Posts
3932
Following
728
Followers
1602
"I'm interested in all kinds of astronomy."
repeated

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens https://projectzero.google/2026/05/pixel-10-exploit.html

0
2
0
repeated
Edited 1 hour ago
1
0
1
@sassdawe "If a man promises to fix something, he'll fix it. No need to remind him every year!"
0
1
1
repeated

Hey nerds!

I made a thing!

It's a "chore tracker*, but I took a somewhat unique take on the subject 🙈

It tracks when did you last completed a chore and how close are you to the desired frequency you set for that particular chore.

You can access it here: https://chores-mvp.azurewebsites.net/

There is policy as well. I hope it will answer most of the questions.

You can self-host it if you're into that sort of things.

5
3
0
repeated

The Junkyard Call for Bugs is officially open! 👾
www.districtcon.org/junkyard

For additional information, please reference our Disclosure Guidance doc: lnkd.in/ewjswJyf

And if you missed last years presentations, check them out on YouTube now: https://www.youtube.com/@DistrictCon/shorts

0
3
0
Edited 16 hours ago
Officially lost track of Linux page cache LPE's - see also: "cache invalidation and naming things":

https://github.com/v12-security/pocs/tree/main/fragnesia

This is CVE-2026-46300
0
2
2
repeated
repeated

Missing peripheral in QEMU? Adding it yourself is easier than you think.

We hit a wall analyzing CVE-2019-14192 on real Raspberry Pi 3B+ firmware, so we added the missing driver to . Register by register, using U-Boot's own source as the spec.

🔗 http://www.eshard.com/blog/u-boot-cve-tta-qemu-part-2

0
3
0
repeated

When you hear people abandoning Open Source because of the AI exploit threat, ask them if we should keep our laws secret as well.

Because there is a huge industry of accountants and lawyers specialized in finding exploits in those.

No? Thought so.

4
7
0
repeated

Our new multi-model agentic security system brings together more than 100 specialized agents across frontier and custom models to find exploitable bugs, delivering top performance on the CyberGym benchmark.

We used it ahead of Patch Tuesday to help find and fix 16 vulnerabilities. Today we’re announcing that customers can sign up to test it in private preview.

https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/?v=1

0
2
0
repeated

Will you please stop wasting time on Mythos-associated FUD and try to understand that you need to build reliable and dependable software, not stuff which changes weekly, to get security?

Mythos & LLM only bring breadth and depth to automated searching, they find nothing conceptually new, if no-one had come up with buffer overflows there would be no buffer overflows coming out of Mythos.

There will be a flood of issues, as if suddenly thousands of people were dedicated to finding bugs, then it will stop.

It is an excellent chance to ask yourselves "why?" and realise that no, we don't need software like it is being built now, you need software like it was built back when downtime mattered.

4
5
0
repeated

"Packages that can't be rebuilt byte-for-byte are now blocked from entering Debian's testing branch."

https://itsfoss.com/news/debian-makes-reproducible-builds-mandatory/

6
11
0
repeated

Poll: What is the main driver of high quality vulnerability research?

(Multiple choice. Please boost for reach :))

0
2
0
[RSS] Go fuzzing was missing half the toolkit. We forked the toolchain to fix it.

https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./
0
0
0
[RSS] Exploiting the Tesla Wall Connector from its charge port connector - Part 2: bypassing the anti-downgrade

https://www.synacktiv.com/en/publications/exploiting-the-tesla-wall-connector-from-its-charge-port-connector-part-2-bypassing.html
0
0
2
Show older