Friendly reminder that Binary Ninja aarch64 disassembler is freaking awesome! I need to finish my soft fork of it but I love this one, and it's so fast :-]

https://github.com/Vector35/binaryninja-api/tree/dev/arch/arm64/disassembler

i do not value your privacy, which is why my website does not have any trackers on it what so ever. i have positively no idea if any human being besides myself has ever actually opened my website. your privacy is worth zero dollars to me. you couldn't even pay me to take it away.

RE: https://infosec.exchange/@BleepingComputer/116024815101538859

Such a great example of how one vulnerability can lead to discovering a ton more based almost purely on visibility. I found this 2 days after the first SmarterMail vuln. Three other researchers had identified the bug and reported it, and we only discovered the research collision when they asked us to reserve a CVE.

Under analyzed software vulnerability clustering is really interesting.

@DGutie @xabd Thanks, that's exactly why I don't really see the use-case for this. Even considering the 1-click deployment options - if you know those services, you can write 20 lines of HTML (that will not even look like everyone else's linktree).

[RSS] Pickling the Mailbox: A Deep Dive into CVE-2025-20393

https://starlabs.sg/blog/2026/01-pickling-the-mailbox-a-deep-dive-into-cve-2025-20393/

Update: Lacking any evidence that Signal considers sender consistency a security sensitive property - and given the limited impact I decided to just report this as a UI bug.

tl;dr you can trivially make signal polls that only members using Signal Desktop group can see/interact with/react to.

This allows you to basically hide messages from certain other members. Not great in principle, not very useful in practice. Might have it's uses when combined with other vectors.

https://github.com/signalapp/Signal-Android/issues/14583

I could go into history here, but suffice it to say: if someone tries to explain Class A, Class B, or Class C addresses to you, plug your ears and scream at them not to contaminate your brain with information obsoleted more than two decades ago.

[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/

Another alleged stalkerware software maker got compromised and someone leaked all their customers on a cybercrime forum.

AMD updates installed without signature checking (from an HTTP link, no less)? /via @drwhax

https://mrbruh.com/amd/

Recent report about a nation-state implant that would be useful to exploit this:

https://blog.talosintelligence.com/knife-cutting-the-edge/

@drwhax Many sw use HTTP updates so they can get through middleboxes. The bigger issue here is the lack of executable authenticode verification.

Oooooh SNAP!!! 💥

Prime Minister Pedro Sanchez of Spain:

“First, we will change the law in Spain to hold platform executives legally accountable for many infringements taking place on their sites. This means that CEOs of these tech platforms will face criminal liability […]
Second, we will turn algorithmic manipulation and amplification of illegal content into a new criminal offense. […]
spreading hate must come at a cost.”

Have a great weekend, Elon! 😘

https://www.youtube.com/live/NElqgJ1aXFA?si=M52qiZYBt55KRamm

Here is a sad (and somewhat pathetic, I guess) fact: The new Firefox "smart window" (which is an LLM-based browser), doesn't even use a local or open model, it's literally just Google's models run via their API

@lindsey yes.

@jpkeisala https://github.com/jgraph/drawio-desktop

Full-Blown Cross-Assembler…in a Bash Script

https://hackaday.com/2026/02/06/full-blown-cross-assembler-in-a-bash-script/

It doesn't matter whether C is good or not. It matters that if I write code in two languages that aren't C, and I want it to all be part of the same process, I need to care about C. C pervades all. You cannot escape it. C will outlive all of us. The language will die and the ABI will persist. The far future will involve students learning about C just to explain their present day. Our robot overlords will use null terminated strings. C will outlive fungi.

@TarkabarkaHolgy that's actually reasonable, it's expectations of modern family logistics that is bonkers

PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?

Like https://github.com/i3/i3/pull/6564 for example

Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!

This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.