A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Learn how AI is transforming vulnerability research and exploit development.
AI driven exploits? What is next - ICE on eBay?
Scary (or Awesome) depending on your view.
29 Undocumented commands found in ESP-32 microcontrollers CVE-2025-27840
cross-posted from: https://lemmy.world/post/26598539
cross-posted from: https://programming.dev/post/26664400
Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.
Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.
In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.
Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake. The issue is now tracked under CVE-2025-27840.
"it's just for testing"
The UK’s demands are simultaneously infuriatingly offensive, mathematically ignorant (regarding the nature of end-to-end encryption), dangerous (as proven by the recent Salt Typhoon attack China successfully waged to eavesdrop on non-E2EE communications in the United States), and laughably naive reg...
Nobody seems to notice... nobody seems to care..
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at GMO Flatt Security Inc. In October 2024, I was hunting bugs for the GitHub Bug Bounty program. After investigating GitHub Enterprise Server for a while, I felt bored and decided to try to find bugs on GitHub Desktop instead. After r...
Bypassing disk encryption on systems with automatic TPM2 unlock | oddlama's blog
oddlama's personal web page and blog
If you left alone in the office and have nothing better to do..
The CALEA system, designed in the U.S. for mass surveillance, has become a global threat. Telecom equipment with "back doors" isn't just an American issue—it's a worldwide risk. Trusting the "good guys" is naive; any end with "back doors" can be a target. Encryption is our defense, and we must be careful about what we buy. #security #technology
How to 10X Your Security (Without the Series D) Clint Gibler @clintgibler Watch on Youtube Hey everyone, thank you very much for coming and thank you to the organizers for having me. Over the past few years, I’ve spent 1000’s of hours studying how companies are scaling their security. Not the one...
Good slides on how to reduce risks
Windows infected with backdoored Linux VMs in new phishing attacks
Laughed my ass off:
"Since QEMU is a legitimate tool that is also digitally signed, Windows does not raise any alarms about it running, and security tools cannot scrutinize what malicious programs are running inside the virtual machine."
The Google-owned cybersecurity firm reported that 70% of exploited vulnerabilities in 2023 were zero days.
In analyzing 138 actively exploited vulnerabilities in 2023, Google Mandiant reported Oct. 15 that 70% of them were zero-days, indicating that threat actors are getting much better at identifying vulnerabilities in software.
It’s a worrying trend in and of itself, but what caused even more concern among security analysts was that Google Mandiant also found that the time-to-exploit (TTE) — the time it takes threat actors to exploit a flaw — was down to a mere five days in 2023 compared with 63 days in 2018-19 and 32 days in 2021-22.
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s
Over the past few decades, Iran has been quietly building its cyber capability in the shadow of great powers.
Iran’s multifaceted approach in the cyber domain allows Iran to project power and influence in the Middle East while avoiding direct conventional military confrontations with stronger adversaries. Iran uses cyber operations to complement its broader geopolitical strategies, often employing cyber espionage and sabotage to gain strategic advantages or to retaliate against sanctions and military threats. As Iran increasingly incorporates AI technologies into its cyber operations, the likelihood of more disruptive and damaging activities escalates, presenting a substantial challenge not only to regional stability but also to global security.
Maj. Gen. Qassem Soleimani’s death marked a [significant turning point in Iran’s cyber strategy](https://ctc.westpoint.edu/cyber-threat-iran-death-
Security Advisory YSA-2024-03 Infineon ECDSA Private Key Recovery Published Date: 2024-09-03Tracking IDs: YSA-2024-03CVE: In ProcessCVSS Severity: 4.9 Summary A vulnerability was discovered in Infineon’s cryptographic library, which is utilized in YubiKey 5 Series, and Security Key Series with firmw...
A vulnerability was discovered in Infineon’s cryptographic library, which is utilized in YubiKey 5 Series, and Security Key Series with firmware prior to 5.7.0 and YubiHSM 2 with firmware prior to 2.4.0. The severity of the issue in Yubico devices is moderate.
An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys. The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.
Chinese government hackers penetrate U.S. internet providers to spy
https://ghostarchive.org/archive/JS9X1 Chinese government hackers penetrate U.S. internet providers to spy Beijing’s hacking effort has “dramatically stepped up from where it used to be,” says former top U.S cybersecurity official.
This blog is reserved for more serious things, and ordinarily I wouldn’t spend time on questions like the above. But much as I’d like to spend my time writing about exciting topics, som…
A reminder
Many systems use encryption of one sort or another. However, when we talk about encryption in the context of modern private messaging services, it typically has a very specific meaning: the use of default end-to-end encryption to protect message content. When used in an industry-standard way, this feature ensures that all conversations are encrypted by default — under encryption keys that are only known to the communication participants, and not to the service provider.
Telegram clearly fails to meet this stronger definition, because it does not encrypt conversations by default. If you want to use end-to-end encryption in Telegram, you must manually activate an optional end-to-end encryption feature called “Secret Chats” for each private conversation you want to have. To reiterate, this feature is explicitly not turned on for the vast majority of conv
White House Report: U.S. Federal Agencies Brace for $7.1 Billion Post-Quantum Cryptography Migration
Federal agencies must start migrating to post-quantum cryptography (PQC) now due to the “record-now, decrypt-later” threat, which anticipates quantum computers decrypting captured data in the future.
Sometimes obvious things are obvious only looking back
