Tschüss, X!

Justizminister-Konferenz: Ermittlungsbehörden sollen Zweitschlüssel für Autos und noch einfacheren Einsatz vom #Staatstrojaner bekommen netzpolitik.org/2024/justizmin…

Justizminister-Herbstkonferenz: Polizei soll für #Staatstrojaner einbrechen dürfen, Autohersteller sollen Zweitschlüssel rausgeben heise.de/news/Justizmin…

Plan to scan all your messages: EU #chatcontrol proposal is back on the agenda. EU Council is set to discuss today techradar.com/computing/cybe… #chatkontrolle

My stream on the PNG file format is now public. I also covered PNG tricks. youtube.com/live/Ck5_ADteP… Why does it start with 89 ? What about 0D 0A 1A 0A ? What do HDF5 and PNG have in common ? Do PNG always start with IHDR chunks ? What's a CgBI PNG ? How can you embed a payload?

Once again, we, together with various other companies, call on the European Commission to take swift action and enforce the Digital Markets Act: threema.ch/bp/open-letter…

The Debian Publicity Team will no longer post on X/Twitter. We took this decision since we feel X doesn't reflect Debian shared values as stated in our social contract, code of conduct and diversity statement. X evolved into a place where people we care about don't feel safe.

Very fine work in this 38C3 talk by Adam Batori and Robert Pafford, getting code execution on the RF coprocessors of a TI SimpleLink chip, then leveraging that access to receive narrow-band *analog* FM audio! media.ccc.de/v/38c3-beyond-…

Hi Vorwerk Gruppe thermomix #rezeptewelt_de Ich würde ja gerne mein Passwort nach dem #Datenleck ändern - kann dies aber nicht, da ich als Anwender dank eurem Popup in einer Endlosschleife hängen bleibe (aktueller FF unter Android 13):

Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to offensivecon and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at zerodayinitiative.com/blog/2025/2/24…

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…

Aaaand the cats out of the bag ☺️ I'll be teaching a 4 day reverse engineering training at Recon this year, focused on Linux malware and all that ELFs got to give!

Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches. We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework. github.com/seemoo-lab/int…

Look Mom, smalidea (github.com/JesusFreke/sma…) has new features: 1. Call-Hierarchy

We are delighted to collaborate with Blackhoodie in this year’s edition of Offensivecon!

Our crew members Markus Wulftange & frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following SinSinology & Piotr Bazydło's blog. Don’t blacklist, replace BinaryFormatter.

Remember Aaron's talk on iPhone Mirroring at #38c3? He just published a blog post about his findings in threat modelling and researching the security of this new feature, including more details he's only able to talk about now. aaronschlitt.de/threat-modelli…

"Polyglot files are unnatural and never existed in the wild", they say. Aperture cards are punched cards with a microfiche, indexing 'analogue' images with punched cards data on the same medium. A standard polyglot document IRL defined in the 1960s.

We've been seeing some questions about how our Early Access program works! Here's the quick: When you pre-order an EARLY ACCESS book you get chapters delivered to your account as we finish them. New EA files keep dropping until the book's done. It's like peeking behind the

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-de…