Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period.5d ago

Pluralistic: The cost of doing business (25 Mar 2026)

https://fed.brid.gy/r/https://pluralistic.net/2026/03/25/fact-intensive/

Pluralistic: The cost of doing business (25 Mar 2026) – Pluralistic: Daily links from Cory Doctorow

kriware 5d ago

RIP RegPwn Windows Privilege Escalation

Researchers detail the end of a Windows LPE exploit abusing registry flaws that allowed low-privilege users to gain SYSTEM access.

https://www.mdsec.co.uk/2026/03/rip-regpwn/

#Windows #LPE

RIP RegPwn - MDSec

13th March 2026 As part of MDSec’s R&D work, we often discover vulnerabilities and develop exploits to support our red team engagements. When researching widely used software, it is often...

MDSec
Dr. Maximilian PetrasJan 3

How to start a (truly) independent podcasting collective?

Version 21 Imagine you are a part of an open podcasting collective, divided into podcasting projects. Each project has its own niche topic (data law, IP-Law, constitutional law etc), but all projects are aligned by the same mission (e.g. enriching the discussion around Law & Political Economy). Main motivations for starting such a science based podcasting network are personalizing your abstract ideas, building a (political) movement, inspiration in times of right-wing backlash, having some […]

https://maximilianpetras.de/2026/01/03/how-to-start-a-truly-independent-podcasting-collective-for-science/

HabrDec 4

Эксплуатация уязвимости race condition CVE-2025-29824 в Windows

Привет, Хабр! На связи Марат Гаянов, я занимаюсь исследованием безопасности. В сфере моих профессиональных интересов эксплуатация уязвимостей, реверс-инжиниринг и фаззинг. В этой статье я хочу рассказать об одном баге, точнее, о его эксплуатации. Эксплуатация уязвимости типа use after free в ядре Windows и без того непростая задача, но когда к этому добавляется состояние гонки (race condition), сложность возрастает на порядок. CVE-2025-29824 — наглядное тому подтверждение, однако, как будет продемонстрировано ниже, создание рабочего эксплойта для нее — достижимая цель.

https://habr.com/ru/companies/pt/articles/970862/

#windows #lpe #exploit #c++ #уязвимости_и_их_эксплуатация

Эксплуатация уязвимости race condition CVE-2025-29824 в Windows

Привет, Хабр! На связи Марат Гаянов, я занимаюсь исследованием безопасности. В сфере моих профессиональных интересов эксплуатация уязвимостей, реверс-инжиниринг и фаззинг. В этой статье я хочу...

Хабр
danNov 27

RomHack 2025 - Leon Jacobs - 7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built

#romhack #LPE #RCE #ReverseEngineering #RPC

https://www.youtube.com/watch?v=_39UbCePFfw

RomHack 2025 - Leon Jacobs - 7 Vulns in 7 Days: Breaking Bloatware Faster Than It’s Built

YouTube
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period.Nov 13

Pluralistic: For-profit healthcare is the problem, not (just) private equity (13 Nov 2025)

https://fed.brid.gy/r/https://pluralistic.net/2025/11/13/patients-not-customers/

Pluralistic: For-profit healthcare is the problem, not (just) private equity (13 Nov 2025) – Pluralistic: Daily links from Cory Doctorow

NeuroWinterOct 13
New post: Advantech printer driver heap bug, likely LPE. Details + repro: https://neurowinter.com/security/2025/10/09/Multiple-Expliots-in-Advantech-Printer-Driver/ #infosec #Windows #LPE #PrinterDriver #Advantech #ReverseEngineering #WinDbg #Ghidra #CWE190 #VulnerabilityResearch #Security
Advantech printer driver: heap corruption via Monochrome blit function (DrvRender_x64_ADVANTECH.dll)

Heap corruption in the Advantech TP-3250 printer driver due to 32-bit size arithmetic and unvalidated geometry in a CopyBits-style routine; reliable crash and likely local Privilege Escalation.

Alex Manson
sekurak NewsOct 3

Podniesienie uprawnień w VMware – grupa UNC5174 powiązana z Chinami wykorzystuje lukę CVE-2025-41244

29 września 2025 r. Broadcom poinformował o luce bezpieczeństwa CVE-2025-41244 w oprogramowaniu VMware Tools i VMware Aria, umożliwiającej lokalną eskalację uprawnień. Zgodnie z opinią badaczy z NVISO, luka była aktywnie wykorzystywana jako zero-day od co najmniej października 2024 roku. Za atakami stała grupa UNC5174 utożsamiana przez analityków z chińskim aparatem...

#WBiegu #Chiny #Lpe #Unc5174 #Vmware #VmwareTools

https://sekurak.pl/podniesienie-uprawnien-w-vmware-grupa-unc5174-powiazana-z-chinami-wykorzystuje-luke-cve-2025-41244/

Podniesienie uprawnień w VMware - grupa UNC5174 powiązana z Chinami wykorzystuje lukę CVE-2025-41244

29 września 2025 r. Broadcom poinformował o luce bezpieczeństwa CVE-2025-41244 w oprogramowaniu VMware Tools i VMware Aria, umożliwiającej lokalną eskalację uprawnień. Zgodnie z opinią badaczy z NVISO, luka była aktywnie wykorzystywana jako zero-day od co najmniej października 2024 roku. Za atakami stała grupa UNC5174 utożsamiana przez analityków z chińskim aparatem...

Sekurak
raptor Aug 6, 2025

Still catching up with older writeups… Loved this one by @qualys

CVE-2025-6018: #LPE from unprivileged to allow_active in *SUSE 15's #PAM
CVE-2025-6019: #LPE from allow_active to root in #libblockdev via #udisks

https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

kriware Aug 2, 2025

RAITrigger – Local SYSTEM Authentication Trigger for Relaying

A low‑privileged domain user can call the RPC function RAiForceElevationPromptForCOM in appinfo.dll to trigger SYSTEM‑level authentication to an arbitrary UNC path, enabling NTLM relay or ADCS attacks in domain environments.

https://github.com/rtecCyberSec/RAITrigger/

#LPE #RelayAttack

GitHub - rtecCyberSec/RAITrigger: Local SYSTEM auth trigger for relaying

Local SYSTEM auth trigger for relaying. Contribute to rtecCyberSec/RAITrigger development by creating an account on GitHub.

GitHub