As I said previously, the MSRC and all security folks I engaged with are mostly very nice in person, the security improvements in Microsoft software and services are what we could see in our labs and during our daily research, the ~17M yearly bounty payout are real, and many more. IMO MSRC has been an absolutely leader and has basically defined what the vendor Security Responses look like today (I recall a lot of *SRCs). There’s definitely zero reason for Microsoft to kill all the decades-long good efforts and community relationships in one single post (can’t imagine that😅).

There were and there will be sometimes very hard to deal with for some cases, no doubt. If things go bad, I will complain bad. But with more effective and direct communications, I think (at least I hope) we can improve continuously.

Overall, I’m personally very happy to see this clarification coming out and hopefully this drama can be resolved peacefully.

Tonights pillow-talk with kiddo was about high capacity hard drives (the classics you know):

"Well, a 10TB hard drive would be useful if your grandma wants to save all the holiday pictures, and she doesn't know how to delete... and you have 100 grandmas!"

CVE-2026-41089 — Microsoft Windows Netlogon BuildSamLogonResponse Stack-based Buffer Overflow RCE

https://aretiq.ai/research/vul260513-cve-2026-41089-microsoft-windows-netlogon-buildsamlogonresponse-stack-based-buffer-overflow-rce/

So CVE-2026-41089 (CVSS 9.8) in Windows Netlogon can be triggered by sending a username that is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA or longer.
How original.

Github Copilot’s new pricing model went live today and r/GithubCopilot is having a meltdown. It’s glorious

[RSS] Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution/

"This issue was patched on April 2026 and likely assigned CVE-2026-34621, CVE-2026-34626 or CVE-2026-34622"

What happens when reverse engineers spend weeks digging into a Scala 3 codebase?

🔍 From code review to fuzzing, our assessment helped strengthen Scala's security and identify areas for improvement.

We're happy to share the results of our audit, conducted in collaboration with @ostifofficial

https://blog.quarkslab.com/scala-security-audit.html

Secret Panel HERE 😐 https://tinyview.com/mrlovenstein/2026/05/31/life-finds-a-way

Does anyone have a copy of:

AMD Am29040 Microprocessor User's Manual
1994
Order #18458

I need the full user manual, which is hundreds of pages. I already have the datasheet, which is 31 pages and is readily found online.

Thanks!

#AMD #Am29K #Am29000 #Am29040

Stealing Passwords via HTML Injection Under a Strict CSP https://afine.com/blogs/stealing-passwords-via-html-injection-under-a-strict-csp

[RSS] Analysing an exploit on VLC on Windows using TTD and AI agentic

https://www.eshard.com/blog/vlc-media-player-mkv-exploit-analysis

We have started announcing Recon 2026 Presentations https://recon.cx/2026/en/speakers.html
More talks to be announced soon once we have confirmations

@hexnomad
@joegrand
@invokereversing
@tmanning @pinkflawd

#REcon2026 #ReverseEngineering #InfoSec #cybersecurity

@dey It's not built-in, it's a 3rd party package called `clap`. For simple stuff Rust is pretty easy, esp. because you have a nice package ecosystem (incl. the pkg manager). But for non-trivial stuff, the learning curve is *steep*.

@dey You mean this? https://docs.rs/clap/latest/clap/_derive/_tutorial/index.html

Microsoft has achieved the impossible

@pancake Absolutely, that was part of the point actually :D

@pancake I mostly did this as an excercise in Rust, didn't know rax2 can do the same

Binary extension packages for #Ghidra 12+ are now automatically generated for my XCOFF Loader:

https://github.com/silentsignal/xcoff-ghidra/releases/tag/12

#AIX

I found a bug, so I created a test suite and published a new release for my signed/unsigned integer converter CLI utility, twos:

https://github.com/v-p-b/twos/releases/tag/v0.0.2