🆕 New blog post!

"BitLocker's Little Secrets: The Undocumented FVE API"

A small Windows RE adventure to figure out how to get the status and configuration of a BitLocker protected drive programmatically and without admin privileges.

Now also implemented in PrivescCheck! 🔥

👉 https://itm4n.github.io/bitlocker-little-secrets-the-undocumented-fve-api/

New Project Zero issue:

vpu driver allocation and free of dmabuf and iova can race causing UAF read

https://project-zero.issues.chromium.org/issues/465824679

CVE-2026-0121

[RSS] Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices

https://www.evilsocket.net/2026/04/02/Mongoose-Preauth-Remote-Code-Execution-and-mTLS-Bypass/

[RSS] Review of AzireVPN and Malwarebytes Privacy VPN

https://x41-dsec.de/security/research/news/2026/04/02/malwarebytes/

Here's a fun post for pro- and anti-AI infosec people alike - guess who is going to have to "fix" AI? If you're thinking "not me" well, think again.

https://www.markloveless.net/blog/2026/4/2/the-uncomfortable-effects-of-ai

#security #ai #infosec

Spread the word! @phrack CFP with demoscene cracktro is live. Turn up the volume and enjoy the awesome stylings of PiotrBania with some hopefully inspiring text from phrack staff :)

phrack.org

🎥 New video about QEMU!

This time, Anton walks through the basics of QEMU system mode using a simple bare metal program! ⚙️

The focus is on understanding how QEMU’s high-level control flow works, from guest code to BIOS, and down to device implementation.

🫡 We’re back.

Today, we’re publishing vulnerabilities we discovered, disclosed, and chained to achieve pre-auth RCE against Progress ShareFile.

Enjoy the journey with us, while you sob into your hands 🫠

https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/

'people will finally understand that security bugs are bugs, and that the only sane way to stay safe is to periodically update, without focusing on "CVE-xxx"'

Anyone care to explain the logical flow of this sentence? o.O

https://lwn.net/Articles/1065620/

#Linux #LLM

Is it just me or this photo is also a great capture of a toddlers view on their first introduction to the potty? :D

https://www.space.com/space-exploration/artemis/theres-a-bit-of-toilet-trouble-on-nasas-artemis-2-mission-to-the-moon

RE: https://mastodon.social/@invadersil/116324993175863094

TWO THINGS:

1. it’s shocking how well written this terms of service document is. #Microslop uses plain language and proper emphatic formatting to identify what’s important.

2. this was updated on October 24, 2025. since then NOT ONE TECH JOURNALIST has read it; because, not one tech "journalist" has reported that #Copilot IS MEANT AS #ENTERTAINMENT.

Fourth Estate my ass.

Satya Nadella gifted Sam Altman a billion of Windoze money for a lap dance?

c’mon #tech #journalism. DO YOUR JOBS!

"static detection often fails" - the problem with the AV industry is that this is still a headline in 2026...

RE: https://infosec.exchange/@VirusBulletin/116334126813393639

Blog post about my #bsidessf talk on using SSH certificates for git signing: https://codon.org.uk/~mjg59/blog/p/ssh-certificates-and-git-signing/

This Claude code leak is giving me whatever the opposite of impostor syndrome is

I see on HN that John Bradley, the creator of xv, has died:

https://news.ycombinator.com/item?id=47534086

The real announcements, alas, come from sources that I am unwilling to link to.

Xv, an image viewer/editor, is one of those tools that hit a peak of usability that really hasn't been matched since. It supports a wide range of image-manipulation functions, and has an interface that gets the job done quickly. I've sort of moved away from it over the years, but I still keep it around.

RIP, John, you made something good.

tinfoil.sh provides confidential computing GPUs to run open LLM models.

I just received some really great support too, recommended!

[RSS] Securing the open source supply chain across GitHub

https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-across-github/

[RSS] CHECK Removed, Context Confused, Checkmate Achieved

https://starlabs.sg/blog/2026/04-check-removed-context-confused-checkmate-achieved/

CVE-2026-0899

[RSS] Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet's V8 on the Galaxy S25

https://osec.io/blog/2026-04-01-patch-gap-to-mobile-renderer-rce

New blog post: Comparing text documents in Collabora Online: improved UI https://vmiklos.hu/blog/cool-doc-compare2.html