@misprintedtype <marquee> - infinite fun!

Here's my analysis of the recent-ish 9.3 Critical in #Emby (CVE-2025-64113).

Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.

https://gebir.ge/blog/its-not-mine-cve-2025-64113/

Does anyone happen to own an ATM that they’re willing to sell? Preferably NCR or Wincor/Diebold Nixdorf. I‘m based in Hamburg and the ATM is mainly intended for #40C3. Will also take only parts or broken or ancient ATMs as well. Very long shot but worth a try :)

#39C3

Signal Creator Marlinspike Wants To Do For AI What He Did For Messaging https://slashdot.org/story/26/01/13/1529250/signal-creator-marlinspike-wants-to-do-for-ai-what-he-did-for-messaging?utm_source=rss1.0mainlinkanon

@csepp No idea, I posted it in part as a bookmark for myself to read later...

(plus based on my recent experience, scripting IDA data types is always a courageous act)

https://github.com/kaansenol5/VibeOS

[RSS] Symless: an IDA assistant for structure reconstruction

https://blog.thalium.re/posts/symless-an-ida-assistant-for-structure-reconstruction/

[RSS] X41 Audited CRI-O Runtime

https://x41-dsec.de/security/research/job/news/2026/01/13/cri-o/

Observation: low-quality MCPs have more GitHub stars than their high-quality alternatives.

@thezero One important lesson I learned in life is to stay the fuck away from people who employ projection, esp. if they do it consciously:

https://www.psychologytoday.com/us/basics/projection

isomorphisms per monad

@joxean It's perfectly normal, our politicians used that same spyware on journalists etc.

[RSS] Hungary grants asylum to former Polish minister implicated in spyware probe

https://therecord.media/hungary-asylum-spyware-probe-poland

'i learn so much by using an LLM' sure thing, just as anyone who ever 'learned' programming from a book while not bothering to type out a single line of code.

🔔CFP for #OffensiveCon26 is STILL open.
If you want a slot on one of the most technical offensive security stages out there, this is it.

We’re looking for real, original work: cutting-edge security research, novel exploit techniques, and deep technical investigations that actually move the field forward. Ready or not, the deadline is coming.

🗓️ CFP Deadline: 1 March 2026, 6:00 pm UTC
📬 Submit your talk: https://buff.ly/bPTM6wl

⏳ Last weeks. No extensions.

@mikoto MS deliberately messing with us, just look at Visual Studio vs. MSVC product/version numbering

A useful chart on what type to use for flags in C/C++ depending on your D&D alignment:

Shot in the dark but is anyone else here a teacher? I am working on revising the literacy curriculum at my school and feel as though I’m doing it in complete isolation. I’d love to chat with another professional about it. #forkiverse #teachers #curriculum (im trying with this tagging stuff but I have legit never done it before)

@bagder

On the morning of the 13th day of the year we have received *checks notes* 13 #curl vulnerability reports on Hackerone this year.

None a confirmed vulnerability.