Someone knows Bash disgustingly well, and we love it.

Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.

This research fuels our technology, enabling our clients to accurately determine their exposure.

https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340

Technology should serve you, not trap or burden you.

#Kagi #Comics

This is the first video of a series, stay tuned for the next episodes.

Presentation: https://pad.rev.ng/p/jOHs-gJjn#/
Also available on YouTube: https://www.youtube.com/watch?v=TPgCIysN0tA

🔴 Clift: a new MLIR dialect for decompiling C

Clift is the AST-like IR that the rev.ng decompiler uses as the last stage before emitting C code.

Clift is an MLIR dialect, a sort of "meta IR" that enables you to define your own types and instructions

Good news. We just published the Firefox Security & Privacy newsletter for 2025 Q4

https://attackanddefense.dev/2026/01/30/firefox-security-privacy-newsletter-2025-q4.html

@wolf480pl "We were in the jungle. There were too many of us. We had access to too much money, too much equipment, and little by little, we went insane."

Very important post by @kagihq (feel free to ignore the AI CEO-speak at the beginnig):

Waiting for dawn in search: Search index, Google rulings and impact on Kagi

https://blog.kagi.com/waiting-dawn-search

Feels like Sun spot activity is wild today...

@froge In theory maybe, in practice these updates introduce breaking changes (see my mention of QA).

@pancake I don't even remember when I last posted on LinkedIn but based on my e-mail notifications that last one will echo in the eternity!

As developing a decent QA process for Linux distros seems to be impossible I don't get how enabling automatic updates by default seemed like a reasonable thing to do...

@floyd I used this thing for my first hacks in school <3

This is wild, there have been changes on the Cain&Able repository lately (yes that tool you used in your first IT security hands-on class 20 years ago) https://github.com/xchwarze/Cain #itsecurity #hacking

County Pays $600,000 To Pentesters It Arrested For Assessing Courthouse Security https://it.slashdot.org/story/26/01/29/2147207/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security?utm_source=rss1.0mainlinkanon

Cable modem died, yaay...

RE: https://tech.lgbt/@ShadowJonathan/115979646528496303

Give me Universal Basic Income and watch me obsessively plant fruit and nut trees in the entire city.

rustc be like

RE: https://mas.to/@pooh/115980278517566505

Hey Hey, People.

Just updated my book-in-progress - Suricata: An Operator's guide.

This update finally closes out chapter 7, a scenarios/exercises chapter to help readers grasp the concepts of threat research and data pivoting, and how the data acquired gets turned into Suricata rules.

There are three scenario exercises in total:

Scenario 1: PolarEdge Botnet
Scenario 2: Myth Stealer
Scenario 3: Oyster backdoor

As always, the book is available for free, and I'm not expecting anyone to pay for my half-finished work. Download a copy here:

https://leanpub.com/suri_operator

the exercises chapter is made much more fun for readers, if they can follow along, so I've updated the github supplementaries repo with pcaps for both the second and third exercise. You can find that repo here:

https://github.com/da667/Suricata-An-Operators-Guide-Supplementaries

Future plans:

Chapter 8 is going to be another somewhat hands-on chapter, where readers learn how to "throw" and capture pcaps of proof-of-concept exploits, and/or forge their own pcaps based on threat research write-ups. I'm not 100% sure which CVEs/vulns I'll be picking on here, but I'll be doing three of them, just for some variety.

As a former K-12 technology educator, let me break this down for you. If a "toy" comes with an app, it isn't a toy; it's a data collection mechanism, and likely a brand loyalty engine.

Kids don't need these things. In fact, they're much, much better off without them.

https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/

@IanHill I think this is a relevant answer, just different abstraction layers: https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/