[RSS] exploits.club Weekly(ish) Newsletter 92 - S23 N-Day PoCs, Printer Overflows, DNG OOB Writes, And More

https://blog.exploits.club/exploits-club-weekly-ish-newsletter-92-s23-n-day-pocs-printer-overflows-dng-oob-writes-and-more/

We have updated the #Pwn2Own Automotive rules to expand the target scope of the #Alpitronics category and to clarify the model of the ChargePointHome Flex model number. Check out the rules at https://www.zerodayinitiative.com/Pwn2OwnAuto2026Rules.html

CrowdStrike says it caught an insider sharing screenshots taken on internal systems with unnamed threat actors.

https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/

[RSS] NSO Group argues WhatsApp injunction threatens existence, future U.S. government work

https://cyberscoop.com/nso-group-whatsapp-injunction-appeal/

User-friendly GUI: please provide command line parameters in this text box!

Me, knowing that one of the characters will need escaping:

That's how I like my #Friday's: I came back from lunch and my code started working!

Time to push to prod...

[RSS] How And Why We Hacked Cypherock Hardware Wallet: The Full Story

https://www.darknavy.org/blog/how_and_why_we_hacked_cypherock_hardware_wallet_the_full_story/

"How did the U.S. government obtain LuBian%27s wallet private key?"

Love this so much. 💜

what if we just forgot about DNS and start to address everything in IPv6-l33tspeak?

#internet #infrastructure #cloudflare #microsoft #AI #aws #crowdstrike #DNS #rust #Linux

🔌 Allow us to introduce the new IDA Plugin Manager.

Now, with a few simple commands, you can access a modern, self-service plugin ecosystem. Discover and get discovered more easily.

https://hex-rays.com/blog/introducing-the-ida-plugin-manager

Genie: You have 3 wishes
Me: Can I just have -1 wish?
Genie: Okay, you have 4294967295L wishes

#microfiction

[RSS] AI Coding Vibe Check

https://tamir.dev/posts/ai-vibe-check-2025/

/by @tmr232

A Spanish court orders Meta to pay €479M to 87 Spanish digital media outlets for unfair competition practices and infringement of EU data protection regulations (Reuters)

https://www.reuters.com/sustainability/boards-policy-regulation/spanish-court-orders-meta-pay-550-mln-digital-media-companies-2025-11-20/
http://www.techmeme.com/251120/p18#a251120p18

[RSS] Deleting the [Boot Configuration Data] through COM as low privileged user [CVE-2025-59253]

https://warpnet.nl/blog/deleting-the-bcd-through-com-as-low-privileged-user/

The lesson for today is that you must always give your code weird ass names because tools tend to go online and fetch something completely unrelated if they can find the name :P

New Project Zero issue:

Windows: Administrator Protection RAiLaunchAdminProcess Application Name EoP

https://project-zero.issues.chromium.org/issues/437291456

CVE-2025-60718

Reversing public #security advisories has been a lot of fun lately. Here's an exploit I've built for CVE-2025-9501 that potentially affects 1+ million #WordPress installations:

https://www.rcesecurity.com/2025/11/exploiting-a-pre-auth-rce-in-w3-total-cache-for-wordpress-cve-2025-9501/

When Updates Backfire: RCE in Windows Update Health Tools https://research.eye.security/rce-windows-update-health-tools/

[RSS] LITE XL RCE (CVE-2025-12121)

https://bend0us.github.io/vulnerabilities/lite-xl-rce/