Learn to use a debugger that runs *beneath* the OS using Intel VT-x. Hidden hooks, TLB splitting, EPT-based monitoring: reverse engineering's secret weapon. Debuggers 3301: HyperDbg https://ost2.fyi/Dbg3301 by @intel80x86

🆕 The URL Pattern API is Newly Available!

Use it to match and extract parts of URLs, no need to reinvent routing logic. Supports literals, wildcards, named groups, and even regex constraints.

Learn how it works 👇
https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API

I see that today @andrewnez has chosen violence.

https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html

RE: https://toot.teckids.org/@nik/116540880770634816

As someone who has been programming since being a young teenager, things like this make me enormously sad.

If I was banned from being part of tech communities until the age of 16 or even 18 I would've never been able to learn all I did. I would've never been able to truly get into FOSS.

I would've never had a chance to become who I now am.

Age verification is literally killing the ability for kids and teens to excitedly participate and learn cool stuff and learn how to have digital agency.

RE: https://chaos.social/@SylvieLorxu/116549440329775404

This.

I grew up on forums like XDA developers and started posting there when I was like 11. It taught me English, taught me what software freedom is, got me to write my first few lines of code, share software with friends and like-minded people online, and made me who I am today.

We must fight to keep the communities that made us who we are. There is still a way forward.

#Mythos finds a #curl vulnerability

yes, as in singular one.

https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/

@raptor I like to believe that people just deeply care about security researchers and they don't want to see us starving :)

@raptor @karinjiri This phenomenon even has a wiki page:

https://en.wikipedia.org/wiki/In-band_signaling

On vsyscalls and the vDSO
https://lwn.net/Articles/446528/

Implementing virtual system calls
https://lwn.net/Articles/615809/

Creating a vDSO: the Colonel's Other Chicken
https://web.archive.org/web/20240113231746/https://www.linuxjournal.com/content/creating-vdso-colonels-other-chicken

Linux syscall, vsyscall, and vDSO... Oh My!
https://web.archive.org/web/20231125035809/https://davisdoesdownunder.blogspot.com/2011/02/linux-syscall-vsyscall-and-vdso-oh-my.html

We've Been Here Before: Decompilers, Fuzzers, and Now AI

https://www.clearseclabs.com/blog/weve-been-here-before-ai-vulnerability-research/

@Extelec Looks like a GTA glitch

The FreeBSD team has patched a remote code execution in its operating system that impacts all versions released since 2005

Tracked as CVE-2026-42511, the vulnerability resides in the FreeBSD DHCP client and is extremely easy to exploit

https://aisle.com/blog/aisle-discovers-cve-2026-42511-a-21-year-old-freebsd-remote-command-execution-vulnerability

Remember the old 2600Hz thing and how much money it cost AT&T? In hindsight, it was so obviously dumb to put control signalling and user-data in the exact same channel. We'd learn from that, right? It's so obviously a terrible idea that can never work safely that we'd never do something that dumb again, right? RIGHT?!

Oh wait. That's pretty much standard operating procedure with AI agents. Just jam it all in the same context, what could possibly go wrong?! Surely it'll be OK this time, right?

*Bangs head on desk*

Periodic reminder that HuggingFace models can include code, thus possibly malware too

RE: https://mastodon.social/@campuscodi/116550201730434193

Where do the people hang that read our hacks blog post and then went through all of the bugs that we opened up? Really eager for the deeper, informed takes now :) https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/

@freddy still in my backlog...

Post-Quantum Cryptography
A Realistic Guide to Manage the Transition [PDF]

https://www.aumasson.jp/data/talks/pqcbha26.pdf

[RSS] CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability

https://www.akamai.com/blog/security-research/2026/may/advisory-cve-2026-34354-guardicore-local-privilege-escalation

[RSS] Getting LLMs Drunk to Find Remote Linux Kernel OOB Writes (and More)

https://heyitsas.im/posts/drinking-llms/

“It looks like you’re building an off brand LEGO kit! Would you like help with that?”