There's a new Windows 0day LPE that has been disclosed called BlueHammer. The reporter suggests that it's being disclosed due to how MSRC operates these days.

MSRC used to be quite excellent to work with.
But to save money Microsoft fired the skilled people, leaving flowchart followers.
I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now. 😂

Anyway, yeah, it works. Maybe not 100% reliably, but well enough...

Thousands of CEOs said AI had no impact on productivity. We use AI to catch 200 bugs/week where we used to find 15, and generate $8M per sales rep.

95% of the company pushed back when we started. At unprompted, Dan Guido explains how our 140-person team went AI-native.
https://www.youtube.com/watch?v=kgwvAyF7qsA

Before its launch, we audited WhatsApp's Private Processing TEEs and found 8 high-severity issues (patched). The enclaves yielded to injected config files, unmeasured ACPI tables, spoofed firmware levels, and stale attestation reports.

TEE security is only as good as the implementation details. Four lessons and the full report: https://blog.trailofbits.com/2026/04/07/what-we-learned-about-tee-security-from-auditing-whatsapps-private-inference/

I've put up the slides from my Zer0Con 2026 presentation on Administrator Protection. https://github.com/tyranid/infosec-presentations/blob/master/Zer0Con/2026/Protecting%20your%20Administrator.pdf

Firefox added split tab views and absolutely killed it. I didn't even know I needed this feature and now I cannot live without it. Awesome work. Right click on a tab and select "Add Split View" to try it out. #mozilla #firefox

If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.

(I'd like to make a little list for my coming talk on this.)

Is your shitposting quantum ready?

Trivy supply chain attack enabled European Commission cloud breach https://www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/

The results and all releases are in. You crazy people. ❤️
https://www.pouet.net/party_results.php?which=1550&when=2026&font=4
https://files.scene.org/view/parties/2026/revision26/info/results.txt

IT'S HAPPENING

GITHUB, THE FIRST ENTERPRISE CLOUD SOLUTION TO REACH ZERO NINES RELIABILITY

https://mrshu.github.io/github-statuses/

#github

did you know? the google forms share icon has a stray pixel in its corner

why? because the icon spritesheet has a massive black triangle overlapping the icons

what is that triangle? it's a giant out-of-bounds hat!

Lessons learned from the Artemis 2 mission:

1. some genius thought sending Outlook to space was a good idea,
2. some other genius thought that Bluetooth in space was a good idea,
3. plumbers are in demand, even in space.

​