@EUCommission

Hello internet, I am actively looking for speaking opportunities in central Europe (e.g., a train-ride from Berlin) to talk about Web security, XSS, `innerHTML` and the Sanitizer API. Ideally to an audience of web developers, framework engineers and the like :)

InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338)

https://security.opensuse.org/2026/01/09/inputplumber-lack-of-dbus-auth.html

If Andrew "bunnie" Huang didn't exist, I'd swear he was a character out of a(n extraordinarily technologically well-informed) cyberpunk novel. Every time I interact with this legendary hardware hacker, he blows my mind with some project or insight that permanently alters how I think about tech.

-

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2026/01/09/quantity-break/#so-many-chips

1/

Now this is how you exit a "smart" tech business. Bose is open-sourcing the API for SmartTouch speakers, moving as much functionality as possible to an app, and extending support.

https://www.theverge.com/news/858501/bose-soundtouch-smart-speakers-open-source

[RSS] Breaking Down the Attack Surface of the Kenwood DNR1007XR - Part Two

https://www.thezdi.com/blog/2026/1/8/breaking-down-the-attack-surface-of-the-kenwood-dnr1007xr-part-two

SmarterTools CCO: "the steps for replication were rather intricate"
Narrator: It was "../"

This thread shows how 90s security mindset is alive and kicking in 2026.

RE: https://bird.makeup/users/watchtowrcyber/statuses/2009445270019620901

M

[RSS] The Ni8mare Test: n8n RCE Under the Microscope (CVE-2026-21858)

https://horizon3.ai/attack-research/attack-blogs/the-ni8mare-test-n8n-rce-under-the-microscope-cve-2026-21858/

The Conscience of a Hacker, also known as The Hacker Manifesto, turns 40 today!

Written by Loyd "The Mentor" Blankenship, its spirit still resonates with hackers and makers everywhere. A cornerstone of hacker culture.

"My crime is that of curiosity."

Read it here: https://phrack.org/issues/7/3

#HackThePlanet #HackerManifesto

Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) - watchTowr Labs https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/

Full House

[RSS] Clang Hardening Cheat Sheet - Ten Years Later

http://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html

@ra6bit @SwiftOnSecurity original or remake?

“The Conscience of a Hacker” by The Mentor is 40 years old today.

"IDA 9.3 is on the horizon [...] type system enhancements"

God have mercy on my soul!

(context: https://scrapco.de/blog/reshare-ramblings-bad-vibes-with-ida.html )

@cynicalsecurity @whitequark DPD's spiritual guide is clearly Ace Ventura

We're now accepting applications for our 2026 summer internship program!

Trail of Bits is hiring interns across our software assurance, security engineering, and research & development teams. Over the summer, you'll work on real projects that might include conducting security assessments for critical systems, developing open-source tools, and contributing research that advances the field.

Applications are open now through February! Learn more and apply here!
https://apply.workable.com/trailofbits/j/0C784B6D41/