We built local backdoors for Signal, 1Password & Slack through V8 heap snapshot tampering (CVE-2025-55305).

Method: Replace v8_context_snapshot.bin files with versions that override JavaScript builtins. When apps call Array.isArray(), malicious code executes.
Works because integrity checks ignore these "non-executable" files that actually contain executable JavaScript.

Impact: Nearly every Chromium-based app is vulnerable.
https://blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/

[RSS] Exploit development for IBM i

https://blog.silentsignal.eu/2025/09/04/Exploit-development-for-IBM-i/

Another one from my old partners in crime, incl. exploit for CVE-2023-30990 #IBMi

Alright Fedi. This is going to be my more far fetched question as of yet.

Do any of you happens to have, lying in a box somewhere, a Photo CD? And if so, would you be willing to part with it?

Just to clear any possible confusion, I’m specifically looking for a disc in the Photo CD format, not a CD-R on which pictures have been stored as files. Here is the article on the subject: https://en.wikipedia.org/wiki/Photo_CD.

Boosts are appreciated, as my search has not been fruitful this far.

[RSS] Analysis of CVE-2025-37756, an UAF Vulnerability in Linux KTLS

https://u1f383.github.io/linux/2025/09/03/analysis-of-CVE-2025-37756-an-uaf-vulnerability-in-linux-ktls.html

[RSS] Secondary Context Path Traversal in Omnissa Workspace ONE UEM

https://slcyber.io/assetnote-security-research-center/secondary-context-path-traversal-in-omnissa-workspace-one-uem/

After a decade of neglect, ELF object file specification is being maintained again
https://groups.google.com/g/generic-abi/c/doY6WIIPqhU Updated my notes https://maskray.me/blog/2024-01-14-exploring-object-file-formats
Cary is maintaining both DWARF and ELF :)

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 008ff630

setlocale

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F008ff630.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F008ff630.json&colors=light

📢 It's here! Part two of Norbert Szetei's (@sine) research into ksmbd. See how customized fuzzing & selecting the right sanitizers led to discovering 23 Linux kernel CVEs, including use-after-frees & out-of-bounds reads/writes.

https://blog.doyensec.com/2025/09/02/ksmbd-2.html
#doyensec #appsec #security #fuzzing

[RSS] Dubious security vulnerability: Remembering passwords for recently-opened ZIP files

https://devblogs.microsoft.com/oldnewthing/20250902-00/?p=111544

[RSS] Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel

https://swarm.ptsecurity.com/kernel-hack-drill-and-a-new-approach-to-exploiting-cve-2024-50264-in-the-linux-kernel/

🤯🚨 BREAKING NEWS 🚨🤯

In a shocking development, new additions to the #ECMAScript standard WILL UNLEASH THE HERETOFORE UNAVAILABLE POWER OF ADDITION _IN JAVASCRIPT_ upon the world!

👉 https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/sumPrecise

Only works in Firefox ATM. Like, Chrome and Safari can't even add numbers currently.

#javascript #webdev

Eerie Linux posted an extensive introduction to using CP/M that assumes no previous knowledge of early operating systems. They also link to other posts they wrote on the evolution of CP/M.

https://eerielinux.wordpress.com/2025/08/28/a-gentle-introduction-to-cp-m

#cpm #retrocomputing #os

Ksmbd Fuzzing Improvements and Vulnerability Discovery https://blog.doyensec.com/2025/09/02/ksmbd-2.html

[RSS] Linux I/O Port Access Checks on x86_64

https://u1f383.github.io/linux/2025/09/02/linux-io-port-access-checks-on-x86_64.html

go to the cloud they said
it'll be fine they said
https://www.bleepingcomputer.com/news/security/zscaler-data-breach-exposes-customer-info-after-salesloft-drift-compromise/

Your #DFIU category today is OG HACKER SHIRTS

This Ron Rivest 1987 cipher, illegal to export from the US (mathematical munitions), fit on 3 lines of Perl and adorned t-shirts as a form of civil disobedience before becoming the WEP protocol's greatest weakness

I don't like this custom protocol, I'm sure there is a common library that could be used! Let's take a look at this alternative repository...

"import org.springframework...."

*drop and run*

Yes, there’s another phishing campaign contacting fediverse users to fill out a form to avoid being suspended or whatever. Stay calm and just report them and be sure to check the option to inform their home instance so the account gets suspended for everyone.

Also, please consider enabling moderated signups if you don’t already have them. I get it - signups dropped by >90% when I did it, but there’s very little capability for dealing with bad actors proactively once they have an account. I know it’s not a foolproof way to keep the scammers out, but it is an improvement.

[RSS] STAR Labs Summer Pwnables Linux Kernel Challenge Writeup

https://u1f383.github.io/linux/2025/09/01/starlabs-summer-pwnables-linux-kernel-challenge-writeup.html