You just don't understand the fourth industrial revolution

RE: https://infosec.exchange/@cR0w/115231558276357271

And now we have a watchTowr write-up.

https://labs.watchtowr.com/is-this-bad-this-feels-bad-goanywhere-cve-2025-10035/

I also appreciate them publishing it despite the conclusion. It's insightful despite not reaching their research goal, and they don't make wild speculations like some researchers tend to.

"CVE-2025-1727 reveals a critical design flaw: the EoT/HoT linking protocol — which sends emergency brake commands [to trains] over a radio channel — has no cryptographic authentication."

https://cervello.security/blog/vulnerabilities-incidents/research-cve-2025-1727/

🚨 SolarWinds, the gift that keeps on giving: a new Web Help Desk patch bypass, CVE-2025-26399, enables unauthenticated RCE via deserialization.

It’s a patch bypass of CVE-2024-28988/CVE-2024-28986 - previously exploited.

Given SolarWinds’ past, in-the-wild exploitation is highly likely. Patch now.

Need help assessing your exposure? https://watchtowr.com/

[RSS] BYOVD to the next level (part 1) -- exploiting a vulnerable driver (CVE-2025-8061)

http://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061.html

Help, I need a code signing certificate that won't bankrupt me.

Three years ago, I paid $100 for a three-year code signing certificate. I've signed all my open-source projects' releases with it. Now that it's renewal time, Certera (SignMyCode.com) wants almost $700 for the same three-year certificate (excluding the mandatory HSM purchase, which I am totally on board with).

I write silly C and PowerShell code, and I timestamp my signatures so that they're perpetually valid. My PowerShell Gallery stuff, as well as binaries of aprs-weather-submit on Windows and macOS, are all signed and hashed (but not notarized by Apple, because that's another $99 a year for something that feels done unless Bob Bruninga's followers are thinking about APRS 2.0).

If I can't find a solution, anything I write or update in the future will have to be released as unsigned unless I half-ass something (like the Notepad++ developer using self-signed certs -- semi-dangerously clever). $100 every three years, fine. $700 every three years, and I'll do it if my three fans click my Buy Me A Coffee link over and over.

Is there any CA out there that will offer open-source, not-for-profit developers like me a chance to get globally-trusted code signing certificates? I don't think SigStore ever took off (sadly), and even if it did, I don't think it's part of the Microsoft Authenticode program.

#CodeSigning #SSL #TLS #certificates #Certera #SoftwareDevelopment #C #PowerShell #PowerShellGallery #AmateurRadio #HamRadio #APRS #APRS-Weather-Submit #GitHub #security #developer #Windows #macOS #Linux #Authenticode #DevSecOps #DevOps

SALLY STRUTHERS: Do you use floats? Sure. We all do. But did you know a + b + c ≠ c + b + a with many floats? No. Well, neither did I, but with this one PDF you can become a fount of floating-point foibles to impress and depress your colleagues around the water cooler. Isn't this fun?

https://dl.acm.org/doi/pdf/10.1145/103162.103163 #compsci

Let's say I have a couple of MP3's (very royalty free ofc) that I want to share with normie friends on a web server. Is there a playlist format or maybe even some web frontend that I can use to organize these tracks so my friends can listen to the tracks without installing anything on their Win/Mac boxes, just opening a single URL/file?

It's be nice if there was support for basic HTTP auth because I don't want to open this to everyone either.

#FOSS #MP3 #mixtape

[RSS] The Phantom Extension: Backdooring chrome through uncharted pathways

https://www.synacktiv.com/en/publications/the-phantom-extension-backdooring-chrome-through-uncharted-pathways.html

at this point anybody still using solarwinds should just be considered a huge security risk

https://www.theregister.com/2025/09/23/solarwinds_patches_rce/

RE: https://infosec.exchange/@quarkslab/115254681302340584

Hard to believe that arbitrary RW to physical pages and arbitrary RW of LSTAR MSR are just bugs and not backdoors but I've seen too many of those things to by default attribute it to malice

New video: Inside Windows Sessions
https://trainsec.net/library/windows-internals/inside-windows-sessions/

[RSS] Kmemdump step by step on Qualcomm Automotive platform

https://www.linaro.org/blog/kmemdump-step-by-step-on-qualcomm-automotive-platform/

New vulnerability report from Talos:

Adobe Acrobat Reader Page Property Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2222

CVE-2025-54257

With all this discourse about "AI art" I think we've lost sight of the simple joy of generating terrible nonsense via Markov Chains

UXLINK exploited for around $28 million, then hacker gets phished

September 22, 2025
https://www.web3isgoinggreat.com/?id=uxlink-exploit

/me trying hard not to antropomorphise the LLM

RE: https://infosec.exchange/@mttaggart/115219922584580823

Ayyy look at that! Deprecating TOTP in favor of FIDO-based MFA, and removing the local publishing bypass!

https://www.bleepingcomputer.com/news/security/github-tightens-npm-security-with-mandatory-2fa-access-tokens/

I'm not saying this one is intentional, but it sure feels negligent at best.

https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/

sev:HIGH 8.2 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.

The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers.

and

While OnePlus does advertise a public bug bounty program for reporting vulnerabilities, Rapid7 cannot engage with their bug bounty program due to its restrictive Non Disclosure Agreement (NDA) terms and conditions. Therefore CVE-2025-10184 is being disclosed as not fixed by the vendor at the time of disclosure.

https://www.cve.org/CVERecord?id=CVE-2025-10184