Tonights pillow-talk with kiddo was about high capacity hard drives (the classics you know):

"Well, a 10TB hard drive would be useful if your grandma wants to save all the holiday pictures, and she doesn't know how to delete... and you have 100 grandmas!"

CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE

https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/

So CVE-2026-41089 (CVSS 9.8) in Windows Netlogon can be triggered by sending a username that is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or longer.
How original.

Github Copilot’s new pricing model went live today and r/GithubCopilot is having a meltdown. It’s glorious

[RSS] Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution/

"This issue was patched on April 2026 and likely assigned CVE-2026-34621, CVE-2026-34626 or CVE-2026-34622"

What happens when reverse engineers spend weeks digging into a Scala 3 codebase?

🔍 From code review to fuzzing, our assessment helped strengthen Scala's security and identify areas for improvement.

We're happy to share the results of our audit, conducted in collaboration with @ostifofficial

https://blog.quarkslab.com/scala-security-audit.html

Secret Panel HERE 😐 https://tinyview.com/mrlovenstein/2026/05/31/life-finds-a-way

Does anyone have a copy of:

AMD Am29040 Microprocessor User's Manual
1994
Order #18458

I need the full user manual, which is hundreds of pages. I already have the datasheet, which is 31 pages and is readily found online.

Thanks!

#AMD #Am29K #Am29000 #Am29040

Stealing Passwords via HTML Injection Under a Strict CSP https://afine.com/blogs/stealing-passwords-via-html-injection-under-a-strict-csp

[RSS] Analysing an exploit on VLC on Windows using TTD and AI agentic

https://www.eshard.com/blog/vlc-media-player-mkv-exploit-analysis

We have started announcing Recon 2026 Presentations https://recon.cx/2026/en/speakers.html
More talks to be announced soon once we have confirmations

@hexnomad
@joegrand
@invokereversing
@tmanning @pinkflawd

#REcon2026 #ReverseEngineering #InfoSec #cybersecurity

@dey It's not built-in, it's a 3rd party package called `clap`. For simple stuff Rust is pretty easy, esp. because you have a nice package ecosystem (incl. the pkg manager). But for non-trivial stuff, the learning curve is *steep*.

@dey You mean this? https://docs.rs/clap/latest/clap/_derive/_tutorial/index.html

Microsoft has achieved the impossible

@pancake Absolutely, that was part of the point actually :D

@pancake I mostly did this as an excercise in Rust, didn't know rax2 can do the same

Binary extension packages for #Ghidra 12+ are now automatically generated for my XCOFF Loader:

https://github.com/silentsignal/xcoff-ghidra/releases/tag/12

#AIX

I found a bug, so I created a test suite and published a new release for my signed/unsigned integer converter CLI utility, twos:

https://github.com/v-p-b/twos/releases/tag/v0.0.2

I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.

Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.

Their agents will.