Thank you to the company that owns the drivers license embedded into my cybernetic companion animal for emailing me on an address I haven't used since she was born to remind me that access to her identity chip has been sold to an insurance company and any desperate attempts to recover her will now be accompanied by informative articles

CRITICAL: if you are running Mosaic 2.4 on a VAX/VMS system, please be aware of this RCE that GPT-5.4 just found and exploited!

This might be my favourite weird car yet.
The Puli (also called the Puli Pinguin) was a microcar made in Hungary between 1986–1998. The more powerful electric version maxxed out at 7.4 kW (9.9 HP). Hold onto your hats!
https://en.wikipedia.org/wiki/Puli_(car)
#WeirdCarMastodon

The full TyphoonCon 2026 conference agenda is now live:
https://typhooncon.com/full-2026-agenda-sessions

Join us May 28-29 in Seoul for a highly curated program focused on advanced offensive security. From vulnerability research to real-world exploitation.

🎟️ Tickets are going fast - secure your spot now

OTD 1989: #SunMicrosystems announces the SPARCstation 1, aka Sun 4/60, aka "Campus".
Also first use of SBus.

https://theretroweb.com/motherboards/s/sun-sparcstation-1

The AI slop security reporting is basically extinct. It almost does not happen anymore. At all.

"I am submitting this via direct email as I am currently unable to use the HackerOne platform due to account restrictions for new reporters."

In case someone was wondering what happens when we try to make it harder for new accounts to submit new reports.

🤔Ever wondered how your favorite tools work under the hood? During our work on SightHouse, we dug into BSIM, Ghidra's Binary function SIMilarity engine.

Many tools have been built around it, yet its internals remained undocumented. Until now 👇
https://blog.quarkslab.com/bsim-explained-once-and-for-all.html

I'm like 99% sure that strings is the best reverse engineering tool.

My kinda hot take on the Mythos stuff is really that there is so little money in offensive research that it's still not really that hard to find bugs. These AI companies are operating with budgets that make the entire offensive research of all big tech combined look like a joke

I remembered Joseph Kong today. His books basically guided me through the kernel and practically launched my career as a security researcher.

I started with FreeBSD around 2008–2010 while working as a sysadmin at a local ISP. Around that time, I began writing a FreeBSD rootkit just to understand how everything worked. In 2012, I wrote two kernel exploits for it. My first real kernel exploit targeted the sysret bug on Intel CPUs (the vulnerability discovered by Rafal Wojtczuk). After that, I wrote another exploit for a vulnerability in FreeBSD’s Linux compatibility layer.

I know FreeBSD gets a lot of criticism these days, but it’s still a great operating system. I believe in its philosophy and have a lot of respect for the competence of the people involved in the project.

"Days of arguing about exploitability can save minutes of fixing the bug."

-- Socrates, on vulnerability disclosure

An updated version of "Exploits of a Mom" by XKCD:

Hyperbridge exploited two weeks after April Fools' hack joke

April 13, 2026
https://www.web3isgoinggreat.com/?id=hyperbridge-exploit

The peril of laziness lost

https://bcantrill.dtrace.org/2026/04/12/the-peril-of-laziness-lost/

Getting e-mail to work shouldn't be rocket science...

@two just hope that nothing you do here causes a Wikipedia article to get written.

Micropatches released for Windows Shell Security Feature Bypass Vulnerability (CVE-2026-21510) https://blog.0patch.com/2026/04/micropatches-released-for-windows-shell.html