RegPwn was a Windows 0-day that we were using for LPE in our Red Team for a year (discovered by Filip D. In January 2025). Unfortunately it got fixed 🥲

Good bye RegPwn 🫡

https://www.mdsec.co.uk/2026/03/rip-regpwn/

An update to our bug bounty policy: https://attackanddefense.dev/2026/03/13/bug-bounty-program-updates-2026.html

RegPwn - Windows LPE vulnerability (now fixed) https://www.mdsec.co.uk/2026/03/rip-regpwn/

This timeline is truly amazing:

There is an ongoing case in front of the #EU Curia to test #copyright laws vs LLMs:

https://infocuria.curia.europa.eu/tabs/document?source=document&text=&docid=301042&pageIndex=0&doclang=en&mode=doc&dir=&occ=first&cid=489283

This would be pretty boring, BUT the case is based on a story of this guy who became a singer celebrity in the '90s in #Hungary, then a few years ago he gave an interview sky-high on cocaine talking about the awesome dolphins in lake Balaton:

https://www.youtube.com/watch?v=kxkiM635LMk

(there are no dolphins in Balaton)

Being the self-promotion genius he is, he actually kept on promoting the deployment of dolphins to Balaton, and (copyrighted) reports of this activity are now part of the court case! Naturally, he also wrote a song about the topic:

https://www.youtube.com/watch?v=mUJXhAjZQ7A

#Kozsó

AI is the Best Thing to Happen to Art

https://geohot.github.io/blog/jekyll/update/2026/02/19/ai-art.html

(See also: photography vs painting)

"AI is giving attackers a huge advantage!"

"Yes, it is. It's amazing how quickly it has destroyed dev, sec, ops, management, company missions and priorities, regulations, information literacy, and civil society, making everyone more vulnerable."

"I traced $2 billion in nonprofit grants and 45 states of lobbying records to figure out who's behind the age verification bills."

https://web.archive.org/web/20260313090844/https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/

https://github.com/upper-up/meta-lobbying-and-other-findings

Spoiler: It's Meta.

Kagi's Small Web just got a big upgrade! Introducing browser extensions, mobile apps and categories:

https://blog.kagi.com/small-web-updates

#Kagi #SmallWeb #Blogs #Apps

@matildalove "he fed my work into a machine, so I fed him into a machine..."

RE: https://hachyderm.io/@pheonix/116221805295722939

#Meta only exists for two reasons:

- Money
- Info gathering on everyone for reason 1

Wrote down everything I wish I knew earlier about Python supply chain security. Hash pinning, pip-audit, SBOMs, trusted publishing — the whole thing. Enjoy 🐍🔒https://bernat.tech/posts/securing-python-supply-chain/

What we get upset about. Cartoon for Dutch newspaper Trouw: https://www.trouw.nl/cartoons/tjeerd-royaards~bcb45712/

#GasPrices #oil #OilPrices #Iran

@freddy successfully teaching this to a 8yo proves that you really get it ;)

"There are, of course, an infinity of variations to that single routine."

A new page of my comic Ekphrasis, which you can read for free at https://ekphrasiscomic.neocities.org/.

Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)

https://seclists.org/oss-sec/2026/q1/300

#NoCVE yet?

[RSS] Archive of classic reverse engineering tutorials (Armadillo, ASProtect, Themida, SoftICE era)

https://github.com/Show0ne/archivo-syxe05-snat

[RSS] Reverse Engineering the undocumented ResetEngine.dll: A C++ tool to programmatically trigger a silent Windows Factory Reset (PBR) bypassing SystemSettings UI.

https://github.com/arielmendoza/Windows-factory-reset-tool

[RSS] I Hacked My Laundry Card. Here's What I Learned.

https://hanzilla.co/blog/laundry-card-hack/

[RSS] Decrypting and Abusing Predefined BIOCs in Palo Alto Cortex XDR

https://labs.infoguard.ch/posts/decrypting-and-abusing_paloalto-cortex-xdr_behavioral-rules_biocs/

[RSS] A Nerd's Life: Weeks of Firmware Teardown to Prove We Were Right

http://blog.quarkslab.com/nerd-life-weeks-firmware-teardown-we-were-right.html