The new CEO of the Wikimedia Foundation worked at J.P. Morgan and Lehman Brothers. The Foundation has now fired a longtime lead developer and disbanded the team whose job was to listen to volunteers. Most of the people they fired were union organizers. Wikipedia’s editors are now threatening to strike. To stand in solidarity with them, sign the petition:

https://en.wikipedia.org/wiki/Wikipedia:Wiki_Workers_United_solidarity

For more, read on!

(1/2)

Hungary Reverses Decision to Exit International Criminal Court

Hungary withdrew its decision to exit the International Criminal Court, reversing a process initiated by the country’s previous leader, Viktor Orban.

https://www.bloomberg.com/news/articles/2026-05-27/hungary-reverses-decision-to-exit-international-criminal-court

[RSS] Analyzing the Taiwan High-Speed Rail (THSR) TETRA incident (part 1)

https://www.midnightblue.nl/blog/analyzing-the-taiwan-high-speed-rail-thsr-tetra-cyber-incident-part-1

[RSS] Docker Internal[s] (1)

https://u1f383.github.io/linux/2026/05/27/Docker-Internal-1.html

"For this year's (2026) Pwn2Own Berlin, I tried to find vulnerabilities in Docekr but came up with nothing. This post simply documents my research on Docker's system implmentation, since it is quite interesting."

Java code can become overly complex due to unnecessary abstractions.

With Rust on the other hand you can simply open up a portal to the Dimension of Pain while trying to implement an interface.

RE: https://techhub.social/@Techmeme/116641025657009645

Finally... they've been yapping about this for ages now

The year is 2026:
- My Windows VM can't handle more than 2 serial ports
- My hexeditor won't run without a GPU

PRESS RELEASE
Today, our engineering team announced a streamlined editorial workflow powered by the Unix tool sed, enabling instant, consistent replacement of the symbol & with the word “and” across all communications. This improvement strengthens clarity, supports accessibility, and ensures brand‑wide linguistic consistency. By integrating sed into our publishing pipeline, we reaffirm our commitment to precision, efficiency, and high‑quality content delivery.

While everyone was on Holiday we scanned a few thousand hosts for #BadHost (CVE-2026-48710): zero auth required and we found clinical trial databases, email mailboxes, MCP server for SSH industrial IoT via bastion servers, and live PII APIs wide open. The FastAPI/MCP ecosystem is sitting exposed - patch to Starlette 1.0.1 now and check your exposure at https://badhost.org

We paired time travel debugging with an #AI agent on a noisy 7B-instruction ARM64 Android trace.

In ~10 minutes, it traced the MTProto v2 decryption chain down to AES-IGE and correctly described the execution flow.

Full write-up 👇
https://www.eshard.com/blog/telegram-ttd-trace-analysis

You should be reading No One:

https://nooneshappy.com/article/the-ai-bubble/

/via @fugueish

Holy crap, clang in C++ mode is *evil*!

https://godbolt.org/z/hM7W1WPsE

gcc at least puts a `ud2` in there...

RE: https://mastodon.social/@MikeElgan/116628156172886406

Canon behavior from meta, tbh

current status

The epoll uaf

https://guysrd.github.io/epoll-uaf

"That one call fixed a uaf that had been reachable from any unprivileged process for a few years on any Linux / Android running a 6.6 and above kernel with the affected optimization."

Micropatches released for Windows Shell Link Processing Spoofing Vulnerability (CVE-2026-25185)
https://blog.0patch.com/2026/05/micropatches-released-for-windows-shell.html

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

-Mythos found thousands of critical bugs
-Hackers breach Russia's SDA disinfo group
-GitHub rolls out new npm security feature
-Bulletproof hosting providers raided in the Netherlands
-Hackers breach two Vietnam agencies
-Anonymous Monero platform hacked for $2.7m
-StablR hacked for $2.8m
-Hacker returns Verus stolen funds
-China tracks visiting foreigners
-Data centers devour 2% of all electricity
-AI is killing package repos

Newsletter: https://news.risky.biz/risky-bulletin-mythos-found-thousands-of-critical-bugs/
Podcast: https://risky.biz/RBNEWS568/

hack.lu is celebrating its 20th edition!

There is still time to be part of this special anniversary edition: submit your talk, presentation, workshop, or even a short talk for the Call For Failures.

Twenty editions of sharing, learning and community deserve something memorable. Don’t miss the chance to contribute, this year will be special!

Call-for-Papers Submission Site https://pretalx.com/hack-lu-2026/

CfP Details https://2026.hack.lu/blog/hack.lu-2026-call-for-papers/

#hacklu #conference #luxembourg #cybersecurity #hackerconf #cfp #callforpapers #europe

@hack_lu @circl

It's #TowelDay. Have a good one and don't forget your #towel