[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service (CVE-2026-20931)

https://swarm.ptsecurity.com/whos-on-the-line-exploiting-rce-in-windows-telephony-service/

@singe You have a GUI to redirect all/some messages to a shell script (or whatever) where you can do the replace.

@singe ICYMI: https://github.com/silentsignal/burp-piper

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension https://github.com/singe/burp_global_match_replace

Er... missed link for that last post, https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

The latest edition of the Security Liberation Front is out¹:

__
¹ https://slf.fish/

100% tariff on the MM/DD/YY date format.

People, with #Greenland raising awareness of our massive 24/7 dependence on US clouds for vital services, I made a list of what (government) stuff would break here under US sanctions. It is EXTREMELY depressing. Can I suggest that people also make a list like this one for their own countries? It is getting quite some traction here: https://berthub.eu/articles/posts/dashboard-amerikaanse-afhankelijkheden/

@piggo I would probably cry because of the unnecessary complexity containers introduce for this use-case.

Join us for the kick-off of Pwn2Own Automotive 2026! As always, we begin the event with a random drawing to see the order of attempts for the contest, which starts first thing on Wednesday, January 21. https://youtube.com/live/Dtp-ICE0crw

@cstross Put another way: LLMs have revealed a zero-day exploit in human consciousness and culture: if you can manufacture plausibility at scale, you can bypass all of the accumulated wisdom of centuries of skepticism and critical thinking. Any fact-using profession is potentially vulnerable to this attack.

A former writer for South Park foresaw Trump's takeover of the Kennedy Center and had the foresight to register the domain names trumpkennedycenter dot org and dot com back in August. JFK's niece thanked him for doing so. Of course, the Trump-controlled board now wants their domain name and threatened legal action. His response is brilliant.

[RSS] The Computational Web and the Old AI Switcharoo

https://fromjason.xyz/p/notebook/the-computational-web-and-the-old-ai-switcharoo/

"shoehorning AI features into our apps isn't just tech bros following their tail. It's setting the expectation that all consumer technology requires AI."

RE: https://haunted.computer/@binarygolf/115878068970692998

Last day of BGGP6 today!

If you host your own e-mail domain could you please test if @internetarchive sign up verification/pw reminder e-mails arrive to you?

[RSS] Quantum computing for lawyers

https://bfswa.substack.com/p/quantum-computing-for-lawyers

@voltagex By "idle" you mean the guest CPU is at 0%? Windows tends to do a lot of things when it senses that no one is looking, incl.: FS indexing, malware scans, updates, all of which consumes CPU and I/O (which may need some emulation by the host too).

The British are to blame for this aren’t they

A glimpse into what a kernel engineer debugs for enterprise customers.

A bank is running a "security" solution that installs kprobes to intercept, among other things, calls to do_execveat_common(), and monitors all the arguments that could have been passed to execveat(). As do_execveat_common() can be triggered not only by userspace, but also by call_usermodehelper_exec(), a kprobe crafted with poor assumptions may result in an erroneous double dereference of what it thinks points to argv**, causing a General Protection Fault.

The kernel is not dumb however. If a GPF is triggered by a kprobe, it is handled gracefully, and nothing happens, and kprobe just returns a safe value. For a GPF to be triggered however, the CPU has to really try to read the wrong memory address first. The address is pretty random each time, meaning it can point to memory regions that are not mapped by kernel, but have some special meaning for a platform.

Enter the platform. It is configured by the hardware vendor in such a way that if an unaligned access to an MMIO region happens, an MCE is generated. And it is not some MCE for a correctable error, but an MCE indicating process context corruption, in other words, it's fatal. So, once it happens, the system dies with a kernel panic.

And this is exactly what the customer experienced. A socket() syscall caused modprobe to be invoked via call_usermodehelper_exec() → do_execveat_common() chain to load the ipv6 module. This triggered a kprobe that dereferenced wrong memory pointer twice provoking a GPF. The kernel began to gracefully handle the GPF, but the platform saw that the second dereference resulted in accessing the MMIO region, and this was an unaligned access, hence the platform threw MCE. And the system died.

It was fun to investigate this and to explain to the customer that three legitimate things in their system being hit together can trigger a crash.

And of course we joked we should have moved the whole case to the networking team, because it's always IPv6.