@gsuberland @esden E2EE for open groups is pointless, an adversary can just join your group and see everything. No cryptanalysis and no hacking required.

For small closed groups, use signal.

The niche we need to fill is large public group chats with a better UX than IRC.

On Discord Alternatives

Next month, Discord is going to start requiring age verification. The backlash from gamers everywhere has been predictable and justified. I guess their company name checks out. I've had a few people reach out to me because of my prior vulnerability disclosures and criticism of encrypted messaging apps. (Thanks, Toggart.) Unfortunately, asking a cryptography-focused security engineer for app recommendations is like asking a rocket scientist to…

http://soatok.blog/2026/02/11/on-discord-alternatives/

r2ghidra is ready for release. i'm waiting to cut r2-6.1 to trigger the ci. please help #radare2 to be tested as much as possible so we can make another stable release again!

Last year's shutdown of @glitchdotcom was a blow to my pedagogy. Glitch was ideal for creative coding classes and workshops. I looked around for alternatives. But there was nothing that was open, decentralized, and not at the mercy of VCs or Big Tech.

So I built my own. Here's Glitchlet.

Glitchlet runs on any shared hosting service (e.g., Reclaim Hosting). If you can run WordPress, you can run Glitchlet. Projects-in-progress are stored in the browser's local storage, but you can also one-click publish to make them public and remixable. Glitchlet is designed with educators in mind.

There's no single, primary Glitchlet that everyone uses. The idea is that every instructor installs their own Glitchlet and manages their own classes/workshops/projects. You can seed your instance with template files, or Glitchlet can easily import projects (including archived Glitch .tgz files).

Making something so easy to install and host has trade-offs, of course. No fancy pants Node or React projects, but Glitchlet works beautifully with HTML/JavaScript/CSS. No live collaboration, but you can still remix published projects.

Best of all—you're in control and not subject to the whims of some startup that suddenly decides to "sunset" a key pedagogical tool.

Glitchlet is alpha now, but its code will available to all very soon!

NEW: U.S. prosecutors say the hacking tools that Peter "Doogie" Williams stole from defense contractor L3Harris Trenchant could have been used against "millions of computers and devices" worldwide.

The prosecutors also confirmed that Williams "stood idly by while another employee of the company was essentially blamed" for his own actions, as we first reported last year.

Williams said he didn't know the tools could end up in the hands of Russia or other governments.

https://techcrunch.com/2026/02/11/doj-says-trenchant-boss-sold-exploits-to-russian-broker-capable-of-accessing-millions-of-computers-and-devices/

If you wanna read the source material yourself, we have uploaded the most relevant court documents in the case against Peter Williams here:

https://www.documentcloud.org/projects/224000-usa-v-peter-doogie-williams/

This is a phenomenal little blog post about Linux C++ binary analysis ❤️❤️❤️
https://oneraynyday.github.io/dev/2020/05/03/Analyzing-The-Simplest-C++-Program/

And shoutout as always to @hexacorn for this resource: https://www.hexacorn.com/blog/2018/06/25/url-schemes-in-win-10/

@gsuberland @invoxiplaygames.uk Calling this RCE is at least consistent with MS's own taxonomy (see previous Office vulns). CVSS UI:R is also a meaningful datapoint for those parsing their feed.

@G33KatWork MS be like

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

Simple solution

#webcomic #krita #miniFantasyTheater

Micropatches released for Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)
https://blog.0patch.com/2026/02/micropatches-released-for-windows.html

"I'm very glad," said Piglet happily, "that I thought of giving you Something to put in a Useful Pot."

[RSS] Shellcode as 'XML'

https://tmpest.dev/shellcode_as_xml.html

[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5

https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15

[RSS] Intego X9: When your macOS antivirus becomes your enemy

http://blog.quarkslab.com/intego_lpe_macos_1.html

"Switzerland’s military has terminated its contract with Palantir… following a security audit… concluded that U.S. intelligence agencies could potentially access sensitive Swiss defense data… significant reputational warning for the data analytics firm"

https://www.newscase.com/palantirs-swiss-exit-highlights-global-data-sovereignty-challenge/

#Palantir #Dataprivacy #Security

#Ghidra 12.0.3 released:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.3_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Looks like a fix to a cute little vulnerability too: it seems you could make users execute your commands via @execute annotations in Listings :)

Wheeee my presentation on parser differentials made it on the Top Ten Web Hacking Techniques of 2025

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025