I've put up the slides from my Zer0Con 2026 presentation on Administrator Protection. https://github.com/tyranid/infosec-presentations/blob/master/Zer0Con/2026/Protecting%20your%20Administrator.pdf

Firefox added split tab views and absolutely killed it. I didn't even know I needed this feature and now I cannot live without it. Awesome work. Right click on a tab and select "Add Split View" to try it out. #mozilla #firefox

If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.

(I'd like to make a little list for my coming talk on this.)

Is your shitposting quantum ready?

Umm, would somebody from Brazil report this to all possible authorities?

RE: https://fedi.computernewb.com/@vncresolver/116358355545832990

Trivy supply chain attack enabled European Commission cloud breach https://www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/

The results and all releases are in. You crazy people. ❤️
https://www.pouet.net/party_results.php?which=1550&when=2026&font=4
https://files.scene.org/view/parties/2026/revision26/info/results.txt

xz security advisory (CVE-2026-34743):

https://tukaani.org/xz/index-append-overflow.html

Who has the guts to update? :)

IT'S HAPPENING

GITHUB, THE FIRST ENTERPRISE CLOUD SOLUTION TO REACH ZERO NINES RELIABILITY

https://mrshu.github.io/github-statuses/

#github

did you know? the google forms share icon has a stray pixel in its corner

why? because the icon spritesheet has a massive black triangle overlapping the icons

what is that triangle? it's a giant out-of-bounds hat!

New Project Zero issue:

Windows: OSK Shared Session Key EoP

https://project-zero.issues.chromium.org/issues/466303419

CVE-2026-24291

New Project Zero issue:

Windows: ATBroker CopySettingsToLockedDesktop Information Disclosure

https://project-zero.issues.chromium.org/issues/466301558

CVE-2026-25186

New Project Zero issue:

Windows: WinLogon WlAccessabilitypDeleteSATKey Registry Deletion EoP

https://project-zero.issues.chromium.org/issues/466300525

CVE-2026-25187

Lessons learned from the Artemis 2 mission:

1. some genius thought sending Outlook to space was a good idea,
2. some other genius thought that Bluetooth in space was a good idea,
3. plumbers are in demand, even in space.

​

[RSS] Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

https://www.ibm.com/support/pages/node/7268448?myns=swgother&mynp=OCSSTS2D&mynp=OCSWG60&mynp=OCSSKWKM&mynp=OCSSB23CE&mynp=OCSS9QQS&mynp=OCSSC5L9&mync=A&cm_sp=swgother-_-OCSSTS2D-OCSWG60-OCSSKWKM-OCSSB23CE-OCSS9QQS-OCSSC5L9-_-A

That hard-coded key shouldn%27t be hard to find...

[RSS] New RCE in Control Web Panel (CVE-2025-70951)

https://fenrisk.com/rce-centos-webpanel-2

[RSS] Reverse engineering PerimeterX's new VM

https://github.com/B9ph0met/px-vm

[RSS] Segway-Ninebot Mobility App BLE protocol reversing

https://nootnooot.codeberg.page/segway-ninebot-ble

OVE-20260330-0003: Linux: KVM shadow EPT stale rmap use-after-free https://www.openwall.com/lists/oss-security/2026/03/30/5
Found through fuzzing, exploitable from any x86 guest with nested virtualization enabled or using shadow paging. Guest-to-host DoS and kernel heap corruption, potentially aiding VM escape.