It's landed. The bug apocalypse is upon us as #Microsoft releases patches for 620+ CVEs to go along with #Adobe's 88. @TheDustinChilds has done his best to make sense of it all. Read his analysis at https://www.zerodayinitiative.com/blog/2026/7/14/the-july-2026-security-update-review
@cR0w when I need to do substitutions or otherwise want to push bash to its limits, my first reference was always the Bash Hacker's Wiki, which is now defunct but I'm thankful for flokoe for being back the content: https://flokoe.github.io/bash-hackers-wiki/
NEW: The Iranian government abused well-known flaws in the global telecoms infrastructure — specifically SS7 — to locate U.S. military personnel in the Middle East at the beginning of the war.
So, @Rapid7Official is shutting down AttackerKB (https://attackerkb.com/) soon.
I view this as a case where an initially promising idea became overwhelmed by low‑quality reports from contributors.
Anyway, archive any data you wish to retain.
Firefox Security & Privacy Newsletter 2026 Q2 | Attack & Defense
https://attackanddefense.dev/2026/07/12/firefox-security-privacy-newsletter-2026-q2.html
CVE-2026-42980: Reversing and Exploiting the Windows Kernel WMI Underflow https://blog.grunt.ar/bin-exploitation/binary-gecko-academy/cve-2026-42980-wmi-underflow-en/
So @chompie1337 and I are on a mission to find creative artists who want to help design the cover for Phrack #73.
retro sci-fi & chrome futures
▸ cyberpunk / terminal aesthetics
▸ dystopian systems
▸ hacker manuals from an alternate timeline
▸ weird cool stuff and machines
Keen? Fancy helping?
📮 arts@phrack.org
⏰ Deadline: August 15
Show HN: Sx 2.0 – Share AI skills with your team through a Dropbox folder
Wait a moment. Aren't "AI" "skills" just markdown files in a skills directory? So to share them through Dropbox, you'd... drop them in your dropbox folder? And doing so needs a tool? What happened to cp? Or selecting files with your mouse, right click, copy, and paste it somewhere? Or I dunno, any of the myriad ways you can get files from one place to another on the same computer?
Oh, right, yes. We do not touch computers anymore. We let our agents do that! Right, right, sorry. I got left behind y'know, still have this mushy thing in my skull, so sorry. I'll try to use it less to keep up with "progress".
First batch of 44CON 2026 tickets are available now.
These are the lowest-priced tickets we'll offer.
Prices go up with each batch, so if you want in early, now is the time...
Get yours: https://44con.com/product/44con-2026-ticket/
Default deny
I'll open by saying that I'm not anti-AI. I think it can be a net positive. Take my own profession, information security: the world is worse off because most code out there hasn't been looked at by a security engineer. LLMs can automate finding security bugs, so we can get better software for less.
But then, I have to square this with the fact that one of the first casualties of AI were “bug bounty” programs that paid people to report security flaws. LLMs could produce plausibly-sounding reports long before they could find real bugs. Unscrupulous “researchers” figured out they could extract money from the 5-10% of vendors who were not paying attention by slop-bombing us all and wasting everyone’s time.
When it comes to social media, there’s a similar dynamic at play. Human writing, good or bad, was inherently rate-limited; LLM output is not. If someone spent hours or days writing an article, it clearly mattered to them and I could spare minutes of my time to read and engage. For LLM output, this no longer holds. There’s an infinite supply of content entirely disconnected from the human condition that still demands your attention and time.
In contrast to infosec, social media engagement isn’t utilitarian: you gain nothing if you read 1,000 machine-generated opinion pieces a day. Promoters say that it shouldn’t matter who or what is doing the writing — you should only ask if the output is good. To me, quality is secondary. I come here to talk to humans, not to yell into the probabilistic token-void.
Yes, there are rare exceptions, there are people who use LLMs as an assistive technology, and so on. But in 99% of the cases, if you couldn’t be bothered to write it, I won’t bother to read it. Default deny.
Micropatches released for Desktop Window Manager Elevation of Privilege Vulnerability (CVE-2026-20871)
https://0patch.com/blog/micropatches-released-for-desktop-window-manager-elevation-of-privilege-vulnerabi