March 23, 2025
March 23, 2025
Landrun
Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel.
GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel.
Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun
“How nixOS could’ve detected the xz backdoor”
To quote the most relevant hacker news comment:
https://news.ycombinator.com/item?id=43448745 https://luj.fr/blog/how-nixos-could-have-detected-xz.htmlNote that NixOS and reproducible builds did notdetect the xz backdoor, and in fact NixOS shipped the malicious builds of xz (though they didn't do anything because the malware didn't target NixOS):
I keep telling people to stop using the hydraulic analogy but noooo pic.twitter.com/7qXSyimr6J
— lcamtuf (@lcamtuf) March 22, 2025
Authorization Bypass in Next.js Middleware - CVE-2025-29927
— zhero; (@zhero___) March 22, 2025
research paper soon! https://t.co/WyFYAxIKsc pic.twitter.com/N04JdAL7ER
Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true`. Over 300k hits in Shodan, find more at:https://t.co/ewMXHIWyzA
— HD Moore (@hdmoore) March 23, 2025
the research paper is out:
— zhero; (@zhero___) March 22, 2025
Next.js and the corrupt middleware: the authorizing artifact
result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical)https://t.co/GZkbnr6o9H
enjoy the read! pic.twitter.com/KyfY8a3suR
Link:
Next.js and the corrupt middleware: the authorizing artifact - zhero_web_security
CVE-2025-29927
lolol
FYI russians have already shot down the first F-47 in Sumy region
— Karina Vinnikova (@KarinaVinnikova) March 21, 2025
What's next? F-69?
Their military genius is undeniable pic.twitter.com/I8ud0G6c2U
#SpyNews - week 12 (March 16-22):
— Spy Collection (@SpyCollection1) March 23, 2025
A summary of 68 espionage-related stories from week 12 coming from 🇮🇳🇵🇰🇬🇧🇦🇫🇮🇷🇰🇷🇺🇸🇸🇾🇺🇦🇷🇺🇯🇵🇧🇾🇹🇼🇨🇳🇽🇰🇷🇸🇩🇿🇫🇷🇹🇷🇮🇱🇨🇺🇱🇹🇵🇱🇩🇰🇭🇺🇩🇪🇱🇾🇲🇱🇹🇩🇷🇴🇨🇦🇮🇹🇿🇦🇳🇱🇻🇳🇵🇭🇰🇭🇦🇿🇦🇲🇨🇱🇲🇽 https://t.co/77HSyX9OIX#OSINT #HUMINT #SIGINT #espionage #spy
Found Writing a Tiny x86 Bootloader! This gorgeous little site teaches you how to build a bootloader in Assembly! You will learn a lot of low-level system design, OS stuff, and Assembly going through this! Have fun! pic.twitter.com/LiqGaoaXop
— Roy Carrilho (@RuiCarrilho5) March 21, 2025
Link:
https://www.joe-bergeron.com/posts/Writing%20a%20Tiny%20x86%20Bootloader/Attending and speaking at the inaugural edition of @REverseConf was fantastic. Great crowd, great organization by @vector35 folks, great discussions and great vibes! Slides of my talk on firmware analysis is available here: https://t.co/IpKA6fDQd1 pic.twitter.com/7MSj4wa6tE
— Robin David (@RobinDavid1) March 22, 2025
https://afine.com/history-of-null-pointer-dereferences-on-macos/
Typhoons in Cyberspace
A good read.

Typhoons in Cyberspace | Royal United Services Institute
The transformation of China’s digital attack capabilities is the most important change in the cyber threat to the West in more than a decade, writes Ciaran Martin.
Awesome!
— haroon meer (@haroonmeer) March 23, 2025
I so wish this is true.. pic.twitter.com/SL4k2OBvYs
Claude reversing a binary using Binary Ninja via MCP while I get a snack@bl4sty@ziyadedher@vector35 https://t.co/tQU8CVpPCH pic.twitter.com/6KV9htSUnD
— itszn (@itszn13) March 21, 2025