The full schedule for #Pwn2Own Automotive 2026 is live! 73 entries over three days should keep us hopping. Be sure to stay tuned for al the results #P2OAuto https://www.zerodayinitiative.com/blog/2026/1/20/pwn2own-automotive-2026-the-full-schedule

TIL this was the moment when web search turned shit:

https://blog.google/products-and-platforms/products/search/introducing-knowledge-graph-things-not/

OK, that's a bit of an exaggregation but there are so many use-cases when Page Rank Just Works(tm), I can't wrap my head around why engines wouldn't keep it as an optional search mode.

I heard last week that the physics teacher of the daughter of one of my colleagues told the daughter that girls who do their nails don’t do physics. Sigh.

So, here are the nails of an internationally leading particle physics professor. My nails.

Don’t believe the gatekeepers! #womeninSTEM

cool, so there's a whole new github dork people can do: claude chatlogs.

they live in .claude/logs/ and are full text records of peoples entire conversations with claude

and they're ending up in public on github because i guess people arent adding them to .gitignore

happy monday! ai is going great!

https://discernibleinc.com/blog/3-counterproductive-communication-patterns-holding-back-security-researchers - so simple, yet so good advice.

@piggo We used to have low-priv user accounts for that. Getting the ephemeral/immutable nature of containers can be a significant step for newcomers IMO.

@singe And my reaction was likely rooted in the fact that I missed so many great tools, only to find them later and redo my toolchain, because the maintained stuff was simply better than my ad-hoc one could be :)

@singe even in that case a) I don't like to write a _slightly_ different tool for a similar task (here comes maintenance) b) the fixed cost of vibe-coding (which is very easy to under-estimate) can easily exceed the cost of finding/learning 1 tool that can replace N.

But sure, I also do ad-hoc tools like this, and I actually think your observation is correct, it's just the tendency that is very slippery.

@singe Problem is those vibe-coded tools will rarely get enough testing and maintenance to become really useful so we'll end up crafting (subpar) hammers for each nail, esp. because crafting hammers in this case feels pretty rewarding, see: https://svnscha.de/posts/the-passenger-seat-developer/

Frida 17.6.0 released – major Android stability improvements, Android 16 support https://frida.re/news/2026/01/18/frida-17-6-0-released/

[RSS] Iranian state TV feed reportedly hijacked to air anti-regime messages

https://therecord.media/iran-state-television-reported-hack-opposition

[RSS] Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279

[RSS] Who's on the Line? Exploiting RCE in Windows Telephony Service (CVE-2026-20931)

https://swarm.ptsecurity.com/whos-on-the-line-exploiting-rce-in-windows-telephony-service/

@singe You have a GUI to redirect all/some messages to a shell script (or whatever) where you can do the replace.

@singe ICYMI: https://github.com/silentsignal/burp-piper

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension https://github.com/singe/burp_global_match_replace

Er... missed link for that last post, https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

The latest edition of the Security Liberation Front is out¹:

__
¹ https://slf.fish/

100% tariff on the MM/DD/YY date format.