[RSS] OpenPrinting ippusbxd media-size-supported stack based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071

rsync: 6 CVEs https://www.openwall.com/lists/oss-security/2025/01/14/3
Two independent groups of researchers identified a total of 6 CVEs in rsync. In the most severe CVE (affects rsync 3.2.7+), an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code.

Time to upgrade #ApacheTika to 3.2.2.

XXE in XFA parsing up through version 3.2.1

https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w

[RSS] Guess Who Would Be Stupid Enough To Rob The Same Vault Twice? Pre-Auth RCE Chains in Commvault

https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/

[RSS] DLL ForwardSideloading

https://www.hexacorn.com/blog/2025/08/19/dll-forwardsideloading/

[RSS] Marshal madness: A brief history of Ruby deserialization exploits

https://blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/

Git 2.51: Preparing for the future with SHA-256 https://www.helpnetsecurity.com/2025/08/19/git-2-51-sha-256/

Does anyone know there an alternative to the Spotify Jam feature? so many people i know strictly stay on spotify because spotify jam is so good for long distance relationships
https://mastodon.sdf.org/@jdunlevy/115033656932421363

Ever seen two responses to one request? That's just pipelining... or is it? I've just published "Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling" https://portswigger.net/research/how-to-distinguish-http-pipelining-from-request-smuggling

Is it me or Spotify has trouble tracking what time you are at in a track (progress bar jumps, finishes before the track does, etc.)?

I thought humanity solved this problem a few years back.

UK drops demand for backdoor into Apple encryption https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped

"Ukraine gives award to foreign vigilantes for hacks on Russia" https://www.bbc.com/news/technology-68722542

ehhh...

Don’t skip the linenoise section, a lot of great bits in there! https://haunted.computer/@phrack/115051910573337358

Today I have a more serious topic than usual, please consider reposting for reach:

My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder (myoclonus and/or spasms) to finally find a cause and, above all, an effective therapy. The symptoms are bothering our son ever since he’s born, now for more than nine years, seriously affecting his sleep. The usual processes and medical contact points have failed us unfortunately and he seems stuck in this condition.

We’re based in Berlin, Germany but really any contact with a specialist who would be willing to take on this case we’d be grateful for!

To reach use you can DM me or contact us via Email at unclear.condition@gmail.com

One of the most effective security controls you can ever invest in, is a decent work computer for your employees.

Yep, it’s a bit more cash up front to get a bit more RAM or a bit more CPU poke, but your job in IT/Security is to get people the gear they need to do their jobs without thinking ‘this would be quicker if I used….’

Because we all know what happens when your VP of Finance decides to prep the W2’s on their kids Alienware gaming desktop full of Minecraft plugins downloaded from every corner of the internet.

#infosec

At long last - Phrack 72 has been released online for your reading pleasure!

Check it out: https://phrack.org/

As I wrote elsewhere: I never met a hacker more hacker than gera, and never will..

I am glad to finally see his Phrack Prophile published in #72

It shows just a tiny portion of his awesomeness, the full spectrum would probably fill a book.
I am fortunate to have met him and shared numerous adventures with him over the past 35 years or so..

Read his prophile here
https://phrack.org/issues/72/2#article

-=[ PHRACK PROPHILE ON Gera ]=-

https://phrack.org/issues/72/2#article

That’s the whole post…