#PoC for CVE-2025-65945 (Improper Verification of Cryptographic Signature in node-jws)

https://github.com/jedisct1/CVE-2025-65945-poc

This is not working. The number of #hackerone report submissions for #curl in 2025 is going through the roof, while the quality is going through the floor.

And the year isn't over yet.

All of the recent paintings from my Jazz Rats series https://wagtails.art/jazz-rats-part-two/

Interesting links of the week:

Strategy:

* https://assets.publishing.service.gov.uk/media/69411a3eadb5707d9f33d7e8/E03512978_-_Un-Act_The_National_Security_Act_in_2024_Accessible.pdf - the UK tries to define what a state threat is (and includes everyone from professional spies to someone who may not even know they pose a risk)

Standards:

* https://csrc.nist.gov/pubs/sp/800/82/r3/final - courtesy of @Secure_ICS_OT

Threats:

* https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025 - MSFT's take on the landscape

Detection:

* https://ip.thc.org/ - @thc don't do things by half... here's a very large IP/DNS database
* https://www.fortinet.com/blog/threat-research/uncovering-hidden-forensic-evidence-in-windows-mystery-of-autologger - Fortinet look at alternate DFIR sources for Windows
* https://troopers.de/downloads/troopers19/TROOPERS19_DM_Threat_Modelling_Cisco_ACI.pdf - surprisingly, I have my own take on ACI, but here's one from @ERNW

Bugs:

* https://kqx.io/post/qemu-nday/ - popping Qemu like it was 13 years ago
* https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc - FreeBSD AV:A oopsie
* https://projectzero.google/2025/12/android-itw-dng.html - GOOG discuss a nasty image

Exploitation:

* https://hackers-arise.com/sdr-signals-intelligence-for-hackers-building-a-low-cost-private-4g-lte-network/ - ever wanted your own 4G LTE playground?
* https://podalirius.net/en/mainframe/as400-forensics-retrieving-your-licence-keys-from-disk-images/ - getting the keys to the museum
* https://caido.io/ - another alternative to Burp, with a focus on multi-stage attacks
* https://arxiv.org/pdf/2512.09882 - AI vs flesh face off

Hard hacks:

* https://blog.quarkslab.com/modern-tale-blinkenlights.html - @quarkslab pays €12 for a good time

Hardening:

* https://ariadne.space/2025/12/12/rethinking-sudo-with-object-capabilities.html - @ariadne discusses their sudo alternative
* https://lpc.events/event/19/contributions/2159/attachments/1833/3929/BpfJailer%20LPC%202025.pdf - building jails with eBPF
* https://pages.nist.gov/OSCAL/ - an as-code approach to standardised standards

#security, #research

"Bavarian pensioner lays trap to catch phone fraudster who was out for his gold":

https://www.theguardian.com/world/2025/dec/18/german-pensioner-lays-trap-catch-fraudsters-after-gold

Any of the @offsec folks on here?

This is my experience with LLMs. To paraphrase @apps3c “sometimes you just need to ask nicely”

https://hnsecurity.it/blog/attacking-genai-applications-and-llms-sometimes-all-it-takes-is-to-ask-nicely/
https://mastodon.cloud/@slashdot/115742100395423331

It's done. I can't believe it's finally done. I've been working on this in mostly secret for so long, and I'm so excited to share it with y'all!

https://taggart-tech.com/ringspace/

https://ringspace.net

We wrote a little bit on FortiCloud SSO login bypass CVE-2025-59718 (and 59719). Both the known PoCs for the former are fake / invalid. There does appear to be real exploitation evidence, but detections based on fake PoCs ain't it (and it seems like that's where a lot of chatter is coming from)

https://www.vulncheck.com/blog/forticloud-sso-login-bypass

Update on the iOS emulator 🔥

We’ve been deep into acceleration work lately, and the performance is already very promising for an emulated iOS18.

Still cooking, but we’re getting close to sharing it with you. And more is coming with iOS26...

#ios #emulation #devsecops

The Amphora of Great Intelligence (AGI)

#webcomic #krita #miniFantasyTheater

ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities https://www.elttam.com/blog/leaking-more-than-you-joined-for/

r2renef - Renef IO Plugin for Radare2 released!

Github: https://github.com/ahmeth4n/r2renef

I built a small radare2 IO plugin to combine radare2’s powerful binary analysis features with Renef’s Android runtime instrumentation.

This allows you to use static analysis (disasm, analysis) together with runtime capabilities like hooking, memory and module operations in a single workflow, without constant context switching.

The project is still early, but already useful in daily Android reverse-engineering tasks.

Feedback and contributions are always welcome, especially from those working with radare2, Android, or low-level instrumentation👌

🚀 Big News! Docker Hardened Images are now free! We’re partnering with @Docker to bundle Socket Firewall into supported images, adding supply chain protection during dependency installs and builds.

Details → https://socket.dev/blog/socket-firewall-now-available-in-docker-hardened-images