This. 👇

Defender nuked legitimate DigiCert roots as malware because Microsoft shipped detections for a real DigiCert breach without distinguishing root certs from the compromised code-signing ones. Your trust store is one bad signature update away from triage hell.
https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

Google Chrome is silently installing a local LLM on your computer that is 4 gigabytes in size. It's done without consent, it's not visible in the settings, and removing it will reinstall it later.

https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/

The existence of a weird proxy economy for AI tokens is very effing cyberpunk, AI issues notwithstanding (or perhaps especially). (Also, China Talk is an *excellent* source for lots of current tech-related goings-on.)

https://www.chinatalk.media/p/how-to-buy-cheap-claude-tokens-in

To kick off his collaboration with @portswigger as a Burp Suite Ambassador, our Research Lead @apps3c just published the 10th article on the creation of extensions for #BurpSuite. Topic: #Burp #AI!

https://hnsecurity.it/blog/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-10/

30 readers took our C/C++ challenge. Some solved the Linux warmup, but nobody cracked the Windows driver bug. Even LLM-assisted submissions came up short.

The walkthrough explains both, including the Windows escalation from local DoS to kernel code execution.

Best 10 submissions are still getting swag. If you won, we'll be in contact.
https://blog.trailofbits.com/2026/05/05/c/c-checklist-challenges-solved/

Proton Pass: Second-Password Bypass Through Emergency Access https://www.zolder.io/blog/proton-pass-second-password-bypass-through-emergency-access/

AISLE boasts about their AI tooling and CVE-2026-42511:

"Our autonomous AI system found another critical vulnerability in the FreeBSD DHCP stack - an unauthenticated remote code execution vulnerability with root privileges.

This finding is significant not only because RCE as root is about as severe as it gets, but also because FreeBSD was explicitly included in Anthropic’s Mythos announcement, and Mythos did not identify this issue."

Hister has joined the #fediverse

Hister is a general purpose web search engine providing automatic full-text indexing for visited websites.

Follow to be up-to-date with development news, releases and related articles.

#search #selfhosted #freesoftware

#copyfail also affects #wsl. #linux #windows #infosec

I saw that there’s now a mobile version of Roller Coaster Tycoon (Roller Coaster Tycoon Touch) and I thought it might be fun (one of the Netflix bundled mobile games). A couple of hours of casual play in, it was clear that the game was carefully designed to make it progressively harder and harder to make progress without in-app purchases.

@EUCommission , if you want to actually make things safer online, how about making that kind of predatory practice illegal? Children are particularly vulnerable, but so are a lot of adults. No need for age verification, just an outright ban.

So sad to see a such a respected game series used for this kind of whale farming.