New vulnerability report from Talos:

Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279

CVE-2025-61973

Still going to argue that https://gitlab.com/mjg59/linux/-/commit/13cd6ec5e0e99124dd730156a4d921b20f192e2d would maybe be the most security per lines of code this decade

#Ghidra 12.0.1 released, Change History:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

@joxean @Xilokar ...but I meant this mostly as a joke :)

@joxean @Xilokar malware, obviously! I'd also consider Electron itself as packing and I'm pretty sure there are other "IP protection" schemes under the hood...

@joxean does MS Teams count?

One question: have you seen recently packed software (malware or some proprietary application) that isn't Windows PE files? Like, I don't know, Linux ELFs, or MacOS MACH-O files, or Android apks.
#malware #packers

@algernon Most people don't have that much attention to detail (e.g. does the link I just posted work?)

@soatok Not 100% related, but are there sane alternatives for the openssl *command*? It's always a pain to look up subcommands and arguments, so I might as well just learn a new (set of) tool(s) for key and certificate manipulation.

RE: https://furry.engineer/@soatok/115896145424737173

As a professional source code reviewer, I gotta agree with “We cannot overstate the extent to which just reading the OpenSSL source code has become miserable.” The answer to “how does OpenSSL—” is always “I don’t know and I don’t have six months to find out.” This is not true of alternative libraries with the same functionality.

@grammargirl Similar experience: 70+ yo person having to deal with expired X.509 certificates (.gov.hu app) - what are these devs smoking??

📢 LAST CALL: IDA Plugin Contest!

The submission window closes January 15, 2026 @ 11:59pm CET.

Read the entry instructions and full details here:
https://hex-rays.com/plugin-contest

Good luck!

Matthew McConaughey Trademarks Himself To Fight AI Misuse https://slashdot.org/story/26/01/14/1549211/matthew-mcconaughey-trademarks-himself-to-fight-ai-misuse?utm_source=rss1.0mainlinkanon

@mumblegrepper what got you interested in DirBuster in 2026??

I suffered a moderate data loss in 2022 when tried to export a #Wordpress site with this plugin:

https://github.com/benbalter/wordpress-static-site-exporter/issues/292

Now the issue got an AI fix, introducing a lot of code to handle tricky symlinks.

Taking into account that the author didn't care to look at my issue for 3 years I doubt this fix is properly reviewed so I now trust this plugin even *less*.

[RSS] Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC

https://neodyme.io/en/blog/drone_hacking_part_1/

When IMS Associates, Inc., couldn't get their hands on an Altair 8800, they decided to make their own! How's that possible? Key technology like the S-100 bus were easy to replicate, leading to a slew of clones, like the IMSAI 8080.
—
#iFixit #RightoRepair #FixTheWorld

[RSS] CVE-2025-64155: Three Years of Remotely Rooting the Fortinet FortiSIEM

https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

[RSS] The January 2026 Security Update Review

https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review

We are at *twenty* hackerone submissions for #curl so far this year. Zero of them a confirmed vulnerability.