There's a researcher, Jiang Yuancheng, who's doing a great work finding CPython crashes and memory leaks: https://github.com/python/cpython/issues?q=is%3Aissue%20author%3AYuanchengJiang

They've come up with a very clever idea for a new way of fuzzing, made a fine tool out of it, and are reaping great results.

Fuzzing can be a diminishing returns endeavor: you only have so many bugs to find. Their approach has shown itself to cover different areas and kinds of issues well, as shown by their track record.

#CPython #Python #Fuzzer #Fuzzing #fusil

High level diff of iOS 26.2 vs. iOS 26.3 beta1 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/26_2_23C55__vs_26_3_23D5089e/README.md

CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center https://cymulate.com/blog/cve-2025-64669-windows-admin-center/

Bellingcat’s Kolina Koltai uncovers the Hungarian national behind two deepfake porn websites. The key figure rakes in profits and vacations in luxury hotels in Dubai and Bali, whilst website visitors create sexually explicit images and videos.
Find out how we uncovered the administrator behind the deepfakes by reading the full investigation here: https://www.bellingcat.com/news/2025/12/15/mark-resan-reface-deepfake-porn/?utm_source=mastodon

For those of you who remember ScreamingGoat, they're currently looking for a new role. Ideally something in the threat Intelligence space and DC local. Y'all know how he is with emerging vulnerabilities. Let me know what you've got and I'll make sure it makes it to them.

just released liboprf-0.9.3

liboprf is a library implementing the OPRF from https://www.rfc-editor.org/rfc/rfc9497.html and in addition it also provides a threshold variant (tOPRF) and a distributed key generation (DKG) protocol for the tOPRF shared secret, as well as a key update protocol for the tOPRF shared secret. it comes with a high level python frontend that supports servers on TLS, USB and Bluetooth LE

see: https://github.com/stef/liboprf

We need to normalize declaring software as finished. Not everything needs continouos updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.

slip slop slap

https://hackerone.com/reports/3465094

Microsoft will pay bug bounties even for 3rd party components:

https://www.theregister.com/2025/12/12/microsoft_more_bug_payouts

Does anyone have a copy of the following paper:

https://doi.org/10.1016/0167-4048(82)90003-7

Robert H. Courtney, Jr., "A systematic approach to data security", in Computers & Security Volume 1, Issue 2, June 1982 (pgs. 99-112)

I have tried Sci-Hub and Anna's but no luck

(it is paywalled at https://www.sciencedirect.com/science/article/abs/pii/0167404882900037 for $30 which seems criminal)

The World Is Not A Desktop - Mark Weiser

https://dl.acm.org/doi/10.1145/174800.174801

make a programming language and then make a game in it.

https://itch.io/jam/langjamgamejam

https://langjamgamejam.com/
#langjam #gamejam #langjamgamejam

absolutely losing it. My mom received a spam call that got picked up by Google call screening on her phone, and it ended up responding with one of the more unhinged Asterisk voice recordings before hanging up LMAO

Analyzing CVE-2025-2296 [Un-verified #kernel bypass #SecureBoot mechanism in direct boot mode]

https://www.kraxel.org/blog/2025/12/analyzing-cve-2025-2296/

Gerd Hoffmann aka kraxel writes: ""[…] So, if secure boot is enabled attempts to boot via 'EFI stub' will fail, the firmware rejects the binary due to the signature check failing. OVMF will fallback to the legacy 'EFI handover protocol' loader. The legacy loader does not do secure boot verification, which is the core of CVE-2025-2296. And this was essentially unfixable (in the firmware alone) because there simply is no valid secure boot signature due to the patching qemu is doing. Nevertheless there are some use cases which expect direct kernel boot with secure boot enabled to work. Catch 22. […]

Secure boot bypass sounds scary, but is it really? […] So, the actual impact is quite limited. […]""

#Linux #UEFI #QEMU

Turns out your outsourced dev team vibe-coded the encryption routine of your #ransomware.

https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/

#VolkLocker