There's going to be more speak about AIs finding genuine security problems soon.

Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)

Memory Integrity Enforcement is the culmination of a truly incredible amount of work :)

While there's so much to love, one of my favorite pieces was getting to bring kalloc_type-style isolation to out-of-bounds accesses on both the architectural and speculative path. This lets us both mitigate a variety of Spectre v1 style attacks and break the reliable exploitation of some of the most powerful first-order memory corruption primitives (arb offset OOB R/W).

https://security.apple.com/blog/memory-integrity-enforcement/

Every minute that your security team is spending on things that aren't a risk is a minute that they *aren't* spending on things that *are* a risk.

📢 Aaand here is Anton's talk about QEMU+RISC-V at KVM Forum 2025!

Automatic Frontend Generation for RISC-V Extensions

Video: https://www.youtube.com/watch?v=GPSKsZmu_S8&t=1297s (21:37)
Code: https://github.com/revng/udb-to-qemu/ 🦾

New blog post of me analyzing a crash dump with the bugcheck 0x9F. Root cause was a power IRP timeout in RAS SSTP during a device removal. The post walks PnP locks, the stuck IRP, and more, including my thought process. Check it out here: https://medium.com/@Debugger/power-irp-timeout-in-ras-sstp-causes-blue-screen-0x9f-during-sleep-e59cb76f291c

Windows 11 in esReverse. 💻 Full system emulation to boot, record, and rewind your analysis from kernel to userland.

Read the guide: https://eshard.com/posts/windows11-esreverse-emulation #windows #emulation #reverseengineering

@Blackhoodie_RE X @hexacon_fr happening again! This time it’s my turn to give back 🥹
Use the registration link below to sign up to 4 days of free training given by Sonia, @naehrdine and myself !

https://forms.gle/CwxFJFTGd6VdffJY7

That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.

Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.

The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.

All 54 lost clickwheel iPod games have now been preserved for posterity
Finding working copies of the last few titles was an "especially cursed" journey.
https://arstechnica.com/gaming/2025/09/all-54-lost-clickwheel-ipod-games-have-now-been-preserved-for-posterity/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Modern programming languages should have logos like this

2nd of to nights fixes. A 139 year old electrotherapy machine.

Three problems, a brush wasn't contacting the rotor (bent back into shape). The handles were suffering from corrosion (cleaned), and the horseshoe magnet had lost most of its power(see 2nd image).

Works well now... no wonder they were nervous :)

A VM tuning case study: Balancing power and performance on AMD processors

https://developers.redhat.com/articles/2025/08/26/vm-tuning-case-study-balancing-power-and-performance-amd-processors

📣 IDA 9.2 is here!

➥ Smarter Go decompilation
➥ New Dynamic Xref Graph & Xref Tree
➥ Debugger & UI upgrades
➥ Expanded processor support (ARM, RISC-V)
➥ And more...

Explore the full release here: https://hex-rays.com/blog/ida-9.2-release

Imagine that the first-ever commercial transistor computer fell into your laps (figuratively!). What would you do with it? Is it even practical to use?

Now you can answer these and many other questions, because I made a thing~

"My first transistorised computer: A Crash Course" is a short user manual for the simulator and the autocode/assembler of a computer highly inspired and mostly compatible with Metrovick 950, the first-ever commercially available transistor computer from 1956.

https://git.sr.ht/~nkali/mv950toy/tree/main/item/docs/crash_course.md

Getting silly with C, part ~(~1<<1) https://lcamtuf.coredump.cx/blog/c3/?n