Day 12 of Advent of Compiler Optimisations!

Your loop checks the same condition every iteration, even though it never changes. Seems wasteful, right? The compiler thinks so too—and its solution is something that sounds completely backwards. Making your code bigger to make it faster? What's the trick?

Read more: https://xania.org/202512/12-loop-unswitching
Watch: https://youtu.be/-VCrYshE7iQ

#AoCO2025

Free Micropatches for Windows Remote Access Connection Manager DoS (0day)
https://blog.0patch.com/2025/12/free-micropatches-for-windows-remote.html

"Base Score: 9.8 (Critical)"

https://hackerone.com/reports/3462525

[RSS] The FreePBX Rabbit Hole: CVE-2025-66039 and others

https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/

[RSS] exploits.club Weekly(ish) Newsletter 93 - Old QEMU Bugs, Android Auto Bluetooth PoCs, BeeStation P20, and More

https://blog.exploits.club/exploits-club-weekly-ish-newsletter-92-s23-n-day-pocs-printer-overflows-dng-oob-writes-and-more-2/

Finally pushed an update to my #DecemberAdventure

tl;dr life is distracting and having a young kid makes this harder to keep-up with

https://git.sr.ht/~louismerlin/december-adventure

Exim 4.99: Remote heap corruption https://www.openwall.com/lists/oss-security/2025/12/10/1
In vulnerable configurations, a remote, unauthenticated attacker can achieve heap corruption. No exploit for remote code execution yet, but it may be possible. No further details published yet, until the fix goes public.

New vulnerability report from Talos:

The Biosig Project libbiosig MFER parsing multiple stack-based buffer overflow vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296

CVE-2025-66048,CVE-2025-66043,CVE-2025-66047,CVE-2025-66044,CVE-2025-66046,CVE-2025-66045,CVE-2025-66043,CVE-2025-66044,CVE-2025-66045,CVE-2025-66046,CVE-2025-66047,CVE-2025-66048

A modern tale of Blinkenlights, cheap Christmas shopping and curiosity, narrated by @virtualabs

Firmware extraction and reverse engineering of a smartwatch FTW!

https://blog.quarkslab.com/modern-tale-blinkenlights.html

[RSS] Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis

https://blog.trailofbits.com/2025/12/11/introducing-mrva-a-terminal-first-approach-to-codeql-multi-repo-variant-analysis/

vim user doing God's work

In #IBMi 7.6 TR1 and 7.5 TR7 three new date formats have been introduced that will make solving 2040 issue easier.
💙 #IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/12/new-date-formats-for-rpg.html

We currently have three pending CVEs to be announced in the next #curl release (severity low + medium x 2)

All three found with AI powered tooling.

So it is happening.

[RSS] The Fragile Lock: Novel Bypasses For SAML Authentication

https://portswigger.net/research/the-fragile-lock

[RSS] How Citrix Fixed an ESC1 Risk in Their Documentation

https://medium.com/@Debugger/how-citrix-fixed-an-esc1-risk-in-their-documentation-5051bf410139?source=rss-3ba65b326b28------2

Sources of Deception

#webcomic #krita #miniFantasyTheater

Random realization: MS Teams is the Lotus Notes of web meetings.

Oh dear the entire https://www.lyonlabs.org site is offline *and* excluded from archive.org.

It's a massive archive of vintage and modern GEOS and C64 material a lot of it seemingly not found elsewhere.

Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge.
https://research.google/resources/datasets/
Dataset is available for download at:
▪️https://console.cloud.google.com/storage/browser/net-ntlmv1-tables [Login required]
▪️gs://net-ntlmv1-tables

hmmmm idk about this verification method Discord is offering

It's the final Patch Tuesday of 2025! #Microsoft and #Adobe took it easy on us with a smaller release, but there's 1 0-day being exploited & an Exchange bug reported by the NSA. @dustin_childs fills you in on the details & where to focus your priorities. https://www.zerodayinitiative.com/blog/2025/12/9/the-december-2025-security-update-review