@Ange as they dont have a concept of time this kind of info is usually included automatically in the system prompt. Iirc claude code uses very strict words to make inference stick to the given value, but stochastic parrots are stochastic...

Rust 1.94.1 has been released.

This point release fixes a few regressions that slipped into in Rust 1.94.0: an internal compiler error in Clippy, a small security issue in Cargo, and two issues in the standard library.

See the blog post for details: https://blog.rust-lang.org/2026/03/26/1.94.1-release/

@dey Although for "Kan Bam" I can only find some hard techno, which is nice but I still guess there's a typo :)

@dey These are the leads I'm looking for, thanks!!

@dey Not really, but I found some new keywords that better describe what I'm interested in, e.g.:

https://en.wikipedia.org/wiki/Poka-yoke

@dey Hmm, I'm looking into this, although he seems to be more focused on the implementation of the control pane (if that's a thing?). I'm looking for thing like error handling strategies when e.g. there is a malfunction or your sensors just give you bad data. Also, things like quality control, recycling rejected items.

#ICS #OT crowd: I'm looking for "Production Line Design for Dummies"-type resources. I'm primarily interested in high-level best practices, rules of thumb for making industrial processes work reliably, ELI5 level is sufficient. Let's say I want to build a lemonade factory for my teddy bear!

Any recommendations?

@stf You mean the solution for the Strait of Hormuz is banning you from CrowdSupply? :)

I discovered a race-based vulnerability class in the Linux kernel: "Out-of-Cancel"

A structural flaw where cancel_work_sync() is used as a barrier for object lifetime management, causing UAF across multiple networking subsystems.

I wrote an exploit for CVE-2026-23239 (espintcp). It interleaves Delayed ACK timers, NET_RX softirqs, timerfd hardirqs, workqueue scheduling, and CFS scheduler manipulation to hit a ~Xµs race window.

Blog: https://v4bel.github.io/linux/2026/03/23/ooc.html

This is the race scenario diagram 😁:

@cynicalsecurity for every ethical business model, there is a more profitable unethical business model...

Russian intelligence managed to install a wire-taping device as part of a thermostat at a Ukrainian drone factory

https://en.interfax.com.ua/news/general/1153997.html

NEW: Here's everything you need to know about the new iPhone hacking tool DarkSword.

What is DarkSword? How does it work? Where did it come from? How did it leak online? What can you do about it?

We break it all down in this explainer.

http://techcrunch.com/2026/03/26/a-major-hacking-tool-has-leaked-online-putting-millions-of-iphones-at-risk-heres-what-you-need-to-know/

#pope #meta #spotOn

@cynicalsecurity TBH I first learned about SSH certs from Facebook of all things:

https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/

@jpmens

Hungarian opposition leader Peter Magyar has accused the ruling government of using the Candiru spyware against his TISZA party

https://x.com/magyarpeterMP/status/2037113263238840702

@cynicalsecurity @jpmens My former company still uses SSH certs. From top of my head:

- auditable root access without su/sudo
- expiration (no left over access)
- user restrictions bound to certs (instead of server config)

+ human user priv keys were HW bound

https://github.com/silentsignal/zsca

Vibe Security Radar: Real CVEs where AI-generated code introduced the vulnerability.

https://vibe-radar-ten.vercel.app/

EDIT: forget that, it's slop:

> If the primary model fails, a Claude Agent SDK fallback with independent repository access retries the investigation.

sigh

We analyzed the Coruna exploit kit and found intriguing code overlaps with Operation Triangulation https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/

📱 1-click RCE in the YTDLnis Android app!

On Android, turning file writes into RCE is usually quite hard, but here the app had a nice gadget for us. Check out the details in our latest blog post:

https://www.sonarsource.com/blog/ytdlnis-argument-injection-rce?utm_medium=social&utm_source=mastodon&utm_campaign=research&utm_content=social-ytdlnis-rce-260324-&utm_term=---&s_category=Organic&s_source=Social%20Media&s_origin=social

#appsec #security #vulnerability