[RSS] GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan

https://deadeclipse666.blogspot.com/2026/06/greatxml-bitlocker-that-seems-to-only.html

[RSS] IDA 9.4 Beta | Hex-Rays Docs

https://docs.hex-rays.com/release-notes/9_4beta

"Feed the fire, let the last cinders burn."

My IB-01: CEL 240 illustration is now available as a print <3

https://www.inprnt.com/gallery/lurnoise/ib-01-cel-240/

I know namespaces are nice, but we only should have conflicting local names for the most trivial stuff.

bedroom::Plumbus and bathroom::Plumbus are probably fine.

But when I have bedroom::PlumbusInserter and bathroom::PlumbusInserter it's *guaranteed* that my IDE will import the wrong name and resulting in hours of debugging because nothing makes sense.

#programming

ITScape: Guest-to-Host Escape in KVM/arm64

https://github.com/V4bel/ITScape

Someone's AI agent has been performing a wide variety of manipulation to the project for a while to the Fedora project. https://lwn.net/SubscriberLink/1077035/c7e7c14fbd60fae9/

It's clearly linked to an account that precedes the, ahem, "agentic AI era", but it also seems the account wwas probably compromised, but everything is unclear, including motivations or the extent of damage.

Blogged about the time I doubled our users by doing proper engineering instead of React slop

https://www.mohkohn.co.uk/writing/html-first/

Now I have seen it all - https://bumsrake.de/

@thezdi @TheDustinChilds thanks for the clarification!

Thinking about the last tweet, not imposing exemplary punishment on the first person who published a `latest` tag on anything was probably a major mistake of humanity.

@christopherkunz Damn that sounds like a major burn for MS!

@buherator I can verify that the exploit still works with that mpengine.dll version and the 1.453.28.0 definition update that got released 6/10/2026 6:29:20 PM. It takes more than one attempt, sometimes up to 6-7 now, where it used to be almost always one shot, but it still works.
I'm waiting for my other VM to fully update and then I'll retry there, too.

TIL about @kagihq 's Redirect feature that finally allows me to land on the latest available documentation page on docs.rs for crates where latest is broken.

(Interestingly, the samples provided for this feature are also based on docs.rs URLs 🤔)

I wish this were fake.

@christopherkunz That's it thx! Based on the Update Guide this should fix the problem independently from the definition updates, so if you can repro on a clean system with this DLL version that's bad.

New, by me: ServiceNow appears to have notified some enterprise customers that there was outside access to their data, after a security bug left instances exposed to the web.

The company has hidden its notice behind a login wall, but was shared by network defenders on Reddit.

https://techcrunch.com/2026/06/10/servicenow-tells-customers-a-bug-left-some-of-their-data-exposed-to-the-internet/

The Anthropic Fable-5 safety classifiers seem to be written by the OpenAI marketing department.

Pretty much anything I talk to LLMs about gets downgraded.
Nerfed into useless. Worst model release ever?

Golden rule of vulnerability disclosure is:

Dont fuck with people who are time rich and cash poor.

New directory traversal CVE!
CVE-2026-52752
nationalsecurityagency - ghidra
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.

RE: https://mastodon.social/@fj/116696838766743727

Anthropic Fable won't answer some prompts about cybersecurity or cryptography (falling back to Opus instead) but they will send engineers to the NSA to help them with offensive operations.