Alarming as it is, the article below is still not alarming enough! Microsoft France here claims they've never seen a CLOUD ACT request for French government data. Perhaps true. However, under the FISA section 702 & EO 12333, Microsoft is still mandated to deliver such data to the NSA, and Europeans will never learn of that request. US spies do not need to ask Europeans for permission to spy on European governments! #sigint https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/

The European union is developing an age verification app for EU citizens which relies on Google for verifying the integrity of the app.

This means users who run a custom ROM (e.g #lineageos, #grapheneos) won't access some EU resources.

Read the complete explanation on Reddit: https://www.reddit.com/r/BuyFromEU/s/yO3njXfX1x

Neat game glitch explanation: Why signed integers lead to flirting with dogs

https://www.youtube.com/watch?v=ADenqrgMUgA

Part of the job as a cybersecurity professional is in fact arguing to purge and not log information about your customers.

Data is not oil. It's risk.

You know those non-vulnerabilities that companies get forced to fix for compliance reasons? I've found a full bypass for a common patch strategy. I'm half-tempted to keep it secret for the greater good 😂

At DistrictCon's inaugural Junkyard competition, we achieved full remote execution on two popular home network devices: a Netgear WGR614v9 router and BitDefender Box V1 security appliance.

Our exploitation techniques included chaining four buffer overflow vulnerabilities with authentication bypass on the router, plus a novel "bashsledding" ROP technique that sprays shell commands into NVRAM for reliable code execution.

Read the blog: https://blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00598f60

ossl_ec_GFp_simple_ladder_post

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00598f60.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00598f60.json&colors=light

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0091ec00

_dl_relocate_object

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0091ec00.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0091ec00.json&colors=light

🛠️ RIFT just got an upgrade!
Now supports FLIRT signature generation on Linux 🐧
Perfect for reverse engineering Rust malware 🦀
🔗 https://github.com/microsoft/RIFT
#DFIR #ReverseEngineering #RustLang #FLIRT #MalwareAnalysis

The IT world has convinced us no new software can be deployed outside of US clouds. We're so sure about this that European governments (including the UK) are handing over vital government functions & data to US controlled servers. In this piece I argue that until recently we somehow could run stuff on locally owned hardware, and that we should urgently relearn that skill, while it is still possible - or end up as digital colony of the US: https://berthub.eu/articles/posts/our-self-inflicted-cloud-crisis/

I would strongly suggest organisations disable Microsoft Translator for Edge. It's enabled by default, and allows users to automatically translate webpages (without prompt after first use) to native language by sending the entire page content to MS. This includes intranet sites and SaaS services.

It links to a privacy policy that sounds fluffy and nice and - ya know - it isn't. The Microsoft Translator privacy policy for M365 or Azure doesn't actually apply to it.