Started to roll my eyes and say "Here, let me Google that for you" and then remembered that Googling it unlikely to yield a correct answer anymore.

[RSS] Measuring LLMs' Impact on N-day Exploits

https://red.anthropic.com/2026/n-days/

[RSS] Surviving the surge of new Linux LPE : Defense in Depth not dead

https://www.synacktiv.com/en/publications/surviving-the-surge-of-new-linux-lpe-defense-in-depth-not-dead.html

[RSS] Off By !: Exploiting a Use-after-Free in the Linux Kernel

https://blog.exodusintel.com/2026/06/08/off-by-exploiting-a-use-after-free-in-the-linux-kernel/

NEW: WhatsApp said it caught and disrupted a new hacking campaign by NSO Group against its users.

The Meta-owned messaging giant said this phishing campaign violates a court decision that ordered NSO to stop targeting WhatsApp and its users. WhatsApp is seeking to hold NSO in contempt of court because of this violation.    

https://techcrunch.com/2026/06/08/whatsapp-says-it-caught-new-spyware-attacks-linked-to-nso-group-in-violation-of-court-order/

Spy Tech: The GPS Numbers Station

https://hackaday.com/2026/06/08/spy-tech-the-gps-numbers-station/

Stuck on a problem..... Would really appreciate some help. Over the last four days I have had many coffees and even more headaches from WinRE on a hobby project (long weekend). Basically what I've tried to do is map the state machine for TPM and WinRE. To anyone interested I can provide a 42 page walkthrough of my methodology, thoughts, roadblocks, and current issue. the bootmgrfw lives in physical memory from what I could tell from my RE, so it was easy enough to extract the static start address from the .efi file, but WinRE lives in virtual memory. Long story short, I was able to find that start point after timing the break in a GDB stub (QEMU) when the TianoCore logo was running and then scrape through looking for the public symbol file for winload.efi and then eventually through some searching of memory find the location of the entry after calculating the base taking into account the RVA I had taken from Ghidra previously since at that point I knew it was loaded in memory. I was using that for 6 hours + and after shutting off for the night, I realised when I logged on the next day that it was no longer resolving the function, I have attached before and after. As far as I can tell ASLR is not enabled here. Does anyone know what could have caused that? I can't work it out for the life of me. You can tell its rubbish from the (bad) instruction.

#cybersecurity #infosec #windows #reverseengineering

Agents need better tools for reversing! I'm releasing declib (previously libbs), with a new CLI today that gives agents CLI access to 4 decompilers (IDA, Ghidra, Binja, angr), parity feature support to most MCP (12 features), and the ability to sync those changes across decs!
https://asciinema.org/a/J6jHm77G4a5L0TVZ

c'mon, Taylor…can we have just one?

🚨 New advisory by @kruxinator & Christian Hager: Local privilege escalation in @genetec 's #RabbitMQ deployment (#CVE-2026-25112)
Writable dir + missing binary + SeImpersonatePrivilege = SYSTEM via Rotten Potato 🥔
Patch available. Apply now!
🔗 https://r.sec-consult.com/genetec
#privesc

Here's yet another reason to not give money to Proton:

https://old.reddit.com/r/BuyFromEU/comments/1u052qp/proton_is_funding_the_french_far_right_on_youtube/

@drwhax Enjoy the silence!

Happy 31st Birthday to the #PHP programming language.

https://en.wikipedia.org/wiki/PHP

X.⁠Org Security Advisory: June 2, 2026 https://www.openwall.com/lists/oss-security/2026/06/02/1
8 issues in X server and Xwayland, all with ZDI-CAN identifiers, one also already has a CVE

@stragu @zbrown It also has a chance that it will be covered in concrete in the very near future, maybe ask the birds first if they are comfy with that.

Here’s an easter egg in the new Lego Batman that I think all of yourwill REALLY appreciate.

It’s so good, I had to make a video.

#LinkedIn is so full of AdTech that I need to use a dedicated browser to open any post there (otherwise I get stuck at the cookie consent window that I can't close...).

Please don't use LinkedIn as your primary publishing platform, esp. for technical content!

Been telling people about these kinds of hybrid threats and interactions between threat actors and victims for years, and these examples are not reflecting true nation-state efforts or capabilities.

Cyber threats aren't limiting themselves to computers so why are we?
https://bird.makeup/users/jamieantisocial/statuses/2062922881869271522

#Ghidra 12.1.2 is released

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.1.2_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

WinNotify/signeddrv.sys — Full Local Privilege Escalation via Arbitrary Kernel Read/Write https://medium.com/@haider303mustafa/winnotify-signeddrv-sys-full-local-privilege-escalation-via-arbitrary-kernel-read-write-09e0c1ababf3