Posts
4263
Following
738
Followers
1632
"I'm interested in all kinds of astronomy."
repeated

🔌 Allow us to introduce the new IDA Plugin Manager.

Now, with a few simple commands, you can access a modern, self-service plugin ecosystem. Discover and get discovered more easily.

https://hex-rays.com/blog/introducing-the-ida-plugin-manager

0
3
0
repeated

Genie: You have 3 wishes
Me: Can I just have -1 wish?
Genie: Okay, you have 4294967295L wishes

1
3
1
Edited 7 months ago
0
1
1
repeated

A Spanish court orders Meta to pay €479M to 87 Spanish digital media outlets for unfair competition practices and infringement of EU data protection regulations (Reuters)

https://www.reuters.com/sustainability/boards-policy-regulation/spanish-court-orders-meta-pay-550-mln-digital-media-companies-2025-11-20/
http://www.techmeme.com/251120/p18#a251120p18

0
1
0
[RSS] Deleting the [Boot Configuration Data] through COM as low privileged user [CVE-2025-59253]

https://warpnet.nl/blog/deleting-the-bcd-through-com-as-low-privileged-user/
0
0
2
The lesson for today is that you must always give your code weird ass names because tools tend to go online and fetch something completely unrelated if they can find the name :P
2
0
2
repeated

Project Zero Bot

New Project Zero issue:

Windows: Administrator Protection RAiLaunchAdminProcess Application Name EoP

https://project-zero.issues.chromium.org/issues/437291456

CVE-2025-60718
0
3
0
repeated

Reversing public advisories has been a lot of fun lately. Here's an exploit I've built for CVE-2025-9501 that potentially affects 1+ million installations:

https://www.rcesecurity.com/2025/11/exploiting-a-pre-auth-rce-in-w3-total-cache-for-wordpress-cve-2025-9501/

0
4
0
repeated

When Updates Backfire: RCE in Windows Update Health Tools https://research.eye.security/rce-windows-update-health-tools/

0
2
0
[RSS] Remotely crashing the Spooler service

https://incendium.rocks/posts/Remotely-crashing-spooler/
1
2
4
repeated
repeated
repeated

In case you had missed it - I had. VirtualBox now supports Windows on Arm.

https://blogs.oracle.com/virtualization/oracle-virtualbox-72

Not a bad alternative to the departed Windows Services for Android.

0
3
0
repeated
repeated
New assessment for topic: CVE-2025-58034

Topic description: "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. ..."

"Based on writing the [Rapid7 Analysis](https://attackerkb.com/topics/zClpINmLCh/cve-2025-58034/rapid7-analysis), I have rated the exploitability as `Very High`, as exploitation is trivial and reliable ..."

Link: https://attackerkb.com/assessments/c67a510c-5ac5-43a7-affd-7b7655c4b62f
0
1
1
repeated
repeated

Postmortem of the Xubuntu.org download site compromise

https://lwn.net/Articles/1047056/

0
4
0
repeated

Sent from San Francisco, California, U.S.A. on December 20, 1995. https://postcardware.net/?id=12-38

0
1
0
repeated
Edited 8 months ago

Cloudflare published a very good article explaining how yesterday's outage happened.

https://blog.cloudflare.com/18-november-2025-outage/

I encourage everyone to read it.

I also think people are focusing on that particular unwrap() too much, and not enough on a bigger picture: lack of fallbacks

Without fallbacks at the interfaces between different subsystems, there's nothing to stop an error in one place from cascading throughout the whole infra

Config parsing is not the only place where such fallback was missing

2
3
0
Show older