Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

We are releasing Firefox 150.0.3 today, in order to fix an important security issue. Please take the time to update.

https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/

@jhr77 @christopherkunz
I suspect that Microsoft pushed out Defender updates that mitigate the exploit.

With current definitions, I've not seen RedSun succeed. No matter how long I wait.

With old definitions, success is pretty quick.

TinyJoyPad 作った #shapolab

LLMs are just the ultimate IP-violation-machines. I love using them for reverse engineering. I picked up so many projects I abandoned in the past because staring at obfuscated code or assembly got boring and tiresome and felt like an endless endeavor that will never be realistically reverse engineered completely anway.

Now I give Opus or whatever other model enough context, datasheets and tests and it starts reversing. Does it hallucinate and is not always correct? Yeah. But who cares? I am not always correct and misunderstand things when manually reversing stuff as well. We all do.

Gradually building more and more context to be able to reason a bit easier about things you didn't understand yet is exactly what an LLM can incrementally help you with. And gathering more and more information helps both me and the LLM to understand the stuff we are looking at a bit better.

It's so awesome.

@stf "might affect cryptology at some future time or (more likely) in some other world." I forgot about this one lol

#eurocrypt just happened, which reminds me of the eurocrypt 35 years ago held in budapest, which an #NSA cryptologist was attending and giving a scorching #report in the internal cryptolog newsletter of the nsa: https://scottaaronson.blog/?p=2059

would be interesting to see the latest cryptolog report on this latest edition...

In a new feature, @TheDustinChilds takes a look at #macOS patches and tries to identify which ones should worry you (since Apple won't). Check it out at https://www.zerodayinitiative.com/blog/2026/5/12/the-apple-macos-security-update-review

Oh look, it's Patch Tuesday. Again.

ARE YOU crew on a generation ship? Did your ancestors maroon you between the stars in a life of involuntary servitude, deprivation and a vatslime diet? You may be entitled to compensation. Gliese 1171c Legal Services inc has a centuries long record of successful class action litigation on behalf of crews and cryopassengers. Depose your autopilot this diurn and join our next action. NO WIN NO FEE. Plans for your warp drive follow this message.

#Tootfic #MicroFiction #PowerOnStoryToot

"This is an elegant use of Rust's trait system to separate construction from operation, with compile-time guarantees that the right capabilities are available when needed." - LLM

Except both me and my IDE are in the dark about what kind of object Foo::new(obj) *really* expects until I get the compile error?

(Foo::new() only prescribes EasyTrait, but Foo::bar() requires TrickyTrait)

#Rust

Redditors have caught Google secretly updating its Chrome terms of service to remove a line that guaranteed that local AI models won't send data to Google servers.

That's now gone, meaning your local AI sends data to Google, so it's not that local.

https://old.reddit.com/r/chrome/comments/1t5qayz/chrome_removes_claim_of_ondevice_al_not_sending/

[RSS] Reverse Engineering Fisher-Price Pixter

https://dmitry.gr/?r=05.Projects&proj=37.%20Pixter

Learn to use a debugger that runs *beneath* the OS using Intel VT-x. Hidden hooks, TLB splitting, EPT-based monitoring: reverse engineering's secret weapon. Debuggers 3301: HyperDbg https://ost2.fyi/Dbg3301 by @intel80x86

🆕 The URL Pattern API is Newly Available!

Use it to match and extract parts of URLs, no need to reinvent routing logic. Supports literals, wildcards, named groups, and even regex constraints.

Learn how it works 👇
https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API

I see that today @andrewnez has chosen violence.

https://nesbitt.io/2026/02/03/incident-report-cve-2024-yikes.html

RE: https://toot.teckids.org/@nik/116540880770634816

As someone who has been programming since being a young teenager, things like this make me enormously sad.

If I was banned from being part of tech communities until the age of 16 or even 18 I would've never been able to learn all I did. I would've never been able to truly get into FOSS.

I would've never had a chance to become who I now am.

Age verification is literally killing the ability for kids and teens to excitedly participate and learn cool stuff and learn how to have digital agency.

RE: https://chaos.social/@SylvieLorxu/116549440329775404

This.

I grew up on forums like XDA developers and started posting there when I was like 11. It taught me English, taught me what software freedom is, got me to write my first few lines of code, share software with friends and like-minded people online, and made me who I am today.

We must fight to keep the communities that made us who we are. There is still a way forward.

#Mythos finds a #curl vulnerability

yes, as in singular one.

https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/