Bugs
Rule
Everything
Around
Me

Re: https://github.com/V4bel/ITScape

We started analyzing a classic case where GDB creates the illusion that code in writable memory is corrupted. We ended up discovering two interesting behaviors.

Did you know there's a way to hit a breakpoint without using hardware or software breakpoints? Or how GDB patches the binary to execute an instruction?

Learn more about how GDB works under the hood.

Why is my shellcode being corrupted?
https://allelesecurity.com/why-is-my-shellcode-being-corrupted/

[RSS] GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan

https://deadeclipse666.blogspot.com/2026/06/greatxml-bitlocker-that-seems-to-only.html

[RSS] IDA 9.4 Beta | Hex-Rays Docs

https://docs.hex-rays.com/release-notes/9_4beta

"Feed the fire, let the last cinders burn."

My IB-01: CEL 240 illustration is now available as a print <3

https://www.inprnt.com/gallery/lurnoise/ib-01-cel-240/

I know namespaces are nice, but we only should have conflicting local names for the most trivial stuff.

bedroom::Plumbus and bathroom::Plumbus are probably fine.

But when I have bedroom::PlumbusInserter and bathroom::PlumbusInserter it's *guaranteed* that my IDE will import the wrong name resulting in hours of debugging because nothing makes sense.

#programming

ITScape: Guest-to-Host Escape in KVM/arm64

https://github.com/V4bel/ITScape

Someone's AI agent has been performing a wide variety of manipulation to the project for a while to the Fedora project. https://lwn.net/SubscriberLink/1077035/c7e7c14fbd60fae9/

It's clearly linked to an account that precedes the, ahem, "agentic AI era", but it also seems the account wwas probably compromised, but everything is unclear, including motivations or the extent of damage.

Blogged about the time I doubled our users by doing proper engineering instead of React slop

https://www.mohkohn.co.uk/writing/html-first/

Now I have seen it all - https://bumsrake.de/

Thinking about the last tweet, not imposing exemplary punishment on the first person who published a `latest` tag on anything was probably a major mistake of humanity.

TIL about @kagihq 's Redirect feature that finally allows me to land on the latest available documentation page on docs.rs for crates where latest is broken.

(Interestingly, the samples provided for this feature are also based on docs.rs URLs 🤔)

I wish this were fake.

New, by me: ServiceNow appears to have notified some enterprise customers that there was outside access to their data, after a security bug left instances exposed to the web.

The company has hidden its notice behind a login wall, but was shared by network defenders on Reddit.

https://techcrunch.com/2026/06/10/servicenow-tells-customers-a-bug-left-some-of-their-data-exposed-to-the-internet/

The Anthropic Fable-5 safety classifiers seem to be written by the OpenAI marketing department.

Pretty much anything I talk to LLMs about gets downgraded.
Nerfed into useless. Worst model release ever?

Golden rule of vulnerability disclosure is:

Dont fuck with people who are time rich and cash poor.

New directory traversal CVE!
CVE-2026-52752
nationalsecurityagency - ghidra
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.

RE: https://mastodon.social/@fj/116696838766743727

Anthropic Fable won't answer some prompts about cybersecurity or cryptography (falling back to Opus instead) but they will send engineers to the NSA to help them with offensive operations.