen()
https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r

- CVE-2025-6491 NULL deref in SOAP handling
https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x

Want to influence the rules for vulnerability handling for every internet-connected product sold in the EU? Of course you do!

You are invited to the vulnerability handling deep dive session for the Cyber Resilience Act. July 22, online, free registration:

https://www.stan4cra.eu/event-details/deep-dive-session-vulnerability-handling

More info: https://www.stan4cra.eu/resources

#CRA #InfoSec

Revisiting automating MS-RPC vulnerability research and making the tool open source https://www.incendium.rocks/posts/Revisiting-MS-RPC-Vulnerability-Research-automation/

This is fun. Google Gemini’s “Summarize email” function is vulnerable to invisible prompt injection utilized to deceive users, including with fake security alerts.

#infosec #cybersecurity #blueteam

https://0din.ai/blog/phishing-for-gemini

Many static site generator templates don't include meta tags for #RSS / #Atom feeds, but the data is generated by default. It's worth to check:

/index.xml
/feed.xml

#syndication

No-AI and solid end-to-end encryption is the new tech hype.

If you don't invest heavily in solid end-to-end encryption, privacy-protective and No-AI features, you will be left behind. People might even laugh at you.

Tell everyone.

#NoAI #Encryption #RootForE2EE #Privacy #Tech

Buried in the Log. Exploiting a 20 years old NTFS Vulnerability

https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/

I think I missed this one about CVE-2025-49689