June 27, 2025
June 27, 2025
I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial servers, and KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at:https://t.co/aiRRT8k54a pic.twitter.com/g2H8U8L8yX
— HD Moore (@hdmoore) June 26, 2025
The new executive director of U.S. Cyber Command — the No. 3 position at the digital warfighting organization — is NSA veteran Patrick Ware https://t.co/uMUhp8C73X
— The Record From Recorded Future News (@TheRecord_Media) June 26, 2025
A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it!https://t.co/Q9Nra9n6N0
— Pumpkin 🎃 (@u1f383) June 26, 2025
You have shiny new 0days and then you have… this pic.twitter.com/JTdpP4zHhz
— Lindsey O'Donnell Welch (@LindseyOD123) June 26, 2025
A while back, we held a public discussion on the lethal outcomes of cyber, lessons from the Ukraine war, and issues in building integrated military options for future wars.
— Cyber Statecraft (@CyberStatecraft) June 26, 2025
You can find the recording here: https://t.co/gqaxE1epeP
NEW: ICE is using a facial recognition smartphone app that pulls faces from CBP's database of people who cross the border:https://t.co/G6tbELzliz
— Jason Koebler (@jason_koebler) June 26, 2025
Windows: "Look at me, I'm the EDR now"?😅https://t.co/ksoTcZXV9W
— Haifei Li (@HaifeiLi) June 26, 2025
Here you can see where the person who backported a vuln to 5 LTS kernels by blindly trusting AI then used AI to review the commit to determine whether it should get a CVE published by ChatCVE or not: https://t.co/CZN8AzfkX8
— Brad Spengler (@spendergrsec) June 26, 2025
Just to clarify, in this instance the AI didn't create the change (like the author did in another) - the change was a backport of a human-authored, correct change to the latest upstream kernel. The backport was selected by the new AI-powered AUTOSEL and applied clean to 6 kernels
— Brad Spengler (@spendergrsec) June 26, 2025
In 5 of those 6, it became a vulnerability because the change verbatim would fail to account for configuration name changes/bikeshedding for CPU mitigations that occurred some months ago. So the AI's CVE review (which really was about whether it fixed some vulnerability)..
— Brad Spengler (@spendergrsec) June 26, 2025
Stack buffer overflow in the HTTP login handler without any exploit mitigations.... It truly is always 1994 *somewhere*. https://t.co/kRRhAnPQgO
— Dino A. Dai Zovi (@dinodaizovi) June 27, 2025