[RSS] Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279

[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service (CVE-2026-20931)

https://swarm.ptsecurity.com/whos-on-the-line-exploiting-rce-in-windows-telephony-service/

@singe You have a GUI to redirect all/some messages to a shell script (or whatever) where you can do the replace.

@singe ICYMI: https://github.com/silentsignal/burp-piper

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension https://github.com/singe/burp_global_match_replace

Er... missed link for that last post, https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

The latest edition of the Security Liberation Front is out¹:

__
¹ https://slf.fish/

100% tariff on the MM/DD/YY date format.

People, with #Greenland raising awareness of our massive 24/7 dependence on US clouds for vital services, I made a list of what (government) stuff would break here under US sanctions. It is EXTREMELY depressing. Can I suggest that people also make a list like this one for their own countries? It is getting quite some traction here: https://berthub.eu/articles/posts/dashboard-amerikaanse-afhankelijkheden/

@piggo I would probably cry because of the unnecessary complexity containers introduce for this use-case.

Join us for the kick-off of Pwn2Own Automotive 2026! As always, we begin the event with a random drawing to see the order of attempts for the contest, which starts first thing on Wednesday, January 21. https://youtube.com/live/Dtp-ICE0crw

@cstross Put another way: LLMs have revealed a zero-day exploit in human consciousness and culture: if you can manufacture plausibility at scale, you can bypass all of the accumulated wisdom of centuries of skepticism and critical thinking. Any fact-using profession is potentially vulnerable to this attack.

A former writer for South Park foresaw Trump's takeover of the Kennedy Center and had the foresight to register the domain names trumpkennedycenter dot org and dot com back in August. JFK's niece thanked him for doing so. Of course, the Trump-controlled board now wants their domain name and threatened legal action. His response is brilliant.

[RSS] The Computational Web and the Old AI Switcharoo

https://fromjason.xyz/p/notebook/the-computational-web-and-the-old-ai-switcharoo/

"shoehorning AI features into our apps isn't just tech bros following their tail. It's setting the expectation that all consumer technology requires AI."

RE: https://haunted.computer/@binarygolf/115878068970692998

Last day of BGGP6 today!

If you host your own e-mail domain could you please test if @internetarchive sign up verification/pw reminder e-mails arrive to you?

[RSS] Quantum computing for lawyers

https://bfswa.substack.com/p/quantum-computing-for-lawyers

@voltagex By "idle" you mean the guest CPU is at 0%? Windows tends to do a lot of things when it senses that no one is looking, incl.: FS indexing, malware scans, updates, all of which consumes CPU and I/O (which may need some emulation by the host too).

The British are to blame for this aren’t they