The epoll uaf

https://guysrd.github.io/epoll-uaf

"That one call fixed a uaf that had been reachable from any unprivileged process for a few years on any Linux / Android running a 6.6 and above kernel with the affected optimization."

Micropatches released for Windows Shell Link Processing Spoofing Vulnerability (CVE-2026-25185)
https://blog.0patch.com/2026/05/micropatches-released-for-windows-shell.html

@TarkabarkaHolgy just assume it is? :)

@TarkabarkaHolgy no kink shaming!

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

-Mythos found thousands of critical bugs
-Hackers breach Russia's SDA disinfo group
-GitHub rolls out new npm security feature
-Bulletproof hosting providers raided in the Netherlands
-Hackers breach two Vietnam agencies
-Anonymous Monero platform hacked for $2.7m
-StablR hacked for $2.8m
-Hacker returns Verus stolen funds
-China tracks visiting foreigners
-Data centers devour 2% of all electricity
-AI is killing package repos

Newsletter: https://news.risky.biz/risky-bulletin-mythos-found-thousands-of-critical-bugs/
Podcast: https://risky.biz/RBNEWS568/

hack.lu is celebrating its 20th edition!

There is still time to be part of this special anniversary edition: submit your talk, presentation, workshop, or even a short talk for the Call For Failures.

Twenty editions of sharing, learning and community deserve something memorable. Don’t miss the chance to contribute, this year will be special!

Call-for-Papers Submission Site https://pretalx.com/hack-lu-2026/

CfP Details https://2026.hack.lu/blog/hack.lu-2026-call-for-papers/

#hacklu #conference #luxembourg #cybersecurity #hackerconf #cfp #callforpapers #europe

@hack_lu @circl

Error: password must contain:

Three lower case letters for the Elven-kings under the sky,
Seven upper case letters for the Dwarf-lords in their halls of stone,
Nine digits for Mortal Men doomed to die,
One special character for the Dark Lord on his dark throne;
In the Land of Mordor where the Shadows lie.

One username to rule them all, one password to find them,
A second factor to bring them all, and in the darkness bind them;
In the Land of Mordor where the Shadows lie

It's #TowelDay. Have a good one and don't forget your #towel

‚Torvalds added, in the case of AI-discovered bugs, you need to keep in mind that just "because you found it with AI, 100 other people also found it with AI."‘

There is nothing secret about a bug found by a model. If the software is a target, you can be sure that the bad guys are running continously prompts against it. Without token restrictions.

As a maintainer, this is all hard to manage. But this is happening everywhere. It‘s not your job to save the world from stupidity, vanity and greed.

@wirepair I'll do my part!

I'm incredibly pleased to announce that the microcode for the Intel 80386 has been decoded.

It was a group effort by a bunch of talented people to extract and correct the physical bits, but the major work of decoding them was done by reenigne - you may know him from such incredible PC demos as 8088 MPH and Area 5150, as well as being the person who decoded the 8088 microcode previously.

Please, check out his writeup.

https://www.reenigne.org/blog/80386-microcode-disassembled/

#retrocomputing #vintagecomputing #microcode #reverseengineering

If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.

See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8

[RSS] A blueprint for formal verification of Apple corecrypto

https://security.apple.com/blog/formal-verification-corecrypto

Fun fact, a web upload trigger gives you root read access on the Tolino Vision Color, but im not even sure if they are in general just more open for tinkering.

7" Full Color Linux eink reader for 200€ is anyway more on the expensive side

eat flaming shit, google.

https://techcrunch.com/2026/05/22/you-can-no-longer-google-the-word-disregard/

void shitIDo(bShouldCrash){
if (!bShouldCrash){
crash();
}else{
while(1){}
}
}

Semgrep listed by Qilin. Oof.

#ransomware

Hello and welcome to #NakedDieFriday! This time with proper capitalisation. :-)

The die of today is named HD6483153 and is designed by Hitachi. It fell out of a SIM card. I do not know what commercial p/n this is, if it was ever assigned one. If anyone can provide any details on what smart cards were made by Hitachi, please do so! In the meantime, we shall explore a bit. 🧵

Full-res map: http://infosecdj.net/map/hitachi/hd6483153/infosecdj_mz_nikpa40x_2/

EDIT: This is H8/3153, part of the H8/3150 series.

#electronics #reverseengineering #smartcards