FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

has anyone ever made a man page viewer which shows you a table of contents for the man page so you can easily navigate through the sections?

(please do not tell me about `info`)

CVE ID: CVE-2025-8088
Vendor: RARLAB
Product: WinRAR
Date Added: 2025-08-12
Notes: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-8088

We've managed to make it through hacker summer camp, and #Microsoft and #Adobe survived enough to deliver their latest security patches. Join @TheDustinChilds as he breaks down another large Patch Tuesday release. https://www.zerodayinitiative.com/blog/2025/8/12/the-august-2025-security-update-review

NEW: Two hackers broke into the computer of a hacker allegedly working for the North Korean spy group known as "Kimsuky."

The hackers then leaked a treasure trove of stolen data, exposing a North Korean spy operation against South Korean targets.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in their Phrack magazine article. “You hack for all the wrong reasons.”

https://techcrunch.com/2025/08/12/hackers-breach-and-expose-a-major-north-korean-spying-operation/

Oh shit it's Patch Tuesday...

Just under three weeks until CFP opens for RE//verse 2026! Submissions open September 1st: https://sessionize.com/reverse-2026

And while you’re at it, snag your ticket early before prices go up: https://shop.binary.ninja/collections/re-verse-admissions-requires-sales-tax/products/re-verse-2026-admission

/me @ the How Did This Ever Work?! phase, with the added excitement that the same code in a different script still works

(now that file is a sacred artifact that must be protected by all costs)

Absolutely jaw-dropping talk by Micah Lee on the blinding national-security incompetence at the highest levels of the Trump regime.

https://micahflee.com/we-are-currently-clean-on-opsec-the-signalgate-saga/

If this had been any Democratic govt, Fox "News" and the entire right-wing media gang would make it the top story for weeks, if not months.

Micropatches Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability (CVE-2025-21420)
https://blog.0patch.com/2025/07/micropatches-for-windows-disk-cleanup.html

Micropatches Released for Windows Update Service Elevation of Privilege Vulnerability (CVE-2025-48799) https://blog.0patch.com/2025/08/micropatches-released-for-windows.html

[RSS] Extraction of Synology encrypted archives - Pwn2Own Ireland 2024

https://www.synacktiv.com/en/publications/extraction-of-synology-encrypted-archives-pwn2own-ireland-2024

New assessment for topic: CVE-2025-4678

Topic description: "Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection ..."

"This is a similar RCE like [CVE-2024-12971](https://attackerkb.com/topics/BJe14wkMYS/cve-2024-12971) but now in the `chromium_path`directory settings at the Pandora ITSM application ..."

Link: https://attackerkb.com/assessments/cbac9f7f-798e-424f-a010-48ceada60ff7

Then: UK govt loses mind
Now: Wikipedia loses legal challenge
Next: UK loses Wikipedia access?

This legislation is way, way beyond porn and stated scope. There is no good reason to age gate an encyclopaedia *at national level* under the guise of protecting children.

https://wikimediafoundation.org/news/2025/08/11/wikimedia-foundation-challenges-uk-online-safety-act-regulations/

"It's the certificates, stupid!"

A quick analysis into the Phrack #72 APT Down code signing certificates. Has South Korea been backdoor pounded for the last two decades?

https://reverse.put.as/2025/08/11/itsthecertificatesstupid/

[FD] Kigen eUICC issue (custom backdoor vs. FW update bug)

https://seclists.org/fulldisclosure/2025/Aug/4

"we suggest Kigen customers to request information pertaining to all secret / shared keys embedded in Kigen eUICC FW and ECASD domain"

It's totally reasonable to be more cautious these days, but don't let that drive you to have opsec panic attacks that aren't founded in common sense. For example... it makes no sense to be worried someone might figure out you're queer or a leftist if you're too open about your politics while posting... on fediverse, the queer leftist social media platform. They already know, chief.

WOOT '25 Technical Sessions materials

https://www.usenix.org/conference/woot25/technical-sessions

#fromBsky

[RSS] Compiler Bug Causes Compiler Bug: How a 12-Year-Old G++ Bug Took Down Solidity

https://osec.io/blog/2025-08-11-compiler-bug-causes-compiler-bug

High level diff of iOS 26.0 beta5 vs. iOS 26.0 beta6 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/26_0_23A5308g__vs_26_0_23A5318c/README.md