Google Chrome is silently installing a local LLM on your computer that is 4 gigabytes in size. It's done without consent, it's not visible in the settings, and removing it will reinstall it later.

https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/

@stf Given that 1) naming things is hard and 2) you shouldn't reinvent the wheel, you just take the name of a similar project. (and this is how eventually every OSS project becomes "curl")

The existence of a weird proxy economy for AI tokens is very effing cyberpunk, AI issues notwithstanding (or perhaps especially). (Also, China Talk is an *excellent* source for lots of current tech-related goings-on.)

https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens-in

@openrightsgroup @torproject

This is the wrong message. Ministers do not care about undermining the open web. They see openness as a bug, not a feature.

The message you need to highlight is that the OSA is handing more control to US tech companies that are under the control of Trump.

To kick off his collaboration with @portswigger as a Burp Suite Ambassador, our Research Lead @apps3c just published the 10th article on the creation of extensions for #BurpSuite. Topic: #Burp #AI!

https://hnsecurity.it/blog/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-10/

30 readers took our C/C++ challenge. Some solved the Linux warmup, but nobody cracked the Windows driver bug. Even LLM-assisted submissions came up short.

The walkthrough explains both, including the Windows escalation from local DoS to kernel code execution.

Best 10 submissions are still getting swag. If you won, we'll be in contact.
https://blog.trailofbits.com/2026/05/05/c/c-checklist-challenges-solved/

Proton Pass: Second-Password Bypass Through Emergency Access https://www.zolder.io/blog/proton-pass-second-password-bypass-through-emergency-access/

[RSS] pyghidra-mcp Meets Ghidra GUI: Drive Project-Wide RE with Local AI

https://clearbluejar.github.io/posts/pyghidra-mcp-meets-ghidra-gui-drive-project-wide-re-with-local-ai/

+ CVE-2024-3273 analysis (D-Link)

Coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser

https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368

#Nix #Lix

#NoCVE atm

AISLE boasts about their AI tooling and CVE-2026-42511:

"Our autonomous AI system found another critical vulnerability in the FreeBSD DHCP stack - an unauthenticated remote code execution vulnerability with root privileges.

This finding is significant not only because RCE as root is about as severe as it gets, but also because FreeBSD was explicitly included in Anthropic’s Mythos announcement, and Mythos did not identify this issue."

[RSS] Recursively fuzzing MS-RPC structures and monitoring using ETW

https://incendium.rocks/posts/Fuzzing-MS-RPC-structures-and-monitoring/

[RSS] [WIP] Resolve indirect calls in Binary Ninja with DynamoRIO instrumentation

https://github.com/klemmm/indyresolve

@freddy Look at the bright side: you don't have to carry your bags across the city!

@hajovonta If only I could install updates! But since time is desynchronized...

It's 2026 and Windows still can't synchronize time

Hister has joined the #fediverse

Hister is a general purpose web search engine providing automatic full-text indexing for visited websites.

Follow to be up-to-date with development news, releases and related articles.

#search #selfhosted #freesoftware

New vulnerability report from Talos:

Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2276

CVE-2025-58074

"Marketing agencies are pitching influencers deals such as $5,000 per TikTok video to amplify Build American AI’s messaging about how China’s technological rise should be seen as a threat"

https://www.wired.com/story/super-pac-backed-by-openai-and-palantir-is-paying-tiktok-influencers-to-fear-monger-about-china/

[RSS] Lateral Movement via Cross-Session Activation

https://ipurple.team/2026/05/04/cross-session-activation/

-DigiCert hacked with a malicious screensaver file
-Ransomware negotiators get four years in prison
-Trellix discloses security breach
-Another Russian hacker arrested vacationing in the wrong place
-Secessionist party leaks Albertans personal data
-Fakestortion campaign hits cPanel sites
-Rockstar stock went up after the hack (leaked financials were spectacular)
-Hacker leak exposes Hungarian-Kremlin propaganda coordination

Podcast: https://risky.biz/RBNEWS559/
Newsletter: https://news.risky.biz/risky-bulletin-digicert-hacked-with-a-malicious-screensaver-file/