Inherent flaws in node.js remain unpatched. Bobby Gould and Michael DePlante detail the problem and how the burden of security silently falls on app developers. https://www.zerodayinitiative.com/blog/2026/4/8/nodejs-trust-falls-dangerous-module-resolution-on-windows

RE: https://infosec.exchange/@NowSecure/116251163921885755

Last wednesday I sat down at the #paulsecurityweekly podcast to talk about static analysis with @radareorg and mobile security. The video/audio is now online! https://www.scworld.com/podcast-segment/14644-hacking-ip-kvms-reversing-with-radare2-sergi-alvarez-psw-918

Another #Hungary and #Russia investigation by #VQuare

• Budapest systematically weaponized the issue of Hungarian minority rights in Ukraine to stall EU accession negotiations.
• Péter Szijjártó offered Sergey Lavrov to send EU documents through the Hungarian Embassy in Moscow.
• Hungary and Slovakia, acting as Kremlin friends in the EU, pushed against restrictions of Russian energy supplies.
• Budapest also supported the Kremlin’s “achievements” of the Alaska Summit.
• Leaked audio reveals a strikingly deferential, submissive attitude from Szijjártó toward Lavrov.

https://vsquare.org/kremlin-hotline-how-hungary-coordinates-with-russia-blocking-ukraine-from-the-eu/

New from 404 Media: Microsoft has terminated an account associated with VeraCrypt, the popular and long-running piece of encryption software. This means can no longer receive updates on Windows, the developer told me. Little explanation given by Microsoft https://www.404media.co/microsoft-abruptly-terminates-veracrypt-account-halting-windows-updates/

taking pride in my vintage pre-AI CVEs

\o/ VLC in space

@videolan

It's definitely impressive the LLMs capabilities finding bugs (I was very interested with AIxCC) but let's be honest, bugs were never scarce. There is just a new toy able to scale things faster (although funny how the price is always hidden). So were fuzzers when AFL coverage was introduced. Will it plateau or not that's the question. And will introduction of new bugs crash or not. Interesting times? Sure. End of times? Meh... Time will tell, as usual 🙂

Keep these monstrosities off our roads 🙅‍♂️

"US carmakers have accused Brussels of keeping their largest pick-up trucks, including the Ford F-150, the Chevy Silverado and the Ram 1500, off European roads”

https://www.ft.com/content/3eb796fd-bcdb-4a9f-89b7-f7d5e692a3cd

https://www.carsized.com/en/cars/compare/renault-twingo-1998-3-door-hatchback-vs-ford-f-350-2016-4-door-pickup-crew-cab/

📱 Summer intern wanted!

@exhel and I are looking for someone to help us reverse engineer Android apps this summer @ TU Graz.

→ 20 or 40hrs/week contract
→ Helpful background: Android, reversing, or messaging apps

Send a short motivation statement + CV to lena.heimberger@tugraz.at AND edona.fasllija@tugraz.at

Boosts appreciated! 🙏 #AndroidSecurity #ReverseEngineering #Internship

In the 70s they could open Facebook by pressing the Meta key and there were Like and Dislike buttons right on the keyboard.

Here’s why it’s important to always use r2 from git. In r2land, we follow the law of full disclosure and fix any reported vulnerability within a 24h deadline, as stated in SECURITY.md #radare2 https://blog.calif.io/p/mad-bugs-discovering-a-0-day-in-zero

It's so cool that anthropic is setting up a double-sided protection racket where it will profit from the massive token burn of attackers and defenders with a tool specifically designed to generate exploits and their only observable mitigation is a clientside system prompt that sternly warns the LLM to be good and not do malware
https://red.anthropic.com/2026/mythos-preview/

To my security peeps: Was the introduction of widespread fuzzing similar to AI-based bug hunting now, or is this really a different beast?

Nope, no one from Anthropic Glasswing has been in touch.

CVE-2026-34197: ActiveMQ RCE via Jolokia API https://horizon3.ai/intelligence/blogs/cve-2026-34197-activemq-rce-jolokia/

Systematically reviewing Python C extensions (575+ bugs found so far) and offering to analyze yours!

I’ve recently analyzed 44 C extensions for correctness and free-threading readiness. I'd love to run the analysis on your extension too.

If you want the deep dive into the methodology, the false positive rates, and what I've learned, I wrote a full post here: https://discuss.python.org/t/systematically-finding-bugs-in-python-c-extensions-575-confirmed-so-far/106875

But if you just want your C extension checked, reply below or DM me!
#Python #CPython