I kinda feel bad for the tech bros in cyber security that spend 8-10 hours a day writing agents, prompts, solving hard problems, and handholding AI all day long all to say that AI did all the work completely on its own and fully unguided when they find a good bug.
Pwndbg 2026.02.18 is out!
We visualize branches in nearpc, sync ur decompiler (IDA/Binja/Ghidra) via decomp2dbg, annotate stack vars from dbgsyms/decomp, added new cmds for tracing kernel allocs/frees, dump task info: https://t.co/Gz2rdZlzxp
Sponsor us: https://t.co/YdAmbhJHyF
When Meta trains it models on 80+ TB of pirated books from LibGen and other platforms, it's called 'fair use', without them having to pay penalties and / or receive some form of legal punishment, as proceedings are ongoing.
When Aaron Swartz downloaded 70 GB of articles from JSTOR in 2010 he was facing a $1M fine and 35 years in prison, before taking his life in 2013.
@robertgraham If Google was interested in actually improving the situation against hackers, they'd send or fund patches.
In reality they want to collect CVE scout badges.
kind of funny that bugs that are communicated to vendors in a way they don't appreciate can result in no CVE being allocated for the vuln(s). while i guess it is bureaucratically legit (or is it?) it makes the CVE system an unreliable source of truth (more news at 11)
You too can crash today's 6.12.43 LTS kernel thanks to a stable maintainer's AI slop. All you need is CAP_SYS_RESOURCE, modern systemd, and this:
40 b7 40 c1 e7 18 83 ef 08 57 57 31 ff 40 b7 07 31 c0 b0 a0 48 89 e6 0f 05 5e ff ce 31 ff b0 21 0f 05
Look at all this extra space!
Microsoft now confirmed that because the vulnerability I reported is important, not critical, and because they’ve now fixed it they won’t issue a CVE. It’s like they actually want to discourage people from reporting.