[RSS] Reverse Engineering Security Products: Developing an Advanced Tamper Tradecraft (BHMEA24 slides)

https://github.com/emcalv/BlackHat-MEA-2024-slides/blob/main/BH%20MEA%202024%20-%20Reverse%20Engineering%20of%20Security%20Products_%20Defender.pdf

Shared the PoC with @mkolsek few days ago, the same one I gave to microsoft. Unlike microsoft however, they not only verified the issue within days but refined it demonstrating that ANY domain user can crash a fully patched windows 2025 server as of now.
https://bird.makeup/users/0patch/statuses/1947674442772910437

Student suspended over suspected use of #PHP

#FromTheArchives

https://www.bbspot.com/news/2000/6/php_suspend.html

In memory of Ozzy Osbourne, we replay our review of Technical Ecstasy, an often overlooked album from his era of Black Sabbath that is among our favorites at CatSynth. We extend our thoughts to his family, friends, and colleagues 😿
https://youtu.be/vklyJuPbilY

I am excited to share this new single-header C library I have been working on for a while now: vecmath.h, a comprehensive vector/matrix math library for graphics/games/3d.
It allows you to write vector math code in C that looks like this:

I don't know which update specifically, but in a recent update of 24H2 it looks like the Win32k system call table is protected by Kernel Data Protection (read-only SLAT entry)! I believe CI!g_CiOptions and msseccore's SecKdpSe PE section were the only things using it before.

Windows is one massive (private) Git repo.

When I was at MS, the Windows Source had around ~3k PRs a day!

Regular Git didn’t scale to those levels at the time.

Internally there was a progression from Git -> GVFS -> Scalar -> merge back to Git. Here's how it worked:

"35% of the US stock market is held up by five or six companies buying GPUs."

Ed Zitron, The Hater's Guide to the AI Bubble

https://www.wheresyoured.at/the-haters-gui/

[RSS] Quick-Skoping through Netskope SWG Tenants - CVE-2024-7401

Marketing domain -> check!

https://quickskope.com/

[RSS] Ruckus Unleashed: Multiple vulnerabilities exploited

CVE-2025-46116 CVE-2025-46117 CVE-2025-46118 CVE-2025-46119 CVE-2025-46120 CVE-2025-46121 CVE-2025-46122 CVE-2025-46123

https://sector7.computest.nl/post/2025-07-ruckus-unleashed/

[RSS] Miggo Security%27s AI Slop & Potential Trademark Infringement

https://jericho.blog/2025/07/21/miggo-securitys-ai-slop-potential-trademark-infringement/

Here's the article I was working on today, and the first I've written for The Register in a hot minute: a look at a new, generated-from-actual-1980s-hardware, 1.5-million-strong test suite for the Intel 286 and compatibles.

In 2025. Yes. Emulator devs are a different breed, I tell you, and we're all the richer for 'em.

https://www.theregister.com/2025/07/21/intel_286_test_suite/

#VintageComputing #RetroComputing #Emulation

Wikimedia Foundation Challenges UK Online Safety Act Regulations | Wikimedia Foundation
https://alecmuffett.com/article/113724
#AgeVerification #OnlineSafety #surveillance #wikipedia

WAFFLED: Exploiting Parsing Discrepancies to Bypass Web Application Firewalls [PDF]

https://arxiv.org/pdf/2503.10846v1

[RSS] Remembering Chiptunes, the Demoscene and the Illegal Music of Keygens

https://hackaday.com/2025/07/20/remembering-chiptunes-the-demoscene-and-the-illegal-music-of-keygens/

[RSS] The case of the invalid instruction exception on an instruction that should never have executed

https://devblogs.microsoft.com/oldnewthing/20250718-00/?p=111390

[RSS] Trigon: exploiting coprocessors for fun and for profit (part 2)

#iOS

https://alfiecg.uk/2025/07/16/Trigon.html

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.

https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/

In case you feel like singing into a megaphone: please don't!

#activism #ProTip

JavaScript broke the web (and called it progress), https://www.jonoalderson.com/conjecture/javascript-broke-the-web-and-called-it-progress/.

> Everything’s optimised for developers – and hostile to everyone else.

> This isn’t accidental. It’s cultural. We’ve created an industry where complexity is celebrated. Where cleverness is rewarded. Where engineering sophistication is valued more than clarity, usability, or commercial effectiveness.

And still. Was told I’m an idiot when I was saying it’s getting too complex. Now this is the result.

#javascript #web