@csepp No idea, I posted it in part as a bookmark for myself to read later...

(plus based on my recent experience, scripting IDA data types is always a courageous act)

https://github.com/kaansenol5/VibeOS

[RSS] Symless: an IDA assistant for structure reconstruction

https://blog.thalium.re/posts/symless-an-ida-assistant-for-structure-reconstruction/

[RSS] X41 Audited CRI-O Runtime

https://x41-dsec.de/security/research/job/news/2026/01/13/cri-o/

Observation: low-quality MCPs have more GitHub stars than their high-quality alternatives.

@thezero One important lesson I learned in life is to stay the fuck away from people who employ projection, esp. if they do it consciously:

https://www.psychologytoday.com/us/basics/projection

isomorphisms per monad

@joxean It's perfectly normal, our politicians used that same spyware on journalists etc.

[RSS] Hungary grants asylum to former Polish minister implicated in spyware probe

https://therecord.media/hungary-asylum-spyware-probe-poland

'i learn so much by using an LLM' sure thing, just as anyone who ever 'learned' programming from a book while not bothering to type out a single line of code.

🔔CFP for #OffensiveCon26 is STILL open.
If you want a slot on one of the most technical offensive security stages out there, this is it.

We’re looking for real, original work: cutting-edge security research, novel exploit techniques, and deep technical investigations that actually move the field forward. Ready or not, the deadline is coming.

🗓️ CFP Deadline: 1 March 2026, 6:00 pm UTC
📬 Submit your talk: https://buff.ly/bPTM6wl

⏳ Last weeks. No extensions.

@mikoto MS deliberately messing with us, just look at Visual Studio vs. MSVC product/version numbering

A useful chart on what type to use for flags in C/C++ depending on your D&D alignment:

Shot in the dark but is anyone else here a teacher? I am working on revising the literacy curriculum at my school and feel as though I’m doing it in complete isolation. I’d love to chat with another professional about it. #forkiverse #teachers #curriculum (im trying with this tagging stuff but I have legit never done it before)

@bagder

On the morning of the 13th day of the year we have received *checks notes* 13 #curl vulnerability reports on Hackerone this year.

None a confirmed vulnerability.

libpng memory corruptions:

* CVE-2026-22695 - Heap buffer over-read in `png_image_read_direct_scaled` (regression from CVE-2025-65018 fix)

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

* CVE-2026-22801 - Integer truncation causing heap buffer over-read in `png_image_write_*`

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

This is the Web of the 1990s and, to some degree, the early 2000s — that some of us experienced and remember.

The Web that some of us want to make a come back.

#WorldWideWeb

The Remarkable Computers Built Not to Fail by Asianometry

https://www.youtube.com/watch?v=SSSB7ZTSXH4

#tandem #hp

This is a super thought-provoking read: "your password doesn't matter": https://techcommunity.microsoft.com/blog/microsoft-entra-blog/your-paword-doesnt-matter/731984

It looks at all of the major failure cases of passwords, pointing out that only one password complexity choice (avoiding a password in the top 10) really influences those failure modes.

The rest can only be addressed with MFA.