🚨 New advisory was just published!

A critical vulnerability in UNISOC modem firmware allows one User Equipment (UE) to remotely attack another over the cellular network. By sending specially crafted malformed SDP within SIP signaling messages, an attacker can trigger memory corruption in the target modem, potentially leading to remote execution of arbitrary native code on the victim device: https://ssd-disclosure.com/unisoc-t612-rce/

@Sandfish6811 I can't dive deeper into this rn, but the linked GHSA confirms the essence of the vulnerability and the way it was introduced.

I checked and you are right that the hash is not sent back during auth, I'll probably leave a comment about this on /r/ so they can clarify.

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/

[RSS] Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy

https://xclow3n.github.io/post/6

[RSS] How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

The exact moment software went downhill was when #mozilla changed away from this.

#retrocomputing

examples for the tcpdump and dig man pages https://jvns.ca/blog/2026/03/10/examples-for-the-tcpdump-and-dig-man-pages/

NEW: A former DOGE employee allegedly stole Americans' personal data from two large databases at the Social Security Administration, according to a new report.

The former employee allegedly put the databases on a thumb drive and wanted to use them at their new contractor job.

https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

thoughtful chin scratching

https://gist.github.com/mondain/b0ec1cf5f60ae726202e?permalink_comment_id=3958696

We are following this story very closely and send our best wishes for recovery to Jello, multi-year HOPE speaker & keynote. https://www.kqed.org/arts/13987466/punk-legend-jello-biafra-hospitalized-after-stroke

If I were to recommend one cryptography book for implementors in 2026, would it be:

(Edit, would love your comments as to why.)

In re: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

I see people in here being smug about an OPSEC failure, and other people pointing out that "we only respond to local law enforcement requests" is a much bigger set than you might think, but it's all focused on what the individual can do to protect their privacy and anonymity against nosy state actors.

Most of the solutions proposed are either very insecure (mailing cash) or sufficiently technically complex to be out of the skill set of the average computer user.

> Truly a perfect news alert

https://bsky.app/profile/paleofuture.bsky.social/post/3mgppdsqm2k2n

@hasherezade @REverseConf that. font.

I just got back home from @REverseConf . I had an amazing time, and I want to thank the organisers and all the people I met! The talks went great, and I was honoured to be part of the process of choosing and refining them. If you are thinking about where to submit next year, I highly recommend this event, in beautiful Orlando!

@aesthr sometimes I use makefiles as a way to create parallel shell scripts with proper tracking of exit codes.

New bugfix release: #KeePassXC 2.7.12. More information and full changelog at https://keepassxc.org/blog/2026-03-10-2.7.12-released/

The Shape of Paris, a balletic short film of skateboarder Andy Anderson zooming, grinding, spinning, and floating around Paris in the summertime. "This is the cleanest footage I've ever seen. The cinematography and color grading is insane." https://kottke.org/26/03/the-shape-of-paris

Let's play slop or not! Here's the input:

https://hackerone.com/reports/3595753

RE: https://chaos.social/@bitsoffreedom/116204497093736465

🥳 Court victory against Meta 🎉

Today, a Dutch judge ruled in favour of EDRi member @bitsoffreedom of Freedom in the appeal vs. Meta.

Facebook and Instagram users will be free to choose how information appears in their feed - and not be forced into algorithmic timelines - will remain intact.

But the fight isn’t over as Meta is still ignoring these rules in other European countries.

💪 We will keep pushing to make sure the law is respected everywhere.

More details ➡️ https://www.bitsoffreedom.nl/2026/03/10/court-again-rules-in-favor-of-bits-of-freedom-freedom-of-choice-for-instagram-and-facebook-users-remains-intact/