Blasting Past WebP - An analysis of the NSO BLASTPASS iMessage exploit

https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html

#HackerNews #Blasting #Past #WebP #An #analysis #of #the #NSO #BLASTPASS #iMessage #exploit #hackernews #security #exploit #analysis #NSO

When Marnus casually picked up a 5-fer in the @[email protected] 🤯

Only ONE day to go for #Blast25 general sale! 🎟️

You can also get your season #BlastPass 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

We agree, Doully. High-quality shot from a high-quality player. 👊

3️⃣ days to go for the #Blast25 General Sale 🎟️

You can also get your season #BlastPass 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

What is your ALL-TIME Glamorgan @[email protected] XI?

Only 4️⃣ days to go before #Blast25 tickets are on General Sale 🎟️

You can also get your Glamorgan #BlastPass NOW 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

𝙏𝙃𝘼𝙏 Kiran Carlson innings at @[email protected] in the @[email protected] 🔥

6️⃣ days to go for the #Blast25 General Sale 🎟️

You can also get your season #BlastPass 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

Ugh! Shameful:

“India Targets Apple Over Its Phone Hacking Notifications”, The Washington Post (https://www.washingtonpost.com/world/2023/12/27/india-apple-iphone-hacking/).

On HN: https://news.ycombinator.com/item?id=38788496

#India #Media #Apple #iPhone #Security #FreeSpeech #Spyware #NSO #Pegasus #Blastpass #Adani #Corruption #WTF

Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.

#libwebp #cve20234863 #blastpass #splunk #siem

Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS

• libwebp library is vulnerable to heap overflow and can lead to RCE.
• Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
• #Google assigned #CVE20235129 for Chrome 0day and also exploited
• Millions of apps and software use this library. See list sofar in 🧵
• #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
• This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot

📱 iPhone iMessage "Zeroclick" Exploits (ie: FORCEDENTRY / BLASTPASS)

&

⚠️ UK Online Safety Bill Passes

#Apple #News #infosec #cybersecurity #privacy #Pegasus #NSOgroup #spyware #malware #iPhone #iMessage #FORCEDENTRY #BLASTPASS #UK #onlinesafetybill #UnitedKingdom #FreeSpeech #FreeExpression #tech #Peertube

https://tube.tchncs.de/w/1RABHkdTMrR3b8uFHGGq6p