Here's yet another reason to not give money to Proton:

https://old.reddit.com/r/BuyFromEU/comments/1u052qp/proton_is_funding_the_french_far_right_on_youtube/

@drwhax Enjoy the silence!

Happy 31st Birthday to the #PHP programming language.

https://en.wikipedia.org/wiki/PHP

X.⁠Org Security Advisory: June 2, 2026 https://www.openwall.com/lists/oss-security/2026/06/02/1
8 issues in X server and Xwayland, all with ZDI-CAN identifiers, one also already has a CVE

@stragu @zbrown It also has a chance that it will be covered in concrete in the very near future, maybe ask the birds first if they are comfy with that.

Here’s an easter egg in the new Lego Batman that I think all of yourwill REALLY appreciate.

It’s so good, I had to make a video.

#LinkedIn is so full of AdTech that I need to use a dedicated browser to open any post there (otherwise I get stuck at the cookie consent window that I can't close...).

Please don't use LinkedIn as your primary publishing platform, esp. for technical content!

Been telling people about these kinds of hybrid threats and interactions between threat actors and victims for years, and these examples are not reflecting true nation-state efforts or capabilities.

Cyber threats aren't limiting themselves to computers so why are we?
https://bird.makeup/users/jamieantisocial/statuses/2062922881869271522

#Ghidra 12.1.2 is released

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.1.2_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

WinNotify/signeddrv.sys — Full Local Privilege Escalation via Arbitrary Kernel Read/Write https://medium.com/@haider303mustafa/winnotify-signeddrv-sys-full-local-privilege-escalation-via-arbitrary-kernel-read-write-09e0c1ababf3

Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser

Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`, causing a Denial of Service.

Summary:
The `gf_hevc_read_sps_bs_internal()` function in `media_tools/av_parsers.c` does not safely handle crafted HEVC SPS data while parsing video configuration from a malicious MP4 file. During import and split processing, malformed SPS data reaches the HEVC parser and causes an invalid memory read.

AddressSanitizer reports a `SEGV` caused by a `READ` memory access at `media_tools/av_parsers.c:9309`. The crash occurs while MP4Box processes the crafted file through the isomedia input and NAL replacement/configuration path.

CWE:
CWE classification was not specified in the local MITRE data. This issue is best described as a memory safety violation in HEVC SPS parsing, with an observed out-of-bounds/invalid read leading to SIGSEGV.

Affected Component:
```
media_tools/av_parsers.c:9309
Function: gf_hevc_read_sps_bs_internal()
```

Affected Product:
MP4Box (GPAC Multimedia Open Source Project)

Affected Version:
MP4Box versions 2.4 and earlier (GPAC build at commit: 8a0d5b43c242fe4befb88530e4c9afef37114161)

Attack Conditions:
An attacker supplies a crafted MP4 file containing malformed HEVC SPS NAL units. The issue can be reproduced locally with:

```
./MP4Box -add 3_poc.mp4 -new /dev/null -split-size 5000000
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious MP4 file, or an automated workflow invokes MP4Box on attacker-controlled media.

Impact:
The immediate observed impact is Denial of Service due to process termination. The local CVE request classifies the issue as a buffer overflow / memory safety violation. The observed ASAN trace shows an invalid read; no evidence of arbitrary code execution was observed.

Fix / mitigation status:
The issue was fixed in GPAC commit:

```
d091c7e92ef0b6497b808e243501f500135f69c4
```

Users should update to a GPAC build containing this commit or later. The parser should validate HEVC SPS bitstream boundaries and reject malformed SPS/NAL data before reading fields from the bitstream.

References:

- Issue: https://github.com/gpac/gpac/issues/3146
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/3/3_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/d091c7e92ef0b6497b808e243501f500135f69c4

Credit
@sigdevel

#fuzzing #infosec #security #afl #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media

Winners Announced in 2026's 'International Obfuscated C Code Competition' https://developers.slashdot.org/story/26/06/07/1730236/winners-announced-in-2026s-international-obfuscated-c-code-competition?utm_source=rss1.0mainlinkanon

@Landa in using living birds/plants as legal shield, while in reality bulldozers would just roll over said birds while the perpetrator would pay a fine.

Edit: related documentary: https://www.youtube.com/watch?v=DfelSbPUCpE

Oh! Damn. I missed this:

RIP Marcia Lucas, the woman who saved Star Wars in the edit.

For all you AI haters out there 🍿 https://garymarcus.substack.com/p/ais-black-friday

Imagine if they hired a human person who made regular mistakes and the boss just went "Hey... they will learn to do it well if you give it time. It's an investment in the future!"

#AI

@zbrown @stragu to convince life forms to live in a place they don't naturally inhabit with a high chance of getting extinguished later

@stragu sounds pretty cruel/inconsiderate to me...