A hefty root cause analysis of #Cisco Secure Firewall Management Center (FMC) RCE CVE-2026-20079 out now from our exploit dev team. The bug's a CVSS 10, but there are significant prerequisites for exploitation that limit real-world exploitability https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079

@WPalant MCPs are the least intrusive way for LLM integration IMO, so I wouldn't see too much into that but you do you!

How about managed services? Like deploying a Gitea AMI on EC2:

https://aws.amazon.com/marketplace/pp/prodview-lhdotldtcz2ke

@WPalant Gitea/Forgejo have cloud offerings IIRC, they are pretty solid too for regular repo stuff.

AI, a few thoughts, observations about AI & security vulns.
My standard line about AI is "there's a lot I'm uncertain about". But let's be clear, there's a lot I don't like & I'm probably biased towards the "here's how spectacularly AI failed once again" news (of which there are plenty) or at least the "it's not as impressive as it may look".
Yet, I don't want to close my eyes if I see things that clearly don't fit my biases. And I know a thing or two about security vulnerabilities.🧵

@supersingular Opened an issue :)

https://github.com/jinjucat/jinjucat.github.io/issues/1

Took me a while to discover the automatic tab arrangement/containerization feature of Sidebery - best thing since silced bread!

https://addons.mozilla.org/en-US/firefox/addon/sidebery/

Right click on tab -> Configure site

[RSS] io_uring from Userland

https://jinjucat.github.io/io_uring-from-Userland/

US or EU, Remote - Wiz - Threat Intelligence Researcher (Cloud)

Wiz has been doing some great work around TeamPCP lately, among other things.

According to LinkedIn ( https://www.linkedin.com/posts/benjamin-read-41817121_im-continuing-to-build-the-threat-intel-share-7442969734645608448-Gu-n?utm_source=share&utm_medium=member_desktop&rcm=ACoAABIZhqYBjXCQuV7JX7N_3xlpxZY6alHZ77o ) it's posted for US but open to EU. They're looking for two roles, one Cyber Crime and one Cyber Espionage.

(I am not affiliated with Wiz or at all involved in this hiring process.)

https://www.wiz.io/careers/job/4658917006/threat-intelligence-researcher-cloud

you know

multiple people now have said that the thing they like about LLMs is that they don't have to deal with feeling embarrassed or humiliated by bringing questions to others that the others will judge them for.

which like

y'all.

this is a classic "solving a people problem with tech and having horrible side effects as a result" situation

and perhaps y'all ought to be less fucking toxic and judgemental to your coworkers.

fuck.

@Ange as they dont have a concept of time this kind of info is usually included automatically in the system prompt. Iirc claude code uses very strict words to make inference stick to the given value, but stochastic parrots are stochastic...

Rust 1.94.1 has been released.

This point release fixes a few regressions that slipped into in Rust 1.94.0: an internal compiler error in Clippy, a small security issue in Cargo, and two issues in the standard library.

See the blog post for details: https://blog.rust-lang.org/2026/03/26/1.94.1-release/

@dey Although for "Kan Bam" I can only find some hard techno, which is nice but I still guess there's a typo :)

@dey These are the leads I'm looking for, thanks!!

@dey Not really, but I found some new keywords that better describe what I'm interested in, e.g.:

https://en.wikipedia.org/wiki/Poka-yoke

@dey Hmm, I'm looking into this, although he seems to be more focused on the implementation of the control pane (if that's a thing?). I'm looking for thing like error handling strategies when e.g. there is a malfunction or your sensors just give you bad data. Also, things like quality control, recycling rejected items.

#ICS #OT crowd: I'm looking for "Production Line Design for Dummies"-type resources. I'm primarily interested in high-level best practices, rules of thumb for making industrial processes work reliably, ELI5 level is sufficient. Let's say I want to build a lemonade factory for my teddy bear!

Any recommendations?

@stf You mean the solution for the Strait of Hormuz is banning you from CrowdSupply? :)

I discovered a race-based vulnerability class in the Linux kernel: "Out-of-Cancel"

A structural flaw where cancel_work_sync() is used as a barrier for object lifetime management, causing UAF across multiple networking subsystems.

I wrote an exploit for CVE-2026-23239 (espintcp). It interleaves Delayed ACK timers, NET_RX softirqs, timerfd hardirqs, workqueue scheduling, and CFS scheduler manipulation to hit a ~Xµs race window.

Blog: https://v4bel.github.io/linux/2026/03/23/ooc.html

This is the race scenario diagram 😁: