@cygnus-xr1 Nice noises :) I'm afraid I couldn't even turn the thing on though...

I've been seeing this extension all over and wasn't sure exactly what folks were doing. Turns out, they weren't doing anything. Claude for Desktop is secretly installing this thing that activates when one of three other extensions are also present.

https://www.thatprivacyguy.com/blog/anthropic-spyware/

Command injection in a qmail fork (not the original!) - CVE-2026-41113:

"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."

https://blog.calif.io/p/we-asked-claude-to-audit-sagredos

#LLM

Finally, it is published 😁 Making Vulnerable Drivers Exploitable Without Hardware - my latest research on driver vulnerability hardware-gating, explaining the concept of hardware-dependent code and diving deep into creative deployment techniques - software-emulated phantom devices, driver restacking, and forced driver replacement — all explored through the lens of Bring Your Own Vulnerable Driver (BYOVD) attacks:
https://atos.net/wp-content/uploads/2026/04/atos-byovd-article.pdf

Happy Bicycle Day to all who celebrate! On this date in 1943, Albert Hofman took the LSD off the shelf that synthesized five years previously, ingested 0.25 milligrams and then rode his bicycle on the first LSD trip. #psychedelics

https://en.wikipedia.org/wiki/History_of_lysergic_acid_diethylamide#%22Bicycle_Day%22

@PurpleJillybeans There are pretty good Java decompilers out there (e.g. jd-gui), so you don't have to mess with the bytecode.

@joern @bagder this https://blog.yossarian.net/2026/04/11/Brocards-for-vulnerability-triage#no-vuln-outside-usage by @yossarian is great for this.

The folks at iTerm2 figured out a way to get arbitrary code execution as the result of cat <file>, which is... impressive?

I wrote up this cursed discovery with more details:

https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061

#infosec

i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.

The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.

And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D

#infosec

RE: https://chaos.social/@icing/116435790527643905

This is quickly becoming a new trend ... "look, if I totally destroy internals by abusing a private function, something bad can happen"

Thanks so much to everyone who showed up on the weekend in Berlin to say goodbye to FX.

“Burning bridges where we can” - this is the original Phenoelit slogan. Yet, while FX for sure burned some network bridges, he did quite the opposite for the hacking community. FX built bridges between people wherever he could. He created something way bigger than himself which we all are part of.

Each one who joined us in Berlin carries a piece of his legacy. You were there because he left something with you. We know there are many who couldn't make it in person, and they too carry his spirit with them.

FX is gone.
But the spirit lives on.

[RSS] Slowburn: Looking through AMD Platform Configuration Blobs infrastructure

https://swarm.ptsecurity.com/slowburn-looking-through-amd-platform-configuration-blobs-infrastructure/

@alex the AI datacenter scraping situation is getting really bad. I think there are some that appear to now be routing through residential proxy networks to evade IP bans. Not sure if that's what you're seeing.

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

https://www.picussecurity.com/resource/blog/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread

NetScaler is doing it again. Third time in three years we're patching memory leaks that hand attackers your session tokens on a plate. CISA's already got it on the emergency list. If you run one, stop reading this and patch now.

https://cybersec.picussecurity.com/s/cve-2026-3055-cve-2026-4368-inside-the-netscaler-citrixbleed-3-memory-overread-26799

A Tennessee man who hacked the US Supreme Court was sentenced to twelve months of probation.

Nicholas Moore hacked the US' highest court in 2023 and leaked documents on an Instagram account named @ihackthegovernment.

https://www.courtlistener.com/docket/72124298/united-states-v-moore/

ABSTRACT/RAGEKID2.GIF

I finally managed to write something about my recently deceased dear friend Felix 'Fx' Lindner.

https://phenoelit.de/fx.html#Halvar