Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) - watchTowr Labs https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

Full House

[RSS] Clang Hardening Cheat Sheet - Ten Years Later

http://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html

@ra6bit @SwiftOnSecurity original or remake?

“The Conscience of a Hacker” by The Mentor is 40 years old today.

"IDA 9.3 is on the horizon [...] type system enhancements"

God have mercy on my soul!

(context: https://scrapco.de/blog/reshare-ramblings-bad-vibes-with-ida.html )

@cynicalsecurity @whitequark DPD's spiritual guide is clearly Ace Ventura

We're now accepting applications for our 2026 summer internship program!

Trail of Bits is hiring interns across our software assurance, security engineering, and research & development teams. Over the summer, you'll work on real projects that might include conducting security assessments for critical systems, developing open-source tools, and contributing research that advances the field.

Applications are open now through February! Learn more and apply here!
https://apply.workable.com/trailofbits/j/0C784B6D41/

cloudNative https://redd.it/1q5mjgj

Cloudflare says that BGP routing anomalies right before the US intervention and arrest of Nicolas Maduro appear to have been just "an accident"

https://blog.cloudflare.com/bgp-route-leak-venezuela/

@campuscodi

No, there's no major security vulnerability in zlib.

There's a stack buffer overflow in the contrib/untgz tool. However, these tools are unsupported as described by the README.contrib file: https://github.com/madler/zlib/blob/develop/contrib/README.contrib

"
All files under this contrib directory are UNSUPPORTED. They were
provided by users of zlib and were not tested by the authors of zlib.
Use at your own risk. Please contact the authors of the contributions
for help about these, not the zlib authors. Thanks.
"

#infosec #cybersecurity

[RSS] Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858)

https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858

[RSS] TrustZone Break-in Vulnerabilities in Ampere UEFI MM Drivers (Arbitrary Out-of-Bounds Write)

https://github.com/google/security-research/security/advisories/GHSA-jxxm-gxxf-64mg

[RSS] TrustZone Break-in Vulnerabilities in Ampere UEFI MM Drivers (Buffer Overflow and Stack Information Leak)

https://github.com/google/security-research/security/advisories/GHSA-46qj-g894-vrxr

[RSS] Breaking Down the Attack Surface of the Kenwood DNR1007XR - Part One

https://www.thezdi.com/blog/2026/1/6/breaking-down-the-attack-surface-of-the-kenwood-dnr1007xr-part-one

@cR0w @maaneeack @troed Don't take my word for it, I really didn't have time to dig in, but that's kind of the problem with slop isn't it?

@troed @maaneeack @cR0w The person who posted this also posted a bunch of other stuff in different projects. This is their "repro" for MongoDB:

```
./mdb_load -T /tmp/lmdb_asan < [crash_input_file]
```

...but I don't see `crash_input_file` anywhere. I smell slop.

(Source: https://seclists.org/fulldisclosure/2026/Jan/5 )

#jsPDF: Critical Path Traversal Vulnerability (CVE-2025-68428) in jsPDF - a widely-adopted #npm package for generating PDF documents in JavaScript applications allows attackers to read & exfiltrate arbitrary files from the local filesystem:
👇
https://www.endorlabs.com/learn/cve-2025-68428-critical-path-traversal-in-jspdf

An Act of Resistance

#webcomic #krita #miniFantasyTheater