[RSS] Analyzing and Breaking Defender for Endpoint's Cloud Communication

https://labs.infoguard.ch/posts/attacking_edr_part5_vulnerabilities_in_defender_for_endpoint_communication/

I'm struggling to find and "ELI5 LLM" video, everything I get is either AI generated, marketing, or explaining advanced topics.

Any recommendations?

"You know, I couldn't do it. I couldn't reduce it to the freshman level. That means we really don't understand it." - Richard Feynman

Dear Infosec people who have looked at XML and XXE before: I am trying to get an understanding of Blind XXE.
Many of the descriptions I find are lacking an important detail which makes the attack much less practical. Blind XXE works by building an URL which contains content of a file, allowing to exfiltrate content. However, in all my tests, that *only* works if the file contains no newlines, as those are not allowed in URLs. Am I missing something?
🧵

DOMPurify 3.3.0 will soon be released, with this likely being the most important change in a long time:

https://github.com/cure53/DOMPurify/pull/1150

The Great Software Quality Collapse: How We Normalized Catastrophe

https://techtrenches.substack.com/p/the-great-software-quality-collapse

"We've normalized software catastrophes to the point where a Calculator leaking 32GB of RAM barely makes the news."

2025 Component Abuse Challenge: Load Cell Anemometer

https://hackaday.com/2025/10/09/2025-component-abuse-challenge-load-cell-anemometer/

So far I’m seeing two reports of system disruption with the Crowdstrike sensor update on r/Crowdstrike, but haven’t seen any substantiation anywhere else.

Anyone seeing more?

Finding a buggy driver is one thing, abusing it is another🧠
In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀

➡️ https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html

And they say school material is disconnected from real life:

I just had to use one of my password cracking wordlists to figure out kiddos homework

Fascinating job alert: TikTok

Analyst, Influence Operations - Global Security Organization

https://lifeattiktok.com/search/7553316363885103368

RE: https://infosec.exchange/@BleepingComputer/115344618285071730

Remember that whole "only about 5% of customers were impacted" line? And how it got people to stop paying attention? Yeah...

Open Source isn't going to help.

There's a way to invisibly compromise all software.

A perfect, self-replicating "sin" passed down for generations of compilers.

It's not just theoretical, and Ken Thompson showed us how.

Fuck I gotta unlock my bootloader asap https://social.linux.pizza/@MichaelRoss/115342003180134350

My Dad's on the lookout for a reasonable e-book reader. No Android, no color, no LCD screen - eInk only.

It's been over a decade I last bought an ebook reader, and the Kindle Paperwhite we bought back then still functions great (it never connected to the internet), so I'm a bit out of my depth.

I was looking at a Kobo Clara BW, and I seem to recall reading favourable reviews of Kobo devices.

Is this a good one? Or is there any better one in a similar price range?

For various reasons, not interested in second hand devices, nor DIY or hacked customs. Dad needs something that can be bought off the shelf of a random local shop (or ordered online, shipping to Hungary without horrible tarrifs).

If you have a bash command line of "exec program ..." and you can control the "..." can you make it not run the exec and do something different? The answer is yes. Even if "..." is somewhat sanitised for shell metacharacters. If you can inject $[+] it will make bash error on that line and run the next. This is how https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 works.

Mole is a Binary Ninja plugin designed to identify interesting paths in binaries [by performing static backward slicing]

https://github.com/cyber-defence-campus/mole

In our final ksmbd research post, @sine provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out!

https://blog.doyensec.com/2025/10/08/ksmbd-3.html

#doyensec #appsec #security

This was driving me nuts: Even though I set #Firefox to always ask where it saves files, sometimes when I accessed PDF's it saved them in my Downloads directory without question.

It seems `browser.download.start_downloads_in_tmp_dir=true` solves this problem but I still can't wrap my head around why they implemented this exceptional behavior (and why there is no visible setting for it).

Source: https://www.reddit.com/r/firefox/comments/1jnpvs3/firefox_doesnt_ask_when_downloading_pdfs_and/

Cybersecurity Awareness Month is dumb. Here are some alternatives.

No Vendor November Do some free shit to improve your posture. You know your users, systems and business better than they do.

Defaults December Security by design and default deny.

#cybersecurityawarenessmonth

Micropatches Released for Windows Storage Spoofing Vulnerability (CVE-2025-49760)
https://blog.0patch.com/2025/10/micropatches-released-for-windows.html