RE: https://infosec.exchange/@NowSecure/116251163921885755

Last wednesday I sat down at the #paulsecurityweekly podcast to talk about static analysis with @radareorg and mobile security. The video/audio is now online! https://www.scworld.com/podcast-segment/14644-hacking-ip-kvms-reversing-with-radare2-sergi-alvarez-psw-918

Another #Hungary and #Russia investigation by #VQuare

• Budapest systematically weaponized the issue of Hungarian minority rights in Ukraine to stall EU accession negotiations.
• Péter Szijjártó offered Sergey Lavrov to send EU documents through the Hungarian Embassy in Moscow.
• Hungary and Slovakia, acting as Kremlin friends in the EU, pushed against restrictions of Russian energy supplies.
• Budapest also supported the Kremlin’s “achievements” of the Alaska Summit.
• Leaked audio reveals a strikingly deferential, submissive attitude from Szijjártó toward Lavrov.

https://vsquare.org/kremlin-hotline-how-hungary-coordinates-with-russia-blocking-ukraine-from-the-eu/

New from 404 Media: Microsoft has terminated an account associated with VeraCrypt, the popular and long-running piece of encryption software. This means can no longer receive updates on Windows, the developer told me. Little explanation given by Microsoft https://www.404media.co/microsoft-abruptly-terminates-veracrypt-account-halting-windows-updates/

taking pride in my vintage pre-AI CVEs

[RSS] Standardizing Rewards in Google VRP: Introducing Information Tiers and Action Criticality

https://bughunters.google.com/blog/standardizing-rewards-in-google-vrp

\o/ VLC in space

@videolan

It's definitely impressive the LLMs capabilities finding bugs (I was very interested with AIxCC) but let's be honest, bugs were never scarce. There is just a new toy able to scale things faster (although funny how the price is always hidden). So were fuzzers when AFL coverage was introduced. Will it plateau or not that's the question. And will introduction of new bugs crash or not. Interesting times? Sure. End of times? Meh... Time will tell, as usual 🙂

@me no it just seems that since Linux package managers overwrite its binaries Firefox refuses to open new tabs until it is restarted which is quite frustrating when you are in the middle of something (esp. if you are also in private mode so your tabs/sessions can't be restored).

recommendation is to use Mozilla's distribution+update mechanism to keep the browser up-to-date.

Keep these monstrosities off our roads 🙅‍♂️

"US carmakers have accused Brussels of keeping their largest pick-up trucks, including the Ford F-150, the Chevy Silverado and the Ram 1500, off European roads”

https://www.ft.com/content/3eb796fd-bcdb-4a9f-89b7-f7d5e692a3cd

https://www.carsized.com/en/cars/compare/renault-twingo-1998-3-door-hatchback-vs-ford-f-350-2016-4-door-pickup-crew-cab/

@floyd @evilpie I tried to avoid elaborating on "scale" because it refers to many things in this case, e.g.:

- How easily you can adapt to a new target (vs. AFL)
- How much power is available for the task (GPU acceleration)
- Number of bug classes you can (trivially) aim for (vs. fuzzing for logic bugs)
- etc.

📱 Summer intern wanted!

@exhel and I are looking for someone to help us reverse engineer Android apps this summer @ TU Graz.

→ 20 or 40hrs/week contract
→ Helpful background: Android, reversing, or messaging apps

Send a short motivation statement + CV to lena.heimberger@tugraz.at AND edona.fasllija@tugraz.at

Boosts appreciated! 🙏 #AndroidSecurity #ReverseEngineering #Internship

you know that problem where it's actually in Google's best interests to sabotage their traditional search results to force everyone to use the AI results because then you never leave the site and direct prompt advertising becomes extremely valuable? yeah, it's like that for code, where it's actually in anthropic's best interests for all the code to be entirely unmaintainable and unsecurable except for with LLMs

In the 70s they could open Facebook by pressing the Meta key and there were Like and Dislike buttons right on the keyboard.

Here’s why it’s important to always use r2 from git. In r2land, we follow the law of full disclosure and fix any reported vulnerability within a 24h deadline, as stated in SECURITY.md #radare2 https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero

It's so cool that anthropic is setting up a double-sided protection racket where it will profit from the massive token burn of attackers and defenders with a tool specifically designed to generate exploits and their only observable mitigation is a clientside system prompt that sternly warns the LLM to be good and not do malware
https://red.anthropic.com/2026/mythos-preview/

Spooler Alert: Remote Unauth'd RCE-to-root Chain in CUPS

https://heyitsas.im/posts/cups/

More LLM bugs: CVE-2026-34980 and CVE-2026-34990

To my security peeps: Was the introduction of widespread fuzzing similar to AI-based bug hunting now, or is this really a different beast?

@evilpie IMHO it's very similar, definitely larger scale though

Nope, no one from Anthropic Glasswing has been in touch.

[RSS] Milking the last drop of Intego - Time for Windows to get its LPE

http://blog.quarkslab.com/milking-the-last-drop-of-intego-time-for-windows-to-get-its-lpe.html