did you know? the google forms share icon has a stray pixel in its corner

why? because the icon spritesheet has a massive black triangle overlapping the icons

what is that triangle? it's a giant out-of-bounds hat!

New Project Zero issue:

Windows: OSK Shared Session Key EoP

https://project-zero.issues.chromium.org/issues/466303419

CVE-2026-24291

New Project Zero issue:

Windows: ATBroker CopySettingsToLockedDesktop Information Disclosure

https://project-zero.issues.chromium.org/issues/466301558

CVE-2026-25186

New Project Zero issue:

Windows: WinLogon WlAccessabilitypDeleteSATKey Registry Deletion EoP

https://project-zero.issues.chromium.org/issues/466300525

CVE-2026-25187

Lessons learned from the Artemis 2 mission:

1. some genius thought sending Outlook to space was a good idea,
2. some other genius thought that Bluetooth in space was a good idea,
3. plumbers are in demand, even in space.

​

[RSS] Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

https://www.ibm.com/support/pages/node/7268448?myns=swgother&mynp=OCSSTS2D&mynp=OCSWG60&mynp=OCSSKWKM&mynp=OCSSB23CE&mynp=OCSS9QQS&mynp=OCSSC5L9&mync=A&cm_sp=swgother-_-OCSSTS2D-OCSWG60-OCSSKWKM-OCSSB23CE-OCSS9QQS-OCSSC5L9-_-A

That hard-coded key shouldn%27t be hard to find...

[RSS] New RCE in Control Web Panel (CVE-2025-70951)

https://fenrisk.com/rce-centos-webpanel-2

[RSS] Reverse engineering PerimeterX's new VM

https://github.com/B9ph0met/px-vm

[RSS] Segway-Ninebot Mobility App BLE protocol reversing

https://nootnooot.codeberg.page/segway-ninebot-ble

OVE-20260330-0003: Linux: KVM shadow EPT stale rmap use-after-free https://www.openwall.com/lists/oss-security/2026/03/30/5
Found through fuzzing, exploitable from any x86 guest with nested virtualization enabled or using shadow paging. Guest-to-host DoS and kernel heap corruption, potentially aiding VM escape.

[RSS] VMware Guest To Host

https://r0keb.github.io/posts/VMware-Guest-To-Host/

It's no secret that I've been struggling, and my therapist said I need to find things to keep me busy, so I created the @cdnspace Artemis II dashboard.

I reverse-engineered the Unity Engine powering the NASA AROW visualization and found an absolute treasure trove of data to display.

Little did I expect that it's now being seen by anywhere from 200 to 600 people at any given time with 130,000 people having looked at it in the last 24 hours. People are even building projects around my API.

Yesterday, I received a message on LinkedIn from someone working in Mission Control in Houston... and they're using my dashboard! He even sent me a photo, but I can't share it until after the crew has splashed down.

Mind blown, and an absolute pick-me-up. The best part? It's being served from my basement.

https://artemis.cdnspace.ca/

#artemis #artemis2 #artemisII #nasa #csa

German digital ID will require an Apple/Google Account

Rooted/jailbroken phone? Custom ROM? Latest updates not applied? Authentication denied, Mutterficker!

Apple & Google become gatekeepers. "Your" device will be constantly monitored - for "compliance". "And you will be happy".

https://bmi.usercontent.opencode.de/eudi-wallet/wallet-development-documentation-public/latest/architecture-concept/06-mobile-devices/02-mdvm/

#DigitalID #IDVerification #Google #Apple #Android #iOS #technology #privacy #surveillance #enshittification #dystopia #BigTech #Germany #EU

[RSS] A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root

https://androidoffsec.withgoogle.com/posts/a-technical-deep-dive-into-cve-2024-23380-exploiting-gpu-memory-corruption-to-android-root/

[RSS] A quick look at __pledge_open

https://dustri.org/b/a-quick-look-at-__pledge_open2.html

Hello fedi!

I have an .MVAX #firmware #update file for an MV Silicon chip (unknown model).

Has someone already encountered those? And if yes, is there some documentation, tooling or existing #ReverseEngineering work done of that format?

For the record, the file magic (first 8 bytes) is as follow:
4D 56 B5 58 05 01 13 00

And the end of the file contains the following (no spaces, wrapping is mine):

MVSKeyFileMVBP10<0x90>0xBE>SIMPLEs
<0xD3><0x9A>.<0x90><0xD9>
MVSILICONKEYFL<0x00><0x00>
<0xFF><0xBD><0x00>0x00>

Thanks in advance for your help!!

#embedded #mcu #blob #fileformat #FileFormatAnalysis #binary #extraction

Right now, there's a really funny opportunity to burn an Outlook zero day.

Open Graphics Card Powers Cyberpunk “Laptop”

https://hackaday.com/2026/04/04/open-graphics-card-powers-cyberpunk-laptop/

Yay! @kagihq have provided a URL where you can continue to use their "1996-style" search as your home page.

It's so nice to have a bit of colour and human interaction there. "Small Web" has already become a favourite after just a few days. So many great, mad, creative websites to browse!

https://kagi.com/?year=1996

Hey folks, a headhunter got a hold of me recently for a senior-level role at Hudson River Trading.

The position is for Security Operations-type stuff, and it appears to be a somewhat senior position.

Downside is that its hybrid, with at least two days a week in the office, and the office, from what I can tell is at 3 world trade center.

Their job openings have the salary range in the description, and from what I saw, one of the perks states that they cover your healthcare premium.

If you think you can fit the bill, go take a look:

https://www.hudsonrivertrading.com/careers/?locations=new-york%2C&job-category=information-security%2C

Additionally, here is a direct link to the dude who directed me to the position:

https://www.linkedin.com/in/aaron-wescott-b552ba182/

Wasn't a good fit for me, as I'm not really in a position nor do I have any desire to move back to the east coast, but maybe it'll be a better fit for you instead. Best of luck.

#InfosecJobs #GetFediHired

Edit: I'm not affiliated with Hudson River Trading or Fourier.