Looks like #Microsoft Word is taking another step (after oh-so-many) to new depths of depravity. Your Word documents will be saved to the cloud automatically on Windows going forward

Even if you're not up to the full move of jumping to #Linux, at least get #LibreOffice and use Writer instead. Its a word processing program that works 𝘧𝘰𝘳 you, not against. #opensource is the way forward, not this nonsense

https://www.ghacks.net/2025/08/27/your-word-documents-will-be-saved-to-the-cloud-automatically-on-windows-going-forward/

[RSS] Partial Analysis of CVE-2025-38618

https://u1f383.github.io/linux/2025/08/28/partial-analysis-of-CVE-2025-38618.html

Eight years later, I’ve updated my most-starred @github repository with some new @fridadotre scripts, inspired by @spaceraccoonsec's new book “From Day Zero to Zero Day”.

Check it out: https://github.com/0xdea/frida-scripts/

I had missed this #linux #kernel discussion about #pathtraversal #vulnerabilities

[RFC] Add a prctl to disable ".." traversal in path resolution

https://lore.kernel.org/linux-fsdevel/20241211142929.247692-1-mjg59@srcf.ucam.org/T/#u

[RSS] A Quick Note on CVE-2025-38617

https://u1f383.github.io/linux/2025/08/27/a-quick-note-on-CVE-2025-38617.html

I combined DEVCORE's CVE-2024-35250 with the CVE-2024-30084 double fetch bug and the Cloud Filter memory trap technique by @tiraniddo to achieve reliable LPE without device requirements on Win10 VMs.

https://scrapco.de/blog/its-a-trap-reliable-exploitation-of-cve-2024-30084.html

checking whether the C compiler works... no

Understandable, have a nice weekend

The Register wrote a story about a single maintainer open source project, I think it's shameful and upsetting. So I wrote a blog post about it

An absolutely ridiculous amount of open source is one person projects. I have the data to prove it

https://opensourcesecurity.io/2025/08-oss-one-person/

Cisco Talos just disclosed vulnerabilities in Libbiosig, Tenda routers, SAIL image library, PDF-XChange, and Foxit Reader — all now patched by vendors: https://blog.talosintelligence.com/libbiosig-tenda-sail-pdf-xchange-foxit-vulnerabilities/

#Ghidra 11.4.2 is out:

https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.4.2_build

This page intentionally left blank

Look at the rate of weasel wording in OpenAI's not-really-apology:

https://openai.com/index/helping-people-when-they-need-it-most/

I'm sick and tired of people pretending they have ways to enforce LLM behavior, while all they do is weigh dices differently - they remain dices.

Trying to enforce security boundaries with a PRNG is one thing, but you definitely can't prevent reinforcing harmful behavior, because you can't even define what it is.

And this can cost lives, as we just witnessed.

The CEO of Open AI should be tried for accessory to murder -- OpenAI responds to ChatGPT helping a teen commit suicide

What a load of goddamned CRAP:

https://openai.com/index/helping-people-when-they-need-it-most/

Tim Berners-Lee wrote this in 1999. 26 years later: https://www.justice.gov/opa/pr/department-justice-prevails-landmark-antitrust-case-against-google

🇪🇺 Brussels speaks clearly. @EU_Commission confirmed to us: The #DigitalMarketsAct is non-negotiable, not even as part of trade talks with Donald Trump.

💪 We welcome the EC’s reaffirmation of its commitment to neutral, robust, and evidence-based enforcement of the #DMA. But we call on the Commissioners to strengthen enforcement and make sure gatekeepers cannot get away with circumventing the law.

👉 Read the Commission’s reply: https://edri.org/wp-content/uploads/2025/08/European-Commission-response-on-US-influence-in-DMA-enforcement.pdf

"Will WebClient Start"

This awesome blog post by Steven Flores, with SpectorOps, tries to answer a question I had too: "Is it possible to start the WebClient service remotely as a low-priv user?"

Very interesting read. The article walks you through the entire thought process and tackles various Windows internals. And even if the result may seem underwhelming, it lays the ground for others to try and take on this challenge. 😉

👉 https://specterops.io/blog/2025/08/19/will-webclient-start/

SMAP is coming to Windows

[RSS] The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309) - watchTowr Labs

https://labs.watchtowr.com/the-one-where-we-just-steal-the-vulnerabilities-crushftp-cve-2025-54309