Spent my childhood optimizing CONFIG.SYS and AUTOEXEC.BAT to fit everything into 640 KB.
Now one browser tab needs 2 GB of RAM so 17 analytics companies can find out I looked at socks.
Meta faces $1.4 trillion in damages for hooking kids on purpose. The company's market cap is $1.5 trillion. They're arguing the number is unprecedented in consumer protection history, which is technically true. It's also the first time anyone built a $1 trillion business on deliberately addicting children.
https://gizmodo.com/metas-teen-safety-case-just-became-a-1-4-trillion-existential-threat-2000782306
If you're just now hearing about GhostLock and looking to fix it, make sure you don't introduce two unpriv-reachable DoSes associated with its fixes. The fix the Linux CNA lists for CVE-2026-43499 introduces a NULL deref, which caused CVE-2026-53166 to be issued. Unfortunately...
https://kb.cert.org/vuls/id/213560
The web server binary
/bin/httpdcontains an undocumented backdoor authentication mechanism in thelogin()function. Initially, the function follows a normal authentication path using MD5-based password verification. However, if authentication fails, the function invokesGetValue("sys.rzadmin.password")to retrieve an alternate password value from the device configuration. It then performs a directstrcmp()comparison in plaintext between the user-supplied password and the configuration-stored value. A successful match grantsrole=2admin-level access and creates a valid session.The associated username is not validated, so any provided username will succeed when paired with the backdoor password. This backdoor authentication mechanism is not documented or visible through any administrative interface.
CFP for #OffensiveCon26 Tokyo edition is STILL open.
We're looking for real, original work: cutting-edge security research, novel exploit techniques and deep technical investigations that actually move the field forward.
And yes, AI it's also in the game.
Shared by my Daughter
"I need privacy, not because my actions are questionable, but because your judgement and intentions are"
In response to "if you have nothing to hide you have nothing to fear"
IDA 9.4 Beta 1 has been published (with some features of my own on it):
we're hiring one iOS human on my team https://nowsecure.applytojob.com/apply/BXcVGTgFyb/Research-Engineer?source=Our%20Career%20Page%20Widget
Won 80k via kCTF, unpriv userns-reachable vuln: https://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43456-ae60@gregkh/ We fixed in March, upstream 6.6 still unfixed 4 months later.
Cortex is a long-term, multi-tenant scalable open source storage for Prometheus and OpenTelemetry.
Earlier this year we conducted a security audit sponsored by @ostifofficial
Check our report here:
https://blog.quarkslab.com/cortex-security-audit.html