Micropatches released for Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2026-20817)
https://blog.0patch.com/2026/04/micropatches-released-for-windows-error.html

@lcamtuf @diyelectromusic No Starch complained multiple times about Amazon selling counterfeits, I had good experience with blackwells.co.uk when ordering overseas tech books from EU.

The cat's out of the bag! My latest book, "The Secret Life of Circuits", is available in early access:

https://lcamtuf.coredump.cx/blog/secret/

It's the reference I wish I had when I was starting out. Electrons to embedded systems, 290+ color illustrations and 420+ pages of well-explained theory.

New Post: Debugging - WinDBG(X) Automation & Scripting - Part 1 https://www.corelan.be/index.php/2026/04/17/debugging-windbgx-automation-scripting-part-1/

RE: https://infosec.exchange/@attackanddefense/116418875523198922

Q1 2026 was a very strong quarter for Firefox Security & Privacy.

some highlights:
- We expanded AI-assisted vulnerability discovery through our collaboration with Anthropic, helping identify and fix a high number of real security issues.
- We shipped the Sanitizer API in Firefox 148, making Firefox the first browser to support this stronger defense against XSS.

More in the newsletter linked below :)

Current stats:

* Bugs found in target: 1
* Bugs found in bug discovery tools: 4

RE: https://ec.social-network.europa.eu/@EUCommission/116408720976324749

Doesn't work without a Google/Apple-tied device btw. There is absolutely no story for how this would work on a desktop, anything without a Google/Apple account, or open source OS at all either.

@dsp @badkeys That's a limitation of DNS, and management UI's can make configuring larger strings quite frustrating. My favorite is when parts of the base64 gibberish are mixed up in the DNS response so you can see that there is something that *looks like* your public key, yet it won't verify your messages.

I had pretty good experiences with Zed so far, but this is lunacy:

https://github.com/zed-industries/zed/discussions/29395

From the same author as BlueHammer we now have RedSun.

This works ~100% reliably to go from unprivileged user to SYSTEM against Windows 11 and Windows Server 2019+ with April 2026 updates, as well as Windows 10, as long as you have Windows Defender enabled. Any system that has cldapi.dll should be affected.

Join us tomorrow, April 17th @ 4pm ET, for some live pwn! We'll be using Binary Ninja's shell coding compiler, patching binaries to make them easier to debug, analyzing data moving from globals to the stack to the heap, and finishing by popping shells live with pwntools: https://youtube.com/live/VcK4SoeYZiU

RE: https://hachyderm.io/@Mara/115373191721487331

Half a year later, I'm *very* excited to report that we got initial funding and have hired our first Rust maintainers!

RustNL's Rust Maintainers Team now has two full time maintainers, one intern, and five part-time maintainers, now stably employed to continue their invaluable maintenance work that is crucial for Rust’s long-term sustainability.

https://rustnl.org/maintainers/

Apparently we reached the state of #Thoughtcrime punishment, it's called #precrime and on virustotal. Microsoft and Sophos just "blocked" (aka content filter says it's porn... whuat?) a friend's website because the #AI was suspicious of his AI website probably because on #Virustotal PreCrime is flagging it as will-be-malicious-in-the-future.

I want my Internet back.

@david_chisnall @itgrrl @scottymace User story: I explicitly looked for and manually enabled the history on Android bc there were notifs that contained important info but I sometimes removed them from the screen by accident and I couldn't find them in the corresponding app (can't tell the exact app/feature).

Windows: You can execute stuff by double-clicking

Also Windows: PowerShell is the way to script me!

Still Windows: If you double-click a PS script, it'll open a text editor

@david_chisnall @itgrrl @scottymace "Is there some way of searching them?" I can only speak of Android: here definitely is a system-level option keep a browsable notification history.

Average number of hours between #curl security reports

Material for a pending presentation

AI Use Appears to Have a “Boiling Frog” Effect on Human Cognition, New Study Warns

"In a new study, researchers claim to provide the first causal evidence that leaning on AI to assist with “reasoning-intensive” cognitive labor — mental tasks ranging from writing to studying to coding to simply brainstorming new ideas — can rapidly impair users’ intellectual ability and willingness to persist despite difficulty."

https://futurism.com/artificial-intelligence/ai-boiling-frog-human-cognition-study

#tech #AI #ArtificialIntelligence #LLM #LLMs #FuckAI

@mcr314 @badkeys Source? I doubt someone who makes a mistake like this knows what ECDSA is.