@Dio9sys Ninjas can attack at any time, anywhere!

"We use debian, that should be age verification enough"

The quality of @_r_netsec is at record lows these days...

RE: https://infosec.exchange/@_r_netsec/116279960280398551

This is a crazy, developing story. And here you thought *your* organization's patch management routines were strict: From Christopher Kunz at Heise:

"A serious security vulnerability in the Windchill and FlexPLM products prompted a nationwide police response over the weekend. At the behest of the Federal Criminal Police Office (BKA), officers from across Germany were dispatched to alert affected companies – an unprecedented move. Administrators, whose weekends were disrupted, expressed their irritation – some of whom don't even use the compromised software."

"When the editorial team received a tip late Sunday morning about a critical security vulnerability in Windchill and FlexPLM , it sounded like a routine report: A deserialization vulnerability in specialized software, even with a CVSS score of 10, doesn't cause any alarm at heise security. The situation was apparently quite different at the Federal Criminal Police Office (BKA): By that time, they had already alerted the state criminal police offices (LKA) in various federal states, which dispatched police officers to affected companies during the night. As several readers reported to us in the forum , police officers were standing outside company and private premises in the dead of night."

https://www.heise.de/news/WTF-Polizei-rueckte-Samstagnacht-wegen-Zero-Day-aus-11221345.html

Walmart: ChatGPT Checkout Converted 3x Worse Than Website https://tech.slashdot.org/story/26/03/23/1537238/walmart-chatgpt-checkout-converted-3x-worse-than-website?utm_source=rss1.0mainlinkanon

LSASS under the microscope at TyphoonCon 2026!
Erik Egsgard joins our lineup to uncover how even Windows’ most protected process can be turned into an attack surface: https://typhooncon.com/2026-agenda/

ICYMI (from the not-all-cyber-news-is-horrible dept), a cyberattack on a U.S. vehicle breathalyzer company has left drivers across the United States stranded and unable to start their vehicles. This story positively cries out for a headline-writing contest. TechCrunch reports:

"The company, Intoxalock, says on its website that it is “currently experiencing downtime” after a cyberattack on March 14. Intoxalock sells breathalyzer devices that fit into vehicle ignition switches, and is used by people who are required to provide a negative alcohol breath sample to start their car."

https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

@jpmens Arch is the OpenBSD of Linux for documentation.

[Gecko] Competition, Innovation, and the Future of the Web - Why Independent Browser Engines Matter

https://blog.mozilla.org/netpolicy/2026/03/23/competition-innovation-and-the-future-of-the-web/

🦎️

A man used LLMs to generate hundreds of thousands of "songs", then used bots to stream them billions of times, to collect $8m in royalties. https://www.justice.gov/usao-sdny/pr/north-carolina-man-pleads-guilty-music-streaming-fraud-aided-artificial-intelligence-0 Is there a better metaphor for late-stage capitalism than burning resources to make songs that are never listened to, then steaming them to robots that will never hear them, ad infinitum?

Micropatches released for Desktop Windows Manager Elevation of Privilege Vulnerability (CVE-2025-55681)
https://blog.0patch.com/2026/03/micropatches-released-for-desktop.html

Can anyone point me to a good layman's tutorial to Yubikeys?

that sound you hear is every Windows platform engineer pasting the "Our commitment to Windows quality" post into their AGENTS.md

When I become dictator I'll establish an authority that will check every EDM track for "is one of my many chat programs blimping?" sounds.

New Post: Debugging - WinDBG & WinDBGX Fundamentals https://www.corelan.be/index.php/2026/03/23/debugging-windbg-windbgx-fundamentals/

RE: https://mastodon.art/@lurnoise/114993216415771245

Hi! You should hire me for stuff, not only do I draw pretty neatly but I'm also very kind and easy to work with and always hit the deadlines <3

What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119) https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/

@pancake How about X11 socket sharing? :)
https://github.com/v-p-b/binaryninja-docker

@pancake Thanks for the clarification!

@pancake I think we are talking about different things (please provide a link or stg if I misunderstand). When I just launch claude it can and will write at random FS paths for example, because the process has the privileges to do so. Can it do the same if I launch it in a regular old container where the project directory is mounted (it will have access to everything inside the mount ofc but not my whole ~)?