Some reading for the weekend:

Implementation details of Apple's lossy texture compression format.
https://www.ludicon.com/castano/blog/2026/04/metal-lossy-compression-format/

Enjoy!

It said: "The History of every major Galactic Civilization tends to pass through three distinct and recognizable phases, those of Survival, Inquiry and Sophistication, otherwise known as the How, Why and Where phases.
"For instance, the first phase is characterized by the question How can we eat? the second by the question Why do we eat? and the third by the question Where shall we have lunch?"

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

New Blog post: "Multiple things can be true at the same time" - https://frederikbraun.de/feels-and-llms.html :: Dear reader, I am sure you have read a lot of blog posts about AI in the past weeks or months. And now I too am writing. Mostly to help me cope with what my kind of hacker people would call out as hypocrisy or cognitive dissonance.

Pwning PostgreSQL was quite fun, excited to share our research at OffensiveCon!

https://www.offensivecon.org/speakers/2026/paul-gerste-and-moritz-sanft.html

Secret Panel HERE 😀 https://tinyview.com/mrlovenstein/2026/04/22/working-from-home

Full research, benchmark methodology, scoring breakdown, and the obfuscation techniques that worked: https://go.es.io/3QSJGnI

Hey fellow hackers and CTF players and cybersecurity enthusiasts, wanna participate in a small experiment?

I created a small CTF task designed to be solved with AI and I need to collect as much feedback as possible to determine if the core principles I used to create it are relevant.

For now, a few people I know already solved it but I definitely need more people to test it so I made it public:

https://virtualabs.fr/ctfai/

Try it, solve it, and send feedback! 😁

RE: https://mastodon.world/@paninid/116445313743159155

This _seems_ bananas, but you have to appreciate Microsoft's central role in computing as a _consumer of excess capacity_ that only incidentally _produces_ useful outputs. That is to say, the classic cycle of the computing _economy_ has been chipmakers, mostly Intel, builds faster machines, and then Windows and Office grow to soak up that excess capacity, driving demand for yet faster hardware. But... there's a plausible need in that cycle for Windows, Word, etc.

https://cosocial.ca/@paninid@mastodon.world/116445313952711313

Whatever Anthropic provided to Google, didn’t include the 0-days in Chrome that I am reporting right now. Zero dupes so far
https://bird.makeup/users/alisaesage/statuses/2046886808689270796

A new Git version just dropped and it comes with a new experimental `history` command!

`reword` can be used to change commit messages and `split` can untangle a single commit into multiple ones.

No more interactive rebase. 🎉

https://github.blog/open-source/git/highlights-from-git-2-54/

I checked and it's been 2 years since my last blog post??? So anyway, here's a quick blog post about KDP pool - the latest KDP feature that will replace the secure pool in future Windows versions: https://windows-internals.com/goodbye-secure-pool-hello-kdp-pool/

Interesting links of the week:

Strategy:

* https://cert.pl/en/posts/2026/04/annual-report-2025/ - .pl CERT gives us their annual update
* https://www.ncsc.gov.uk/news/apt28-exploit-routers-to-enable-dns-hijacking-operations - more on that Guardian story from a couple of weeks back about Russian hostmasters working for free
* https://arxiv.org/abs/2603.29545 - exploring how cyber crime's vibe will change
* https://gambit.security/blog-post/a-single-operator-two-ai-platforms-nine-government-agencies-the-full-technical-report - how .mx got popped
* https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a - .ir are planning a silent disco and all of US are invited

Standards:

* https://github.com/OWASP/APTS - @owasp has a crack at defining autonomous testing standards

Threats:

* https://socket.dev/blog/bitwarden-cli-compromised - careful warden, I see you're managing a password
* https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/ - .de doxes head of REvil
* https://www.ic3.gov/PSA/2026/PSA260407 - .ru completes sticker collection of logos from every major law enforcement agency
* https://www.lumen.com/blog/en-us/frostarmada-forest-blizzard-dns-hijacking - .ru... in your modem, stealing your DNS requests
* https://dti.domaintools.com/research/dprk-malware-modularity-diversity-and-functional-specialization - .kp IT skills continue to develop
* https://pushsecurity.com/blog/device-code-phishing - phishermen continue to catch phish, news at 10

Bugs:

* https://www.jamf.com/blog/darksword-ios-exploit-kit-three-lessons-mobile-security/ - breaking out on Safari
* https://blog.calif.io/p/we-asked-claude-to-audit-sagredos - Claude vs qmail but FFS, it shouldn't have taken that much effort to spot that one
* https://heyitsas.im/posts/cups/ - printing a new 0day

Exploitation:

* https://vulnbench.ghostsecurity.com/ - testing LLM efficacy on the work bench
* https://agentic-threat-modeling.github.io/MAESTRO/ - how to make friends with agents and influence them

Hard hacks:

* https://gpubreach.ca/ - another hammer, another pixel dead...

Hardening:

* https://lore.kernel.org/lkml/20260404133746.80914-1-zybo1000@gmail.com/ - an interesting new kernel driver for Linux

Cryptography:

* https://www.openssh.org/pq.html - #OpenBSD takes a stance on PQC

#security, #research

Effective security measures are easier to implement and maintain than to bypass #showerthoughts

a new zero-trust security appliance just dropped

Hister v0.13.0 is out with quite a few new features. Update your instances.

https://github.com/asciimoo/hister/releases/tag/v0.13.0

Hister is a general purpose web search engine providing automatic full-text indexing for visited websites.

#selfhosted #search #freesoftware

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as https://www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2