Hungary Reverses Decision to Exit International Criminal Court

Hungary withdrew its decision to exit the International Criminal Court, reversing a process initiated by the country’s previous leader, Viktor Orban.

https://www.bloomberg.com/news/articles/2026-05-27/hungary-reverses-decision-to-exit-international-criminal-court

[RSS] Analyzing the Taiwan High-Speed Rail (THSR) TETRA incident (part 1)

https://www.midnightblue.nl/blog/analyzing-the-taiwan-high-speed-rail-thsr-tetra-cyber-incident-part-1

[RSS] Docker Internal[s] (1)

https://u1f383.github.io/linux/2026/05/27/Docker-Internal-1.html

"For this year's (2026) Pwn2Own Berlin, I tried to find vulnerabilities in Docekr but came up with nothing. This post simply documents my research on Docker's system implmentation, since it is quite interesting."

Java code can become overly complex due to unnecessary abstractions.

With Rust on the other hand you can simply open up a portal to the Dimension of Pain while trying to implement an interface.

The year is 2026:
- My Windows VM can't handle more than 2 serial ports
- My hexeditor won't run without a GPU

PRESS RELEASE
Today, our engineering team announced a streamlined editorial workflow powered by the Unix tool sed, enabling instant, consistent replacement of the symbol & with the word “and” across all communications. This improvement strengthens clarity, supports accessibility, and ensures brand‑wide linguistic consistency. By integrating sed into our publishing pipeline, we reaffirm our commitment to precision, efficiency, and high‑quality content delivery.

While everyone was on Holiday we scanned a few thousand hosts for #BadHost (CVE-2026-48710): zero auth required and we found clinical trial databases, email mailboxes, MCP server for SSH industrial IoT via bastion servers, and live PII APIs wide open. The FastAPI/MCP ecosystem is sitting exposed - patch to Starlette 1.0.1 now and check your exposure at https://badhost.org

We paired time travel debugging with an #AI agent on a noisy 7B-instruction ARM64 Android trace.

In ~10 minutes, it traced the MTProto v2 decryption chain down to AES-IGE and correctly described the execution flow.

Full write-up 👇
https://www.eshard.com/blog/telegram-ttd-trace-analysis

You should be reading No One:

https://nooneshappy.com/article/the-ai-bubble/

/via @fugueish

Holy crap, clang in C++ mode is *evil*!

https://godbolt.org/z/hM7W1WPsE

gcc at least puts a `ud2` in there...

RE: https://mastodon.social/@MikeElgan/116628156172886406

Canon behavior from meta, tbh

current status

The epoll uaf

https://guysrd.github.io/epoll-uaf

"That one call fixed a uaf that had been reachable from any unprivileged process for a few years on any Linux / Android running a 6.6 and above kernel with the affected optimization."

Micropatches released for Windows Shell Link Processing Spoofing Vulnerability (CVE-2026-25185)
https://blog.0patch.com/2026/05/micropatches-released-for-windows-shell.html

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

hack.lu is celebrating its 20th edition!

There is still time to be part of this special anniversary edition: submit your talk, presentation, workshop, or even a short talk for the Call For Failures.

Twenty editions of sharing, learning and community deserve something memorable. Don’t miss the chance to contribute, this year will be special!

Call-for-Papers Submission Site https://pretalx.com/hack-lu-2026/

CfP Details https://2026.hack.lu/blog/hack.lu-2026-call-for-papers/

#hacklu #conference #luxembourg #cybersecurity #hackerconf #cfp #callforpapers #europe

@hack_lu @circl

It's #TowelDay. Have a good one and don't forget your #towel

‚Torvalds added, in the case of AI-discovered bugs, you need to keep in mind that just "because you found it with AI, 100 other people also found it with AI."‘

There is nothing secret about a bug found by a model. If the software is a target, you can be sure that the bad guys are running continously prompts against it. Without token restrictions.

As a maintainer, this is all hard to manage. But this is happening everywhere. It‘s not your job to save the world from stupidity, vanity and greed.

I'm incredibly pleased to announce that the microcode for the Intel 80386 has been decoded.

It was a group effort by a bunch of talented people to extract and correct the physical bits, but the major work of decoding them was done by reenigne - you may know him from such incredible PC demos as 8088 MPH and Area 5150, as well as being the person who decoded the 8088 microcode previously.

Please, check out his writeup.

https://www.reenigne.org/blog/80386-microcode-disassembled/

#retrocomputing #vintagecomputing #microcode #reverseengineering

If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.

See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8