[RSS] Pwning Minecraft: 4-Byte Heap Overflow to RCE

https://osec.io/blog/2026-06-02-minecraft-heap-overflow-to-rce

The FSB says it found a Western spyware op targeting Russian officials and a Kaspersky exec is going around giving interviews about malware infecting iPhones via an "invisible" iMessage

Hmmm... hmmm...

https://www.rbc.ru/rbcfreenews/6a1e7d589a7947f2bc33dc35

Today I begin posting a series of twice-weekly blog posts describing security software I've developed for personal use over the last 25 years that may be useful for others who manage home or small business infrastructure using OpenBSD, Linux, and/or macOS. https://lippard.blogspot.com/2026/06/25-years-of-openbsd-security-tools.html

3. "28 Errors Later" (28 Years Later)

Just like last year, we replaced a whole wall of movie posters with our own punny movie posters at the cinema where RustWeek 2026 took place. I designed seven new posters for this year's event. See the thread below 👇

I don't mean to brag but I already did this

Researchers teach brain cells to play 'Doom'

https://phys.org/news/2026-05-brain-cells-play-doom.html

[RSS] Docker Internal (2)

https://u1f383.github.io/linux/2026/06/02/Docker-Internal-2.html

Follow-up on research of Dockers security internals

The Pirate Bay Remains Resilient, 20 Years After The Raid https://yro.slashdot.org/story/26/06/01/2145208/the-pirate-bay-remains-resilient-20-years-after-the-raid?utm_source=rss1.0mainlinkanon

@sjfriedl Somehow we've been tricked into believing it's okay to have bugs if you patch 'em.

No, it's not okay to have these bugs.

I say this from the other side. Bugs usually get the minimal patch fix rather than an investigation of how they happened in the first place.

As I said previously, the MSRC and all security folks I engaged with are mostly very nice in person, the security improvements in Microsoft software and services are what we could see in our labs and during our daily research, the ~17M yearly bounty payout are real, and many more. IMO MSRC has been an absolutely leader and has basically defined what the vendor Security Responses look like today (I recall a lot of *SRCs). There’s definitely zero reason for Microsoft to kill all the decades-long good efforts and community relationships in one single post (can’t imagine that😅).

There were and there will be sometimes very hard to deal with for some cases, no doubt. If things go bad, I will complain bad. But with more effective and direct communications, I think (at least I hope) we can improve continuously.

Overall, I’m personally very happy to see this clarification coming out and hopefully this drama can be resolved peacefully.

Tonights pillow-talk with kiddo was about high capacity hard drives (the classics you know):

"Well, a 10TB hard drive would be useful if your grandma wants to save all the holiday pictures, and she doesn't know how to delete... and you have 100 grandmas!"

CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE

https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/

So CVE-2026-41089 (CVSS 9.8) in Windows Netlogon can be triggered by sending a username that is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or longer.
How original.

Github Copilot’s new pricing model went live today and r/GithubCopilot is having a meltdown. It’s glorious

[RSS] Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution/

"This issue was patched on April 2026 and likely assigned CVE-2026-34621, CVE-2026-34626 or CVE-2026-34622"

What happens when reverse engineers spend weeks digging into a Scala 3 codebase?

🔍 From code review to fuzzing, our assessment helped strengthen Scala's security and identify areas for improvement.

We're happy to share the results of our audit, conducted in collaboration with @ostifofficial

https://blog.quarkslab.com/scala-security-audit.html

Secret Panel HERE 😐 https://tinyview.com/mrlovenstein/2026/05/31/life-finds-a-way

Does anyone have a copy of:

AMD Am29040 Microprocessor User's Manual
1994
Order #18458

I need the full user manual, which is hundreds of pages. I already have the datasheet, which is 31 pages and is readily found online.

Thanks!

#AMD #Am29K #Am29000 #Am29040

Stealing Passwords via HTML Injection Under a Strict CSP https://afine.com/blogs/stealing-passwords-via-html-injection-under-a-strict-csp