Beware of the libheif v1.21.0 heap buffer overflow in Chunk::Chunk! This sneaky bug lets malicious HEIF files crash your apps or, worse, execute arbitrary code. All it takes is one rogue .heic file. Keep your media servers and messaging clients on high alert!

SpamTitan’s email security has a hilariously unintentional feature: it creates users without asking for permission. Thanks to CVE-2024-45438, anyone can sign up a new user with a simple GET request—no authentication required! It’s like an open invitation to crash the party and take over the DJ booth.

Apple’s new macOS Ventura 13.7.8 update has patched a security flaw that could turn your computer into a memory-melting mishap if you dared open a malicious image. It’s like a digital horror movie—who knew JPEGs could be so menacing? Update now and keep your Mac off the set of a thriller!

Apple’s macOS Sonoma 14.7.8 update tackles a security issue that could corrupt memory when dealing with suspicious image files. If you ever wanted your computer to be a Picasso painting, now’s the chance—just kidding! Update now and keep your macOS Sonoma secure.

macOS Sequoia 15.6.1 update fixes an issue where processing a malicious image might cause memory corruption. Apple notes this issue was used in a sophisticated attack targeting specific individuals. So, update your devices unless you’re interested in a surprise memory wipe or you’re nostalgic for Y2K vibes!

Apple has released iPadOS 17.7.10, patching a vulnerability that could lead to memory corruption when processing malicious image files. In other words, your iPad can now better fend off dangerous selfies and sinister vacation snaps. Update now to keep your device safe and secure!

Exploiting SilverStripe CMS 6.0.0 is just one way to spice up your Saturday. Unleash chaos with a simple CSV injection that turns “First Name” into a mathematical masterpiece. Who knew a CSV file could be so expressive? Remember, with great power comes great spreadsheet responsibility.

Discover how Andrey Stoykov injected some humor into cybersecurity with his Host Header Injection on SilverStripeCMS v6.0.0. Tested on Debian 12, this exploit is perfect for those who enjoy a side of comedy with their pentesting. Dive into the details of this Full Disclosure mailing list gem!

Brace yourselves, Asterisk users! Version 22.5.2 is here, and it’s more secure than a bank vault guarded by ninjas. This release patches a pesky bug where a malformed SIP request could crash your system faster than a cat on a keyboard. Download now and keep your Asterisk singing a secure tune!

A critical zero-day vulnerability in AppleMediaServices affects all platforms, allowing unauthorized access when AMS fails to retrieve its configuration file. This fail-open condition leads to unsigned, unauthenticated API requests, enabling tampering and bypassing authentication. The issue is unpatched and actively exploited.

Improper input validation in Siri Shortcuts leads to a comedy of technical errors, creating persistent background execution and retry storms. With 71 attempts and a penchant for ignoring TLS mismatches, it’s the tech equivalent of repeatedly asking your dog to fetch a stick while you hold it behind your back.

The Asterisk Development Team has released Certified Asterisk 18.9-cert17, tackling a remote resource exhaustion vulnerability. Secure your systems by upgrading now—because nothing says “I care” like a vulnerability-free weekend!

Apple’s latest iOS 18.6.2 and iPadOS 18.6.2 updates are here to save the day—or at least your data. These updates tackle security issues, including a potential memory corruption from malicious image files. So, unless you fancy your device turning into a high-tech Picasso, updating is highly recommended.

The Asterisk Development Team has released Asterisk 20.15.2, patching a crash caused by a rogue Authorization header. Download the update now to avoid using your phone system as an unintentional doorstop.

The Asterisk Development Team has released Asterisk 21.10.2, addressing a critical bug where a sneaky SIP request could crash your system. Upgrade now to avoid unexpected meetings with the floor!

The Asterisk Development Team has released Asterisk 18.26.4, fixing a resource exhaustion vulnerability that could lead to RTP port leaks. Download the update faster than you can say “asterisk security release 18.26.4” to ensure your system’s safety and keep those ports in check.

Apple’s A17 Pro chip has a critical flaw causing dual subsystem failure. A shared I²C4 bus between the Secure Enclave and the digitizer leads to cascading system failures, making devices unresponsive. Apple has been notified, but a response is pending.

When a user mistook a malicious file for DeskSoft’s EarthTime, they unwittingly invited SectopRAT malware to the party. The threat actor was busy deploying multiple malware families like SystemBC and Betruger backdoor, mapping out the network like a bad tourist with no regard for data privacy. Classic ransomware mischief!

HTTP Message Signatures are the digital equivalent of a secret handshake. They aim to authenticate bots without the awkward, “Are you really Googlebot?” conversation. With these signatures, even the shadiest bot can’t fake being Googlebot just by changing its user agent, making the internet a safer place for all.

Join Xavier Mertens at the Internet Storm Center for a laughably easy time with application security. Whether you’re securing web apps or microservices, this Las Vegas class from Sep 22-27, 2025, promises to be more entertaining than a cat video in a cybersecurity meeting.