For years, Rust binaries made reversing a nightmare. Modern decompilers only support C, lacking meaningful types, constructs, and language-specific functions. Led by @34r7hm4n, we're releasing our S&P work Oxidizer, the first deep Rust decompiler, built on angr!

Interested? 🧵👇

CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox https://voidsec.com/cve-2026-40369-browser-sandbox-escape/

github is like: "I see you're trying to look at a commit diff, how about skipping the files where the majority of the changes happened?"

@wdormann This must be another income source for Paper Street Soap Co's anarchist side-projects!

When Your VPN Opens Your Private Network to the Public https://www.hacktron.ai/blog/cve-2026-0265-panos-globalprotect-cas-auth-bypass

😎 We now push artificial variable declarations close to their use! 😎

Also, inline initialization.

Magnets Are Bad For Hardware Again

https://hackaday.com/2026/05/21/magnets-are-bad-for-hardware-again/

"I'm happy to share that #Fortinet has won the Best Government Supplier award" - LinkedIn

"They probably were government. Just not ours." - Whistler

@seecurity @freddy Damn, I have to level up my act!

@seecurity @freddy It helps me dealing with taxes a lot if I imagine myself as the protagonist of a Kafka novel (or any other absurd/surreal work). Maybe it helps with SAP/other horrors too?

I'll be back at @recon teaching a training with @KeithRamphal, we'll be bringing our combined malware reverse engineering experience to the masses! Whatever runs, wherever it runs, cause the days of your boring ol' Windows C bot are over. https://recon.cx/2026/en/trainingAdvancedMalwareRE.html

@TarkabarkaHolgy Heel hammer-kick to balls during sleep -> 2d6 minutes of temporary paralysis

@buherator This VSCode issue can also take some love from the community:

https://github.com/microsoft/vscode/issues/229861

General Devices for Lowering Morale and Creating Confusion

@TheBreadmonkey

“This must be Thursday,' said Arthur to himself, sinking low over his beer. 'I never could get the hang of Thursdays.”

#THHGTTG

[RSS] A gentle introduction to binary analysis and Ghidra's SLEIGH

https://blog.thalium.re/posts/sleigh/

Impacket 0.13.1 is out, with a lot of improvements and some new relay options. https://www.coresecurity.com/blog/whats-new-impacket-0131

FatGid+4
A four-byte type, an eight-byte stride, one root shell. #FreeBSD

https://fatgid.io/

/via @Hetti

Your next AI agent

I love how the Unix commands have such intuitive naming. Like 'find' if you need to find a file, or 'grep' if you need to grep for a string