[RSS] Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution/

"This issue was patched on April 2026 and likely assigned CVE-2026-34621, CVE-2026-34626 or CVE-2026-34622"

What happens when reverse engineers spend weeks digging into a Scala 3 codebase?

🔍 From code review to fuzzing, our assessment helped strengthen Scala's security and identify areas for improvement.

We're happy to share the results of our audit, conducted in collaboration with @ostifofficial

https://blog.quarkslab.com/scala-security-audit.html

Secret Panel HERE 😐 https://tinyview.com/mrlovenstein/2026/05/31/life-finds-a-way

Does anyone have a copy of:

AMD Am29040 Microprocessor User's Manual
1994
Order #18458

I need the full user manual, which is hundreds of pages. I already have the datasheet, which is 31 pages and is readily found online.

Thanks!

#AMD #Am29K #Am29000 #Am29040

Stealing Passwords via HTML Injection Under a Strict CSP https://afine.com/blogs/stealing-passwords-via-html-injection-under-a-strict-csp

[RSS] Analysing an exploit on VLC on Windows using TTD and AI agentic

https://www.eshard.com/blog/vlc-media-player-mkv-exploit-analysis

We have started announcing Recon 2026 Presentations https://recon.cx/2026/en/speakers.html
More talks to be announced soon once we have confirmations

@hexnomad
@joegrand
@invokereversing
@tmanning @pinkflawd

#REcon2026 #ReverseEngineering #InfoSec #cybersecurity

@dey It's not built-in, it's a 3rd party package called `clap`. For simple stuff Rust is pretty easy, esp. because you have a nice package ecosystem (incl. the pkg manager). But for non-trivial stuff, the learning curve is *steep*.

@dey You mean this? https://docs.rs/clap/latest/clap/_derive/_tutorial/index.html

Microsoft has achieved the impossible

@pancake Absolutely, that was part of the point actually :D

@pancake I mostly did this as an excercise in Rust, didn't know rax2 can do the same

Binary extension packages for #Ghidra 12+ are now automatically generated for my XCOFF Loader:

https://github.com/silentsignal/xcoff-ghidra/releases/tag/12

#AIX

I found a bug, so I created a test suite and published a new release for my signed/unsigned integer converter CLI utility, twos:

https://github.com/v-p-b/twos/releases/tag/v0.0.2

I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.

Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.

Their agents will.

"a regression was discovered in the #Ghidra Server, so the 12.1.1 download has been disabled. Be on the lookout for a 12.1.2 in the coming days"

https://old.reddit.com/r/ghidra/comments/1tr5qy4/ghidra_1211_has_been_released/oolygdy/

An AI audit of FreeBSD - 15 kernel bugs, including 3 RCEs, 5 LPEs, and 1 bhyve escape.

https://blog.calif.io/p/an-ai-audit-of-freebsd

CVE-2026-45250, CVE-2026-45253, CVE-2026-45251

'Virtual OS Museum' Lets You Try 570 Extinct Operating Systems https://tech.slashdot.org/story/26/05/30/2323231/virtual-os-museum-lets-you-try-570-extinct-operating-systems?utm_source=rss1.0mainlinkanon

ThinkPad firmware reverse-engineering toolchain: archived Lenovo BIOS → named SoC pads, EC analysis, CVE diffs, coreboot/OpenCore port scaffolding https://tetdrad0n.codeberg.page/thinkpad-fw-analysis/