Submissions are still open!

If you've been sitting on a bug, technique, war story, weird research rabbit hole, or beautifully cursed idea: now is the time.

Write something worth archiving.

Phrack CFP closes June 30.

More details on how to submit at https://phrack.org/news

The openSUSE peeps have figured out some crazy compression, it seems. 107.0 B for everything!

Daily #Rust:

You can write this and the compiler will just figure out all the generics for you:

`let baz = Foo::new(Bar::new());`

But if you want to write:

`return Foo::new(Bar::new());`

... it seems you have to make your function generic, even though the compiler knows exactly what will be returned.

My flight got delayed: the departure time is struck through and the new expected departure is written underneath. The arrival time is...just struck through o.O

📅 Next Web Talks at Mozilla Berlin Meetup is happening Thu, June 11, 18:00 🦊

Two talks:
• Sunil Mayya on "Keep Off My LAN": Firefox's implementation of Local Network Access
• @freddy on "The Devil is in the Defaults": defending against XSS with Trusted Types and the Sanitizer API

https://www.meetup.com/de-DE/berlin-mozilla-meetup/events/314623241/

#Firefox #InfoSec #Mozilla #Berlin #Web

@andrija That lecture sounds exactly what I need, thanks! Linking here FTR:

https://www.youtube.com/watch?v=3IyKC5EtNkM

RE: https://infosec.exchange/@x41sec/116651028731076045

Important! Using a reverse proxy might not fully protect you from BadHost / CVE-2026-48710 **also this does not only affect AI related infrastructure because FastAPI is also affected and used for various applications!**

Pasting a huge AI generated explanation to a problem in an issue or pull-request is nothing but RUDE. Don't do it. You look stupid and the receivers of that feel insulted.

We are humans. We communicate like humans. Fine, use the tools you like, but don't insult us.

@joern I couldn't create this without @airwhale! I just pushed the source files in case anyone wants to print their own:

https://github.com/v-p-b/von-neumann

[RSS] Security Bulletin: IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator (CVE-2026-7770)

https://www.ibm.com/support/pages/node/7274214?myns=swgother&mynp=OCSSRQKY&mynp=OCSWG60&mync=A&cm_sp=swgother-_-OCSSRQKY-OCSWG60-_-A

@andrija how did you figure it out? My problem is that I don't see a way to get this knowledge from docs (although the required information is definitely there).

https://www.youtube.com/watch?v=xyup-362r1w

Respect, at that age such a great #punkrock song and then such current lyrics!

Well done, guys!

Honestly, there is absolutely no way I could solve this without massive help from #LLM:

I wanted to define an interface with associated types to abstract away specific implementations of a component and used trait bounds (from a 3rd party lib) to provide guarantees about the associated types.

The problem was:

- 3rd party Traits forced generics on me that I didn't even use
- These generics had other bounds I needed to fulfill, which also what more bounds, etc.
- As a bonus, these two factors produce about a gazillion missing implementation errors for the first naive implementation, so you either need a really sharp debugger eye or will end up implementing one wrong solution after the other (as I did)

The solution for now is to drop the trait bound entirely (this is legal?!) and let the compiler intervene at the call site if someone doesn't implement the right trait - I complained exactly about this behavior the other day, because implementers can't figure out the bound just by looking at my trait, but at least now the code compiles and I left comments :P

#Rust

RE: https://infosec.place/objects/2c4cdbac-06e5-43bb-b070-044be09209b3

I have ~2 hours, 1 bottle of Club Mate and an infinite hardstyle playlist to figure out the proper way to pray to Rust generics.

Wish me luck!

"If you really believe that we're going to have a country of geniuses, you want as big a data center as you can get. There's no reason to slow down."

https://youtu.be/n1E9IZfvGMA

Do these nutjobs really believe that scientific breakthroughs scale?! That it's OK to ruin the environment + economy (+ likely society), because 9 geniuses will solve that in 1 month?

#LLM

I'll give a single public on-site Burp Suite Pro training session this year, and it will be in RomHack 🇮🇹 (registration link in replies) And if you're not sure this course would fit you, just give a look at this recent feedback

@linear Gotcha, thanks for the explanation!

@linear I'm afraid I don't see the difference between scraping and downloading a copy of something

Proof of Concept for GHSL-2026-140 (CVE-2026-48095) in 7-Zip <= 26.00. A crafted archive shrinks a 256 MB buffer into 1 byte, overwrites a function pointer with file content, and redirects execution. Full weaponization needs an ASLR bypass. Fixed in 26.01. Read more at https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/

@linear https://get.kiwix.org/en/solutions/applications/kiwix-reader/ ?