btw y'all should* write cracks for software you use, even (and especially) if you paid for it

it's a good reversing exercise and you'll thank yourself when the licensing server has an outage or some company doesn't like your new motherboard

(*only if you can do it legally)

The fuzzer that found https://project-zero.issues.chromium.org/issues?q=componentid:1638259%20%22V8%20Sandbox%20Bypass%22 (and a number of issues prior to that as well) is now open-source: https://crrev.com/c/7580844

It uses pkeys, trap-handling and single-stepping to intercept and mutate in-sandbox reads (see trap-fuzzer.h for details). Definitely had fun writing it!

Did you know that `ipsw` has had a secret sandbox decompiler hidden in it for ~4 years? 🤫 Well now it's public 🙌

Check it out and let me know what you think! 🎉

https://github.com/blacktop/ipsw/releases/tag/v3.1.672

#GirlsDay 2026 at MPL and MPZPM – experience science up close!

With our participation we want to get more girls excited about #science. We show them that #physics, #technology and #research offer diverse and thrilling career opportunities.

They get the opportunity to step into the role of scientist, engineer and lab technician for a day. MPL and MPZPM open their doors on April 23 – offering hands-on experiments, lab tours and real insights into cutting-edge research.

👉 https://mpl.mpg.de/de/news/artikel/wissenschaft-hautnah-erleben-girlsday-2026-am-mpl-und-mpzpm

[RSS] SASS King: reverse engineering NVIDIA SASS

https://github.com/florianmattana/sass-king

no vibes just a lot of IDA Pro debugging MAME and hunting down as much info that’s surfaced in the past… 42 years as possible (thanks, Atari of Ireland file cabinet contents)

I mapped out enough of the Atari System 1 BIOS to create a cartridge ROM that the motherboard will boot and that calls some fancy printing functions. The blinking, teletype, banner effects are from the BIOS but the fade in/fade out effect I had to hook up myself through palette registers at VBLANK interrupt time.

@cygnus-xr1 Nice noises :) I'm afraid I couldn't even turn the thing on though...

I've been seeing this extension all over and wasn't sure exactly what folks were doing. Turns out, they weren't doing anything. Claude for Desktop is secretly installing this thing that activates when one of three other extensions are also present.

https://www.thatprivacyguy.com/blog/anthropic-spyware/

Command injection in a qmail fork (not the original!) - CVE-2026-41113:

"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."

https://blog.calif.io/p/we-asked-claude-to-audit-sagredos

#LLM

Finally, it is published 😁 Making Vulnerable Drivers Exploitable Without Hardware - my latest research on driver vulnerability hardware-gating, explaining the concept of hardware-dependent code and diving deep into creative deployment techniques - software-emulated phantom devices, driver restacking, and forced driver replacement — all explored through the lens of Bring Your Own Vulnerable Driver (BYOVD) attacks:
https://atos.net/wp-content/uploads/2026/04/atos-byovd-article.pdf

Happy Bicycle Day to all who celebrate! On this date in 1943, Albert Hofman took the LSD off the shelf that synthesized five years previously, ingested 0.25 milligrams and then rode his bicycle on the first LSD trip. #psychedelics

https://en.wikipedia.org/wiki/History_of_lysergic_acid_diethylamide#%22Bicycle_Day%22

@PurpleJillybeans There are pretty good Java decompilers out there (e.g. jd-gui), so you don't have to mess with the bytecode.

@joern @bagder this https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage#no-vuln-outside-usage by @yossarian is great for this.

The folks at iTerm2 figured out a way to get arbitrary code execution as the result of cat <file>, which is... impressive?

I wrote up this cursed discovery with more details:

https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061

#infosec

i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.

The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.

And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D

#infosec

RE: https://chaos.social/@icing/116435790527643905

This is quickly becoming a new trend ... "look, if I totally destroy internals by abusing a private function, something bad can happen"

Thanks so much to everyone who showed up on the weekend in Berlin to say goodbye to FX.

“Burning bridges where we can” - this is the original Phenoelit slogan. Yet, while FX for sure burned some network bridges, he did quite the opposite for the hacking community. FX built bridges between people wherever he could. He created something way bigger than himself which we all are part of.

Each one who joined us in Berlin carries a piece of his legacy. You were there because he left something with you. We know there are many who couldn't make it in person, and they too carry his spirit with them.

FX is gone.
But the spirit lives on.