I finally managed to write something about my recently deceased dear friend Felix 'Fx' Lindner.

https://phenoelit.de/fx.html#Halvar

Abstract verbalizations about personal liberty, freedom of the press, and so on, will not be convincing in most parts of the world.

AIs have been finding bugs and vulnerabilities in #curl for some time.

Is it work to fix those? Yes.

Has someone paid for this? Partially (wolfSSL and @sovtechfund)

Are the AIs annoying? Yes, very.

Could humans find the same bugs? Yes, if they‘d somehow avoid being bored to death through it.

Was there something „heartbleed“ like? No.

Were there lots of C mistakes? No, logic bugs mostly.

Do AIs run out of steam? Yes. After a while a model stops finding things. Findings differ per model.

It’s International Haiku Day apparently and so for today’s poetry offering, here are a few assorted haiku.

I've been uploading #hacking magazines from #China, some of which have been removed for reasons I don't understand, to Internet Archive. This is a decent scan of an issue of Hacker Defence (or Hacker Defence Line?) from I think the early to mid 00s.
#hacker #history
https://archive.org/details/hacker_defence_unknown

Micropatches released for Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2026-20817)
https://blog.0patch.com/2026/04/micropatches-released-for-windows-error.html

The cat's out of the bag! My latest book, "The Secret Life of Circuits", is available in early access:

https://lcamtuf.coredump.cx/blog/secret/

It's the reference I wish I had when I was starting out. Electrons to embedded systems, 290+ color illustrations and 420+ pages of well-explained theory.

New Post: Debugging - WinDBG(X) Automation & Scripting - Part 1 https://www.corelan.be/index.php/2026/04/17/debugging-windbgx-automation-scripting-part-1/

RE: https://infosec.exchange/@attackanddefense/116418875523198922

Q1 2026 was a very strong quarter for Firefox Security & Privacy.

some highlights:
- We expanded AI-assisted vulnerability discovery through our collaboration with Anthropic, helping identify and fix a high number of real security issues.
- We shipped the Sanitizer API in Firefox 148, making Firefox the first browser to support this stronger defense against XSS.

More in the newsletter linked below :)

RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749

Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.

From the same author as BlueHammer we now have RedSun.

This works ~100% reliably to go from unprivileged user to SYSTEM against Windows 11 and Windows Server 2019+ with April 2026 updates, as well as Windows 10, as long as you have Windows Defender enabled. Any system that has cldapi.dll should be affected.

Join us tomorrow, April 17th @ 4pm ET, for some live pwn! We'll be using Binary Ninja's shell coding compiler, patching binaries to make them easier to debug, analyzing data moving from globals to the stack to the heap, and finishing by popping shells live with pwntools: https://youtube.com/live/VcK4SoeYZiU

RE: https://hachyderm.io/@Mara/115373191721487331

Half a year later, I'm *very* excited to report that we got initial funding and have hired our first Rust maintainers!

RustNL's Rust Maintainers Team now has two full time maintainers, one intern, and five part-time maintainers, now stably employed to continue their invaluable maintenance work that is crucial for Rust’s long-term sustainability.

https://rustnl.org/maintainers/

Apparently we reached the state of #Thoughtcrime punishment, it's called #precrime and on virustotal. Microsoft and Sophos just "blocked" (aka content filter says it's porn... whuat?) a friend's website because the #AI was suspicious of his AI website probably because on #Virustotal PreCrime is flagging it as will-be-malicious-in-the-future.

I want my Internet back.

Average number of hours between #curl security reports

Material for a pending presentation