[RSS] Micropatches Released for Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability (CVE-2025-47987)

https://blog.0patch.com/2026/01/micropatches-released-for-credential.html

Nominations for the Top 10 (new) Web Hacking Techniques of 2025 are now live! Review the submissions & make your own nominations here: https://portswigger.net/research/top-10-web-hacking-techniques-of-2025-nominations-open

its so cold im using chrome instead of firefox to read news on my phone cuz i need the ads to warm up my phone and hands

Are we entering a world where chatbots will replace devs?
Probably not. Prompting an LLM with natural language is inherently lossy and ambiguous. Up to this point, programming has always been deterministic: Your code does what you say it should do otherwise, it’s a bug. Coding agents break that contract.

Our blog:
https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/

buckle up and prepare for an unload of *six* CVEs against #curl getting published tomorrow, severity low and medium

Has someone tried redeploying 2026?

Do your work poorly and blame it on bad tools, machinery, or equipment.

I’m working on the next hacklore newsletter, and the holiday season delivered a fresh wave of peak hacklore! 🎁 😜

📬 If you want fewer security myths and more reality-based advice for everyday people (including ways for you to help!), subscribe here: https://www.hacklore.org/about

Commodore Disk Drive Becomes General Purpose Computer

https://hackaday.com/2026/01/05/commodore-disk-drive-becomes-general-purpose-computer/

@mwichary They present technology as an instrument for art, and you get to play with literally everything (we spent the open hours in full then went back the next day for more). On the flip-side the items are not very well documented, so you often stop to scratch your head what a thing actually is - they are really helpful though and I think this also adds to the "magic" of the place.

@mwichary My recommendation: https://this-museum-is-not-obsolete.com/

Not a typical a museum, more like a playground for geeks :)

I wrote a photo essay with 20+ of my favourite tech museums in the world, and tried to figure out what makes a great museum in the process.

I am very curious what tech museums you like – and why!

(Will work on any device, but worth checking out on the biggest screen you or your neighbour might have.)

https://aresluna.org/fav-tech-museums/

Decorative Cryptography

https://www.dlp.rip/decorative-cryptography

"All encryption is end-to-end, if you’re not picky about the ends."

@schrotthaufen I certainly argued with very intelligent people about this...

@mdfranz "When API’s go away, and it’s all a federated MCP mesh." This must be one of those people who - despite working in IT - has always thought of APIs as some magical thing beyond human comprehension, but fortunately MCPs will now finally make everything clear and simple!

"The purpose of a system is what it does"

https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does

This is exactly what I've been trying to articulate re: cookie banners. The word of the regulation and intent is largely irrelevant to the effect it caused.

... the README says "the most useful feature is X". I try X, absolute garbage. I look at the code of X: the only relevant piece of data is simply not included anywhere in the computation. ffs

(no I won't open an Issue/PR, let them figure out themselves...)

Kagi's Small Web initiative and why we're committed to it:

#Kagi #Search #SmallWeb