Posts
2526
Following
646
Followers
1460
"I'm interested in all kinds of astronomy."
[RSS] Assembly Code Editor

https://deepcodestudio.pages.dev/
0
1
2
[RSS] opasm: an Assembly REPL

https://github.com/aedrax/opasm
0
0
3
"IBM Software Download Tips: Three Easy Steps to Make Download Director Work Again"

https://www.ibm.com/support/pages/node/7181432

Free #ProTip for IBM: no one should ever have to use Download Director. Web servers should just not randomly drop connections.
0
0
0
repeated
repeated

Are you fucking kidding me Cisco? Again?

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

sev:CRIT 10.0 🥳

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.

https://nvd.nist.gov/vuln/detail/CVE-2025-20309

8
8
0
repeated

V8 Security is hiring in Munich, Germany: https://www.google.com/about/careers/applications/jobs/results/96463411851731654-software-engineer-iii-v8-security

Great opportunity to work on some really hard and interesting problems in the security space!

0
7
0
repeated

Microsoft lays off another **9000** game industry employees.

If accurate, would bring the number of game industry layoffs in the last four years to over 45,000.

This is not a large industry.

https://aftermath.site/xbox-layoffs-july

0
4
0
2 posts I saw today:
- MS spends $80B on AI datacenters, even putting their bottom line at risk
- MS lays off thousands

I so wait for the moment when reality kicks in...
0
0
7
repeated
repeated

Can't help but notice that all the CTI vendors that were waving their arms like carwash inflatables about increased activity from Iran have little to say about the lack of increased activity from Iran, which was the reasonable expectation from the jump.

3
3
0
repeated
repeated

Had a coworker tell me "Don't let infosec get in the way of hacking" which feels like an intense bit of wisdom underneath it all.

1
9
0
repeated

users are unaffected by CVE-2025-32463 (sudo chroot option privesc) when a feature available since 2021 is enabled. Customers can view our KB article on an earlier vulnerability this year, CVE-2025-4802 for glibc, to see how exploitation is prevented in the same way.

0
4
0
repeated
[oss-security] Xen Security Advisory 470 v2 (CVE-2025-27465) - x86: Incorrect
stubs exception handling for flags recovery

https://www.openwall.com/lists/oss-security/2025/07/01/1

(Potential impact is hypervisor DoS)
0
1
2
repeated

Chrome patched a sev:HIGH CVE with an ITW exploit.

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

1
3
0
repeated
Edited yesterday

Unveiled at - Hexagon fuzzing unlocked

Hexagon is the architecture in Qualcomm basebands - they power most of the world's leading smartphones.

Until now, this baseband was out of reach.

We released the first open-source toolchain for system-mode Hexagon fuzzing, presented by Luca Glockow (@luglo), Rachna Shriwas, and Bruno Produit (@bruno) at @WEareTROOPERS

Full post: https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands

How we opened up mobile firmware in 3 steps:
1. Boot real iPhone basebands with a custom QEMU fork
2. Rust-powered fuzzer controls execution via JSON configs
3. Ghidra integration maps coverage across threads

This brings full visibility to Qualcomm’s 4G/5G/GPS stacks.

Reproducible. Extendable. Open source.

Hexagon’s no longer off-limits - mobile security just got a lot more transparent.


🔗 Try it yourself: https://github.com/srlabs/hexagon_fuzz
📚 Docs: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/reverse_engineering.md
🖥️ Slides from Troopers25: https://github.com/srlabs/hexagon_fuzz/blob/main/docs/talk/hexagon_fuzz_troopers2025.pdf
🛠️ Issues, ideas, or contributions? PRs welcome.

1
8
0
repeated

💻 Have you read our recent publications?

ISPConfig Authenticated Remote Code Execution:
https://ssd-disclosure.com/ssd-advisory-ispconfig-authenticated-remote-code-execution/

Kerio Control Authentication Bypass and RCE:
https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce/

0
2
0
Show older