[RSS] Make it Blink: Over-the-Air Exploitation of the Philips Hue Bridge

https://www.synacktiv.com/en/publications/make-it-blink-over-the-air-exploitation-of-the-philips-hue-bridge

[RSS] Bleeding Llama: Critical Unauthenticated Memory Leak in Ollama (CVE-2026-7482)

https://www.cyera.com/research/bleeding-llama-critical-unauthenticated-memory-leak-in-ollama

Non-technical teams are now shipping production vulns

Honestly, one of the things I like least about traveling for work is having to wear pants. Seems like we should have moved past this expectation by now

@technige Link to a report: https://www.euronews.com/next/2026/05/04/children-are-drawing-moustaches-on-their-faces-to-fool-online-age-checks-and-its-working

They'd have got away with it, if it wasn't for those meddling kids.

🔴 We're starting our live!
https://www.youtube.com/watch?v=RaZrX0PX4kI #reverseengineering #cybersecurity #ai

"That 'responsible disclosure' Thing"

A post with the details of CVE-2026-23918, the double free vulnerability fixed in Apache httpd 2.4.67.

#apache
https://eissing.org/icing/posts/responsible-disclosure/

@daveaitel @sherrod_im The willful ignorance of latent vulns. It was as if it didn’t exist until a vuln researcher discovered it.

@gsuberland

Remember me to one who lived there.
She once was a true love of mine.

Oh cool, Ollama on Windows has unpatched vulnerabilities that lead to Ollama downloading unverified updates from a malicious URL if set locally, and also path traversal that leads to arbitrary file write.

Disclosure without patch.

https://www.striga.ai/research/ollama-windows-auto-update-rce

The world is now so full of ridiculous things that at least I struggle to deal with it all. But this is not an 'us' problem. The (political) world really is idiotic. I needed to vent a bit, so I made a list of things that are impossible to believe, yet are very much what is happening. Perhaps seeing it in writing will help you deal better with the situation. https://berthub.eu/articles/posts/the-impossible-things-we-have-to-believe/

This. 👇

Defender nuked legitimate DigiCert roots as malware because Microsoft shipped detections for a real DigiCert breach without distinguishing root certs from the compromised code-signing ones. Your trust store is one bad signature update away from triage hell.
https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

Google Chrome is silently installing a local LLM on your computer that is 4 gigabytes in size. It's done without consent, it's not visible in the settings, and removing it will reinstall it later.

https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/

@stf Given that 1) naming things is hard and 2) you shouldn't reinvent the wheel, you just take the name of a similar project. (and this is how eventually every OSS project becomes "curl")

The existence of a weird proxy economy for AI tokens is very effing cyberpunk, AI issues notwithstanding (or perhaps especially). (Also, China Talk is an *excellent* source for lots of current tech-related goings-on.)

https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens-in

@openrightsgroup @torproject

This is the wrong message. Ministers do not care about undermining the open web. They see openness as a bug, not a feature.

The message you need to highlight is that the OSA is handing more control to US tech companies that are under the control of Trump.

To kick off his collaboration with @portswigger as a Burp Suite Ambassador, our Research Lead @apps3c just published the 10th article on the creation of extensions for #BurpSuite. Topic: #Burp #AI!

https://hnsecurity.it/blog/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-10/

30 readers took our C/C++ challenge. Some solved the Linux warmup, but nobody cracked the Windows driver bug. Even LLM-assisted submissions came up short.

The walkthrough explains both, including the Windows escalation from local DoS to kernel code execution.

Best 10 submissions are still getting swag. If you won, we'll be in contact.
https://blog.trailofbits.com/2026/05/05/c/c-checklist-challenges-solved/