“Are you enjoying this app?”

I fucking was until you interrupted me.

Google released its plan for opting out of its AI https://youtube.com/shorts/qnBWMcKKkKE?si=MnLxFNzzX8n3JAEo

I’ve written about the history of the word hacker and the word cracker, in French “hacker” is “pirate” and this little news clipping from L’Evangéline from May of 1980 shows that the word was in mainstream use earlier than hacker was in English. I think this is a story about the Dalton Gang.

"The purpose of a system is what it does"

RE: https://mastodon.social/@noybeu/115938255720880883

pov: you’re in the office at 3am on a Wednesday finally able to control the duty cycle of a pwm signal (and pondering your life choices)

Iran is trying to use cryptocurrency to stabilize its fiat rial currency... that's a first

https://www.elliptic.co/blog/iran-has-acquired-us-dollar-stablecoins-worth-at-least-half-a-billion-dollars

I can share now:
Absolutely normal hotel room before #Pnw2Own attempt

@mawhrin @magdalenahai Also note that baby booms don't happen at the same time in different areas of the world.

(Edit: I'm also pretty sure things are not great on Africa, it's just no one gives a shit...)

In a highlight from Day One of #Pwn2Own Automotive 2026, @synacktiv targets the #Tesla infotainment system. #P2OAuto
https://youtube.com/shorts/DKYT-LrZmZs

[RSS] ReDisclosure: New technique for exploiting Full-Text Search in MySQL (myBB case study)

https://exploit.az/posts/wor/

CVE-2025-48941

Sometimes the job interview just wants to gain code exec on your machine:

https://runjak.codes/posts/2026-01-21-adversarial-coding-test/

Local girl failed the coding interview:
I don't think they've got a job for me anymore now that I got their repos deleted⁉️

Interesting links of the week:

Strategy:

* https://assets.publishing.service.gov.uk/media/696e0eae719d837d69afc7de/National_security_assessment_-_global_biodiversity_loss__ecosystem_collapse_and_national_security.pdf - biodiversity and national security
* https://www.gov.uk/government/publications/software-security-ambassadors-scheme - when you get summoned to number 10 for a nasty oopsie
* https://www.cjr.org/news/hannah-natanson-fbi-washington-post-raid-devices-seized-runa-sandvik-security-computer-phone-laptop-sources.php - how to blow whistles safely, is it even possible?
* https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector/2025-cbest-thematic - themes and trends from UK FSI red teaming under Bank of England's CBEST programme

Standards:

* https://aivss.parthsohaney.online/calculator - a stab at quantifying AI risk... not convinced it'll work but at least people are thinking about the problem

Threats:

* https://www.esentire.com/blog/new-botnet-emerges-from-the-shadows-nightshadec2 - yay, more C2

Detection:

* https://github.com/RustyNoob-619/100-Days-of-YARA-2026/blob/main/Rules%2FDay17.yara - always like a bit of nice YARA
* https://andpalmier.com/posts/abuse-ch-toolkit/ - tools for @abuse_ch

Bugs:

* https://seclists.org/oss-sec/2026/q1/89 - finally Linux telnetd gets an auth-pass feature
* https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/ - CVE wen, an overflow in UNIX v4
* https://www.ibm.com/support/pages/node/7257143 - so you wanna pop a mainframe?

Exploitation:

* https://github.blog/developer-skills/github/codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/ - hunting bugs with CodeQL
* https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/ - industrialising set $pc=0x41414141
* https://netaskari.substack.com/p/whats-in-the-box - pentesting in .cn
* https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables - GOOG launch rainbows, share Net NTLMv1 pot of gold
*
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/DVS-Berichte/passwortmanager_sicherheit_datenschutz.pdf - .de takes pop at password managers
* https://security.opensuse.org/2026/01/16/the-journey-of-auditing-uyuni.html - SuSE takes UYUNI for a space walk

Hard hacks:

* https://medium.com/@marcel.rickcen/no-tamper-alert-no-password-and-a-backdoor-root-access-on-a-pos-credit-card-payment-terminal-1ea32c73ca41 - what a POS
* https://neodyme.io/en/blog/drone_hacking_part_1/ - on and on, they drone
* https://blog.nns.ee/2026/01/06/aike-ble/ - sniffing scooter emissions
* https://lucasteske.dev/2025/09/running-code-in-pax-machines - this looks like payback
* https://web.archive.org/web/20160128030439/http://www.elemental.net/%7Elf/undoc/ - undocumented Cisco commands

Hardening:

* https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-by-using-ou-objects - delegation in AD by OU

Nerd:

* https://rbanffy.github.io/fun-with-old-mainframes.github.io/fun-with-vm370.html - mmm, greenscreen
* https://openmail.one/ - OpenAI lawsuits ahoi!

#security, #research

Earlier this month, we reported a zero-day auth. bypass in the SmarterTools SmarterMail email solution.

Someone has reversed the patch (released on 15th Jan) and begun exploiting it in the wild.

Read our analysis and please, ASSUME BREACH + PATCH NOW.

https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/

#curl is RFC 9116 compliant

https://curl.se/.well-known/security.txt

https :// curl.se / .well-known / security.txt

[RSS] [reddit] Do any security researchers use Anki or spaced repetition in their workflow?

https://old.reddit.com/r/ExploitDev/comments/1qjjn3q/do_any_security_researchers_use_anki_or_spaced/

[RSS] Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass) - watchTowr Labs

https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/

[RSS] Pwn2Own Automotive 2026 - Day Two Results

https://www.thezdi.com/blog/2026/1/22/pwn2own-automotive-2026-day-two-results

getting things merged into Ghidra

RE: https://chaos.social/@weirdunits/115937461017927780

Whew! They had to swap out the master control board during the attempt, but Hank Chen of InnoEdge Labs successfully demoed their exploit of the Alpitronic HYC50 in Lab Mode. Using screwdrivers during a #Pwn2Own attempt is always crazy to see. He's off to disclose what occurred.

@mttaggart @gdupont This whole thing reminds of kids playing war games on the playground. they are playing "revolution" now. they heard revolutions need constitutions, and they happen to have these text writing toys and potato stamps so they worked *really* hard to produce a "constitution" that they can show their shareho^W parents and the enemy kids over at the sandbox.