Read about CVE-2025-13154, a privilege escalation vulnarbility in a Lenovo Vantage addin called SmartPerformance

https://cyllective.com/blog/posts/lenovo-vantage

Part of the reason of every service turning shit is that some technical writers assume that shit can only ever run on k8s...

https://worstofbreed.net/patterns/k8s-overkill/

#documentation

@pooh When asked "who's there" I say "nobody", therefore I am.

I laughed

"The best conversation I had was over forty million years ago," continued Marvin. ..."And that was with a coffee machine."

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

https://github.com/curl/curl/pull/20312

There, now you know.

RE: https://mastodon.social/@fj/114024334222739130

Think of the folks at Palantir who built this.
https://www.404media.co/elite-the-palantir-app-ice-uses-to-find-neighborhoods-to-raid/

God bless people who do stuff like getting in touch with the US patent office and putting the source code for the 1998 furby on archive.org

https://archive.org/details/furby-source/mode/2up

@nicolaottomano that is true but how does it explain this email?

I just got the weirdest e-mail:

It's a lab result for someone else. It has a PDF attachment, but I can see nothing malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist (in the US).

I'd say this must be a typo, but my e-mail address has only the first character (and probably the domain) matching with the persons name. I highly doubt his internet handle is a short keyboard distance from my Hungarian handle.

I have two theories:

a. This is a highly sophisticated scam (but I don't see the scam part yet)
b. Copilot hallucinated my e-mail address (which is actually pretty easy to scrape from the web)

@algernon @hongminhee "They need new content to "improve" the models." -> The easiest way to think about this is to consider some fast evolving library API. If you don't scrape+train constantly, you won't be able to generate code for the latest&greatest, so by this logic (incredibly costly) training *can never stop*.

IMO, the biggest takeaway from this research is the huge promise shown by memory mitigations, both hardware and software, in protecting users against 0-days.

Jerry did a nice write up on how to take on NTLM in your environment.

We've got some Very Fun updates coming out in the next little while on this front too.

https://techcommunity.microsoft.com/blog/CoreInfrastructureandSecurityBlog/active-directory-hardening-series---part-8-%E2%80%93-disabling-ntlm/4485782

Wikipedia turns 25 today! 🎂📚

To celebrate, we’re looking back at its baby pictures—some of the earliest captures of the site, preserved in the #WaybackMachine.

Take a nostalgic peek at early Wikipedia ⤵️

https://web.archive.org/web/20030301000000*/en.wikipedia.org

#WikipediaDay #Wikipedia25 @wikipedia

As I will be travelling starting tomorrow, I declare the #nakeddiefriday today.

Instead of going deeper into one particular die, this will be several of them but one-pagers.

This one is HV9911 by Supertex (now owned by Microchip). Those following me have probably seen the epic struggle with restoring a diving light; this one came from the LED driver chip in the light. Entirely undamaged, as far as I can tell. Of particular interest is an array of fuses in the top right corner.

#electronics #reverseengineering #icre

let's pour one to -fbounds-safety 🔥🌸
https://tech.lgbt/@fay59/115900565326279983

A 0-click exploit chain for the Pixel 9 /by @natashenka

Part 1.:
https://projectzero.google/2026/01/pixel-0-click-part-1.html

Part 2.:
https://projectzero.google/2026/01/pixel-0-click-part-2.html

Part 3.:
https://projectzero.google/2026/01/pixel-0-click-part-3.html

"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."

https://www.openwall.com/lists/oss-security/2026/01/10/1

Messages like this give me some hope in humanity <3

New.

Mandiant: Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables #Google #infosec

Updated Cisco advisory. "Rudolph, the red-nosed reindeer ...." 🎵 🎶 🎧

"There are no workarounds identified that directly mitigate the risk concerning this attack campaign, but administrators can view and follow the guidance provided in the Recommendations section of this advisory."

Cisco: CVE-2025-20393, critical: Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 @TalosSecurity #infosec #Cisco #vulnerability

@cR0w