The visual is what makes it

This

Want to be part of SEC-T 2026? We rely on our volunteers to make Stockholm's biggest security conference happen. Take a shift. Wear comfortable shoes. All experience levels welcome. Free entry for volunteers. #SECT #volunteer #infosec sec-t.org/volunteer

Pre-auth RCE as QSECOFR (IBM i root) via Management Central: the verify flag is client-controlled -> send verify=0, type=3, userId=QSECOFR and get a root shell without credentials. Affects V7R4 and earlier. blog.silentsignal.eu/2026/06… #IBMi #AS400 #infosec

Someone please hire @jonasLyk or throw him some contract work. He’s a very talented security researcher and C/C programmer. I’ve chatted with him about his research for years and would easily vouch for his ability to get things done on Windows, Android, etc.

your European colleague getting ready to send an automatic out-of-office vacation email reply set for the rest of summer

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

Ukraine knows how to do the right thing. Thank you, Sweden!

Tack Sverige! Tack @SwedishPM! Ära åt Ukraina! 🇺🇦🇸🇪 Дякую, Швеціє! Дякую, Ульфе! Слава Україні! 🇺🇦 🇸🇪 Thank you, Sweden! Thank you, Ulf! Glory to Ukraine!

More info about this vulnerability including POC generator securitylab.github.com/advis…

Enhanced Insecurity Mode: 23 RCEs in Edge's "Safe" WebAssembly Interpreter Microsoft's "safer" fallback when the WASM JIT is off? 23 paths to RCE in the interpreter itself. Slides now public — huge thanks to the OffensiveCon crew and everyone who came by. @offensive_con

Turns out that the fix for the CVE-2020-17103 , the Cloud Filter HsmOsBlockPlaceholderAccess driver bug reported by @tiraniddo was never ported to Windows 11 / Server 2025 and still not fixed. LPE from user to SYSTEM 🤦‍♂️

Immigration makes Britain brilliant.