A thing I’ve been thinking about: when someone says “this is a good use case for generative/agentic AI”, that’s usually a sign that the process could be improved.

Like, people use LLMs to write overly fluffy covering letters for job applications. OK, just have an application form.

Or people use LLMs to understand errors when coding. Okay, that’s a sign to make the error handling more readable/helpful. E.g. the Rust compiler has pretty excellent errors compared to “syntax error on line 37”.

I hate Windows: "Why does the Windows Portable Executable (PE) format have separate tables for import names and import addresses?, part 2".

https://devblogs.microsoft.com/oldnewthing/20231130-00/?p=109084

Self QA：CVE-2025-24203, https://proteas.github.io/ios/2025/05/21/self-qa-cve-2025-24203.html

Oh my fucking god. Oh my fucking god firefox what. What. Firefox now does a thing where when a tab makes a sound the tab GETS WIDER to accommodate the audio icon. So I'll be trying to read and the tab bar will just be slithering back and forth randomly for no reason at all. Firefox I have. I have severe issues with distracting motion in the corner of my eyes and this is the most neuroaggressive things I have ever seen a software package do

🚨 *Attention!* We were made aware of a fake “KeePassXC Password Manager Pro” repository on GitHub that links to unverified external binary downloads.
- There is NO Pro version of KeePassXC!
- You get all the “Pro” features with the regular version.
Please download KeePassXC only from trusted distribution channels linked on https://keepassxc.org/ !

As Google integrates AI to deliver information directly in search results, the incentive to create or maintain websites — including news platforms — is fading. With instant answers, people won’t need to click through. The web will shrink to a few walled garden platforms.

So, Google just launched a major new AI demo that requires people to relax their browser security settings. Wow.

I don't want to "talk" to my browser. I don't want my browser to "summarize" things. I don't want my browser to "help" me with things. I don't want my browser to do anything except show me web pages and shut the fuck up and get out of the way.

The RE//verse YouTube channel is packed with talks from RE//verse 2025! Catch Takahiro’s deep dive into UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior here: https://youtu.be/pMZqvv_tKDs?feature=shared and be sure to subscribe so you don’t miss more like this!

VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717

Small change to HTML with massive impact on eliminating mXSS attacks

https://github.com/whatwg/html/commit/e21bd3b4a94bfdbc23d863128e0b207be9821a0f

...and now the video of my talk "Finding and Exploiting 20-year-old bugs in Web Browsers" is live too https://www.youtube.com/watch?v=U1kc7fcF5Ao

🚨 New advisory was just published! 🚨

Multiple vulnerabilities were discovered in Foscam X5. These vulnerabilities allow a remote attacker to trigger code execution vulnerabilities in the product: https://ssd-disclosure.com/ssd-advisory-multiple-foscam-x5-vulnerabilities/

We found a vulnerability in AMD CPUs that lets us load arbitrary microcode!
The recording of our OffensiveCon presentation is live at https://youtu.be/sUFDKTaCQEk
Slides at http://entrysign.top

Discovery: The "copilot" bot user that Microsoft will soon be flooding your github repos with garbage content from is implemented in some sort of special way that exempts it from the "block" feature you would normally be able to block other users/bots with

https://github.com/orgs/community/discussions/159749