👊

watchTowr labs published a good write-up on the EITW vulns in the SonicWALL SMA100 ( CVE-2024-38475 and CVE-2023-44221 ).

https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/

@storkk lol I know the feeling 😅 thank you for your kind feedback!

Intel's 386 processor (1985) moved the x86 architecture to 32 bits, but it needed to be backward compatible with earlier 16 and 8-bit processors. As a result, it needed complicated circuitry for its internal registers: six different circuits for 30 registers. Let's look at the silicon circuits. 1/N

my colleague @DarkaMaul has put out a new post on the @trailofbits blog on how we worked with @pypi's maintainers to slash PyPI test run times from ~160s to ~30s despite overall test counts growing by 17% (3900 to 4700+):

https://blog.trailofbits.com/2025/05/01/making-pypis-test-suite-81-faster/

this is some of my favorite kind of work: faster test suites means that developers run tests locally more often, and are less hesitant to add new tests (especially parametric ones). another great example of security and performance/reliability engineering dovetailing.

#opensource #security #python

It looks like I’ll be attending TumpiCon again! If anyone in my network is coming, let’s meet there. https://infosec.exchange/@TumpiConIT/114307340214171049

A couple of days ago, I unearthed my first #computer, an #MSX straight from the ‘80s. It was lost in some box in the basement for who knows how long. Just feeling its power switch gave me the goosebumps…

This discovery came after sharing my hacker’s origin story with Nic Fillingham and Wendy Zenone in a new episode of Microsoft’s #BlueHat #Podcast.

https://thecyberwire.com/podcasts/the-bluehat-podcast/52/notes

Join us while we chat about my first-ever #CVE, overlooked #vulnerabilities that continue to pose significant risks today, #ActiveDirectory and #password security, my unexpected journey into #bugbounty hunting and my involvement in the #ZeroDayQuest, how to learn new things, mentorship and positive leadership, and of course pineapple pizza 🍍🍕

30 April 1945 | As Soviet forces neared his command bunker in Berlin Adolf Hitler shot himself.

Hitler's Thousand Year Reich lasted twelve years, four months & eight days.

We need to commemorate all the victims & remember where ideologies of hatred may lead humanity to.

#Mozilla: Multiple Vulnerabilities in Mozilla Products (Firefox, Firefox Updater, Thunderbird) Could Allow for Arbitrary Code Execution:
CVE-2025-2817, CVE-2025-4082, CVE-2025-4083:
👇
https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/

TIL a programming bug caused Mazda infotainment systems to brick whenever someone tried to play the podcast, 99% Invisible, because the software recognized "% I" as an instruction and not a string

https://99percentinvisible.org/episode/the-roman-mars-mazda-virus/
#til #todayilearned
https://www.reddit.com/r/todayilearned/comments/1kb9pb8/til_a_programming_bug_caused_mazda_infotainment/

@todayilearned @buherator a format string bug perhaps?

Happy #Walpurgisnacht to all who celebrate!

@joern

Good news on mobile zero-days in 2024:
- Zero day exploits in mobile fell YoY (~50%)
- Exploit chains with multiple zero day vulnerabilities are almost exclusively in mobile. Generally, this means mobiles are harder to break in.

The flip side:
- % of zero days in enterprise technologies (i.e not end-user facing) is increasing (37% ->44%)
- Much of that is due to zero days in *security* and networking products.
- Security and networking products are generally compromised with a single vulnerability, no exploit chain required. This is scary given the outsized impact of compromising these products.
- Actors conducting cyber espionage still lead the attributions

Google Threat Intelligence Group released their analysis of 2024 0-days that the group tracked:
https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends

SK Telecom Offers SIM Replacements After Major Data Breach https://tech.slashdot.org/story/25/04/29/1815202/sk-telecom-offers-sim-replacements-after-major-data-breach?utm_source=rss1.0mainlinkanon

Significant event for many, many reasons. Especially the fact Sophie Wilson spoke at it considering what is going on in the UK right now. One of the world's most widely used chips wouldn't exist without her contribution.

https://www.theregister.com/2025/04/29/arm_40/

#bbcmicro #arm

In 15 minutes Europe will hopefully launch its next climate satellite. The launch can however only be watched via YouTube since we apparently can’t do that ourselves and have to put our government info next to the antivax promo. https://www.esa.int/ESA_Multimedia/ESA_Web_TV

I wrote a book on Linux Memory Management, published by @nostarch - it's a comprehensive 1300 page exploration of Linux 6.0's memory management code, depth-first, diving into the code and REALLY explaining how things work.

The idea is to avoid hand waving as much as possible and literally explore what the kernel _actually_ does.

It's full of diagrams and careful explanations of logic including a ton of stuff you just can't find anywhere else.

It's currently available in its entirety in draft form via early access when you pre-order.

It's available at https://nostarch.com/linux-memory-manager

:)

#linux #kernel #mm