[RSS] What's That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)

https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/

"The moment of discovery" does not always exist: the scientist's work is too tenuous, too divided, for the certainty of success to crackle out suddenly in the midst of his laborious toil like a stroke of lightening, dazzling him by its fire.

In: Eve Curie - Madame Curie - Chapter XII (p. 158)

~Marie Curie #BOTD in 1867.

#physics #radioactivity #womeninStem

Magika 1.0 is released, available in Rust, TypeScript and Python, and supporting more than 200 file types.

Public blog post:
https://opensource.googleblog.com/2025/11/announcing-magika-10-now-faster-smarter.html

Source: https://github.com/google/magika

From bit flip to RCE in Ollama! 🦙

Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:

https://www.sonarsource.com/blog/ollama-remote-code-execution-securing-the-code-that-runs-llms/?utm_medium=social&utm_source=twitter&utm_campaign=research&utm_content=blog-ollama-vuln-251104-&utm_term=---&s_category=Organic&s_source=Social%20Media&s_origin=social

#security #vulnerability #llm #ai

Project: facebook/react https://github.com/facebook/react
File: packages/react-reconciler/src/ReactFiberCommitWork.js:1981 https://github.com/facebook/react/blob/c250b7d980864be49facf2306f06455e7f9e305d/packages/react-reconciler/src/ReactFiberCommitWork.js#L1981

function commitMutationEffectsOnFiber( finishedWork: Fiber, root: FiberRoot, lanes: Lanes, )

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Ffacebook%2Freact%2Fblob%2Fc250b7d980864be49facf2306f06455e7f9e305d%2Fpackages%2Freact-reconciler%2Fsrc%2FReactFiberCommitWork.js%23L1981&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Ffacebook%2Freact%2Fblob%2Fc250b7d980864be49facf2306f06455e7f9e305d%2Fpackages%2Freact-reconciler%2Fsrc%2FReactFiberCommitWork.js%23L1981&colors=light

OH: "You're in his DMs. I'm in his VMs. We're not the same."

2025 Component Abuse Challenge: Overdriven LEDs Outshine the Sun

https://hackaday.com/2025/11/06/2025-component-abuse-challenge-overdriven-leds-outshine-the-sun/

[RSS] How to write dnSpy extension

https://kant2002.github.io/en/dotnet/2025/10/02/dnspy-extension.html

I almost got brain aneurysm thinking that the query syntax of tree-sitter and ast-grep differ.

Fortunately that's not the case, but - contrary to Internet wisdom - query syntax is not compatible between languages (parsers).

Also, ast-grep's Playground is insanely useful:

https://ast-grep.github.io/playground.html

[RSS] One-Click Memory Corruption in Alibaba's UC Browser: Exploiting patch-gap V8 vulnerabilities to steal your data

https://www.interruptlabs.co.uk/articles/one-click-memory-corruption-in-alibabas-uc-browser-exploiting-patch-gap-v8-vulnerabilities-to-steal-your-data

‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware.

Goldberg and two other insiders ran ransomware operations since 2023 while employed at cybersecurity firms. After an FBI visit, Goldberg confessed. He now faces up to 50 years in prison.

I found a thing (RCE) in langgraph. ;D

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5

RCE in "json" mode of JsonPlusSerializer · Advisory · langchain-ai/langgraph · GitHub
https://github.com/langchain-ai/langgraph/security/advisories/GHSA-wwqv-p2pp-99h5

The Louvre's Video Surveillance Password Was 'Louvre' https://yro.slashdot.org/story/25/11/05/238245/the-louvres-video-surveillance-password-was-louvre?utm_source=rss1.0mainlinkanon

Kaitai Struct: A Tool For Dealing With Binary Formats - Petr Pucil & Mikhail Yakshin

https://www.youtube.com/watch?v=SC2zIli8MNA

#hacklu2025

"An eBPF Loophole: Using XDP for Egress Traffic" https://loopholelabs.io/blog/xdp-for-egress-traffic

Someone asked me to hand-translate a publicly posted Chinese technical report about NSA shenanigans on the Chinese Center for Time-Keeping network. It took me a while, because it turns out translating technical corporatese from your third language is very hard when chronically sleep deprived, but it is done.

https://docs.google.com/document/d/1gk1fDLKrN3m5jOSk7QbpGL1SBcLvrm0FTN3H-5ZJZcY/edit?usp=sharing

#nsa #fiveeyes #opsec #infosec #threatintel

[RSS] Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed

https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/

Python packages are age-shaming my OS :(

Project: golang/go https://github.com/golang/go
File: src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go:24 https://github.com/golang/go/blob/6425749695130f2032ac9cfdf5407b6a322534db/src/cmd/vendor/golang.org/x/arch/arm64/arm64asm/plan9x.go#L24

func GoSyntax(inst Inst, pc uint64, symname func(uint64) (string, uint64), text io.ReaderAt) string

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2F6425749695130f2032ac9cfdf5407b6a322534db%2Fsrc%2Fcmd%2Fvendor%2Fgolang.org%2Fx%2Farch%2Farm64%2Farm64asm%2Fplan9x.go%23L24&colors=light