For years, Rust binaries made reversing a nightmare. Modern decompilers only support C, lacking meaningful types, constructs, and language-specific functions. Led by @34r7hm4n, we're releasing our S&P work Oxidizer, the first deep Rust decompiler, built on angr!

Interested? 🧵👇

CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox https://voidsec.com/cve-2026-40369-browser-sandbox-escape/

github is like: "I see you're trying to look at a commit diff, how about skipping the files where the majority of the changes happened?"

When Your VPN Opens Your Private Network to the Public https://www.hacktron.ai/blog/cve-2026-0265-panos-globalprotect-cas-auth-bypass

😎 We now push artificial variable declarations close to their use! 😎

Also, inline initialization.

Magnets Are Bad For Hardware Again

https://hackaday.com/2026/05/21/magnets-are-bad-for-hardware-again/

I'll be back at @recon teaching a training with @KeithRamphal, we'll be bringing our combined malware reverse engineering experience to the masses! Whatever runs, wherever it runs, cause the days of your boring ol' Windows C bot are over. https://recon.cx/2026/en/trainingAdvancedMalwareRE.html

General Devices for Lowering Morale and Creating Confusion

Impacket 0.13.1 is out, with a lot of improvements and some new relay options. https://www.coresecurity.com/blog/whats-new-impacket-0131

I love how the Unix commands have such intuitive naming. Like 'find' if you need to find a file, or 'grep' if you need to grep for a string

Part of why I'm baffled and outraged by #AI is because I'm a traditional storyteller. The stories I tell are fascinating to me because they have been told by countless generations. Shaped by every single person who passed them on. In spoken word, person to person, retelling them in the moment with deep attention to their audience's moods and needs. The stories kept changing but they changed through human connection.

Stories are not "content" or "text". They are connection.

#storytelling

How to Treat Sunburn on the Face

Micropatches released for Windows Accessibility Infrastructure Elevation of Privilege Vulnerability (CVE-2026-24291, CVE-2026-25186, CVE-2026-25187) https://blog.0patch.com/2026/05/micropatches-released-for-windows.html

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.

I know people here probably don't want to rehash the disclosure discussion for the 683,547,329th time, but fuck Microsoft and this passive aggressive bullshit trying to frame their own interests as "best practices" in a vuln mitigation publication. Your shit is getting torn apart. Act like you've been there before because we all know you have.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585

Wow some terrible reporting about Google's latest horrible ideas about how to distort information access in the name of "convenience" (or something):

https://techcrunch.com/2026/05/19/google-search-as-you-know-it-is-over/

A short thread
🧵>>