I don't mean to brag but I already did this

Researchers teach brain cells to play 'Doom'

https://phys.org/news/2026-05-brain-cells-play-doom.html

[RSS] Docker Internal (2)

https://u1f383.github.io/linux/2026/06/02/Docker-Internal-2.html

Follow-up on research of Dockers security internals

The Pirate Bay Remains Resilient, 20 Years After The Raid https://yro.slashdot.org/story/26/06/01/2145208/the-pirate-bay-remains-resilient-20-years-after-the-raid?utm_source=rss1.0mainlinkanon

@sjfriedl Somehow we've been tricked into believing it's okay to have bugs if you patch 'em.

No, it's not okay to have these bugs.

I say this from the other side. Bugs usually get the minimal patch fix rather than an investigation of how they happened in the first place.

As I said previously, the MSRC and all security folks I engaged with are mostly very nice in person, the security improvements in Microsoft software and services are what we could see in our labs and during our daily research, the ~17M yearly bounty payout are real, and many more. IMO MSRC has been an absolutely leader and has basically defined what the vendor Security Responses look like today (I recall a lot of *SRCs). There’s definitely zero reason for Microsoft to kill all the decades-long good efforts and community relationships in one single post (can’t imagine that😅).

There were and there will be sometimes very hard to deal with for some cases, no doubt. If things go bad, I will complain bad. But with more effective and direct communications, I think (at least I hope) we can improve continuously.

Overall, I’m personally very happy to see this clarification coming out and hopefully this drama can be resolved peacefully.

Tonights pillow-talk with kiddo was about high capacity hard drives (the classics you know):

"Well, a 10TB hard drive would be useful if your grandma wants to save all the holiday pictures, and she doesn't know how to delete... and you have 100 grandmas!"

CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE

https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/

So CVE-2026-41089 (CVSS 9.8) in Windows Netlogon can be triggered by sending a username that is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or longer.
How original.

Github Copilot’s new pricing model went live today and r/GithubCopilot is having a meltdown. It’s glorious

[RSS] Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution/

"This issue was patched on April 2026 and likely assigned CVE-2026-34621, CVE-2026-34626 or CVE-2026-34622"

What happens when reverse engineers spend weeks digging into a Scala 3 codebase?

🔍 From code review to fuzzing, our assessment helped strengthen Scala's security and identify areas for improvement.

We're happy to share the results of our audit, conducted in collaboration with @ostifofficial

https://blog.quarkslab.com/scala-security-audit.html

Secret Panel HERE 😐 https://tinyview.com/mrlovenstein/2026/05/31/life-finds-a-way

Does anyone have a copy of:

AMD Am29040 Microprocessor User's Manual
1994
Order #18458

I need the full user manual, which is hundreds of pages. I already have the datasheet, which is 31 pages and is readily found online.

Thanks!

#AMD #Am29K #Am29000 #Am29040

Stealing Passwords via HTML Injection Under a Strict CSP https://afine.com/blogs/stealing-passwords-via-html-injection-under-a-strict-csp

[RSS] Analysing an exploit on VLC on Windows using TTD and AI agentic

https://www.eshard.com/blog/vlc-media-player-mkv-exploit-analysis

We have started announcing Recon 2026 Presentations https://recon.cx/2026/en/speakers.html
More talks to be announced soon once we have confirmations

@hexnomad
@joegrand
@invokereversing
@tmanning @pinkflawd

#REcon2026 #ReverseEngineering #InfoSec #cybersecurity

@dey It's not built-in, it's a 3rd party package called `clap`. For simple stuff Rust is pretty easy, esp. because you have a nice package ecosystem (incl. the pkg manager). But for non-trivial stuff, the learning curve is *steep*.

@dey You mean this? https://docs.rs/clap/latest/clap/_derive/_tutorial/index.html

Microsoft has achieved the impossible