WTAF????? https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-users-to-ignore-certificate-enrollment-errors/

Here's the full writeup of CVE-2025-53773 - Visual Studio & Copilot – Wormable Command Execution via Prompt Injection: https://www.persistent-security.net/post/part-iii-vscode-copilot-wormable-command-execution-via-prompt-injection

Patch now!

I had a great time at the most excellent #why2025 camp! Here a write-up of my own #DNA talks (with links to video & annotated slides), some observations on the tremendously terrible state of security & regulation, and what we could do about it, plus some nice photos!
https://berthub.eu/articles/posts/dna-talks-and-why2025/

Frame 146,183 of 207,800

To prevent further frustration from forgotten tricks I brain dumped the less-than-obvious stuff that I can remember from #Ghidra development in my brand new Ghidra Dev Cheat Sheet:

https://scrapco.de/ghidra-cheat-sheet/

PR's and suggestions are most welcome!

TIL about Operation Midnight Climax

https://en.wikipedia.org/wiki/Operation_Midnight_Climax

This is a totally valid unit for any CI pipeline!

RE: https://chaos.social/@weirdunits/115020402704312177

[FD] PlayReady Activation protocol issues (weak auth / fake client identities)

https://seclists.org/fulldisclosure/2025/Aug/3

"PlayReady Activation service does not implement real authentication, but
some form of obfuscated identification scheme [...] Arbitrary PlayReady identity can be requested by the client through public API" and more...

this is uh.
something.

perplexity is offering twice its valuation to buy chrome off google?

strong "run the fuck away" vibes
https://arstechnica.com/gadgets/2025/08/perplexity-offers-more-than-twice-its-total-valuation-to-buy-chrome-from-google/

Proud moment. The 40th anniversary @phrack release was a full success. We gave away 12,000 full color 150pg printed zines for free across three different conferences and did the final main stage talk before closing. l covered the history of phrack and did some panel questions.

FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970

has anyone ever made a man page viewer which shows you a table of contents for the man page so you can easily navigate through the sections?

(please do not tell me about `info`)

CVE ID: CVE-2025-8088
Vendor: RARLAB
Product: WinRAR
Date Added: 2025-08-12
Notes: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-8088

We've managed to make it through hacker summer camp, and #Microsoft and #Adobe survived enough to deliver their latest security patches. Join @TheDustinChilds as he breaks down another large Patch Tuesday release. https://www.zerodayinitiative.com/blog/2025/8/12/the-august-2025-security-update-review

NEW: Two hackers broke into the computer of a hacker allegedly working for the North Korean spy group known as "Kimsuky."

The hackers then leaked a treasure trove of stolen data, exposing a North Korean spy operation against South Korean targets.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in their Phrack magazine article. “You hack for all the wrong reasons.”

https://techcrunch.com/2025/08/12/hackers-breach-and-expose-a-major-north-korean-spying-operation/

Oh shit it's Patch Tuesday...

Just under three weeks until CFP opens for RE//verse 2026! Submissions open September 1st: https://sessionize.com/reverse-2026

And while you’re at it, snag your ticket early before prices go up: https://shop.binary.ninja/collections/re-verse-admissions-requires-sales-tax/products/re-verse-2026-admission

/me @ the How Did This Ever Work?! phase, with the added excitement that the same code in a different script still works

(now that file is a sacred artifact that must be protected by all costs)