Here's a fun post for pro- and anti-AI infosec people alike - guess who is going to have to "fix" AI? If you're thinking "not me" well, think again.

https://www.markloveless.net/blog/2026/4/2/the-uncomfortable-effects-of-ai

#security #ai #infosec

Spread the word! @phrack CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of PiotrBania with some hopefully inspiring text from phrack staff :)

phrack.org

🎥 New video about QEMU!

This time, Anton walks through the basics of QEMU system mode using a simple bare metal program! ⚙️

The focus is on understanding how QEMU’s high-level control flow works, from guest code to BIOS, and down to device implementation.

🫡 We’re back.

Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile.

Enjoy the journey with us, while you sob into your hands 🫠

https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/

'people will finally understand that security bugs are bugs, and that the only sane way to stay safe is to periodically update, without focusing on "CVE-xxx"'

Anyone care to explain the logical flow of this sentence? o.O

https://lwn.net/Articles/1065620/

#Linux #LLM

Is it just me or this photo is also a great capture of a toddlers view on their first introduction to the potty? :D

https://www.space.com/space-exploration/artemis/theres-a-bit-of-toilet-trouble-on-nasas-artemis-2-mission-to-the-moon

RE: https://mastodon.social/@invadersil/116324993175863094

TWO THINGS:

1. it’s shocking how well written this terms of service document is. #Microslop uses plain language and proper emphatic formatting to identify what’s important.

2. this was updated on October 24, 2025. since then NOT ONE TECH JOURNALIST has read it; because, not one tech "journalist" has reported that #Copilot IS MEANT AS #ENTERTAINMENT.

Fourth Estate my ass.

Satya Nadella gifted Sam Altman a billion of Windoze money for a lap dance?

c’mon #tech #journalism. DO YOUR JOBS!

"static detection often fails" - the problem with the AV industry is that this is still a headline in 2026...

RE: https://infosec.exchange/@VirusBulletin/116334126813393639

Blog post about my #bsidessf talk on using SSH certificates for git signing: https://codon.org.uk/~mjg59/blog/p/ssh-certificates-and-git-signing/

This Claude code leak is giving me whatever the opposite of impostor syndrome is

I see on HN that John Bradley, the creator of xv, has died:

https://news.ycombinator.com/item?id=47534086

The real announcements, alas, come from sources that I am unwilling to link to.

Xv, an image viewer/editor, is one of those tools that hit a peak of usability that really hasn't been matched since. It supports a wide range of image-manipulation functions, and has an interface that gets the job done quickly. I've sort of moved away from it over the years, but I still keep it around.

RIP, John, you made something good.

tinfoil.sh provides confidential computing GPUs to run open LLM models.

I just received some really great support too, recommended!

[RSS] Securing the open source supply chain across GitHub

https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-across-github/

[RSS] CHECK Removed, Context Confused, Checkmate Achieved

https://starlabs.sg/blog/2026/04-check-removed-context-confused-checkmate-achieved/

CVE-2026-0899

[RSS] Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet's V8 on the Galaxy S25

https://osec.io/blog/2026-04-01-patch-gap-to-mobile-renderer-rce

New blog post: Comparing text documents in Collabora Online: improved UI https://vmiklos.hu/blog/cool-doc-compare2.html

#3227 - Creation

I love this ❤️ kagi.com @kagihq home page today.
It took me straight back to 1996 when I first started using the internet. Netscape Navigator, Yahoo directory to find sites of interest.
I especially loved the slow loading images.

CVE ID: CVE-2026-5281
Vendor: Google
Product: Dawn
Date Added: 2026-04-01
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5281

so anthropic's coding thing leaked, and they are using DMCA to get it taken down.

but if it is all vibecoded and everything generated by LLM is not copyrightable...