[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/

Another alleged stalkerware software maker got compromised and someone leaked all their customers on a cybercrime forum.

AMD updates installed without signature checking (from an HTTP link, no less)? /via @drwhax

https://mrbruh.com/amd/

Recent report about a nation-state implant that would be useful to exploit this:

https://blog.talosintelligence.com/knife-cutting-the-edge/

@drwhax Many sw use HTTP updates so they can get through middleboxes. The bigger issue here is the lack of executable authenticode verification.

Oooooh SNAP!!! 💥

Prime Minister Pedro Sanchez of Spain:

“First, we will change the law in Spain to hold platform executives legally accountable for many infringements taking place on their sites. This means that CEOs of these tech platforms will face criminal liability […]
Second, we will turn algorithmic manipulation and amplification of illegal content into a new criminal offense. […]
spreading hate must come at a cost.”

Have a great weekend, Elon! 😘

https://www.youtube.com/live/NElqgJ1aXFA?si=M52qiZYBt55KRamm

Here is a sad (and somewhat pathetic, I guess) fact: The new Firefox "smart window" (which is an LLM-based browser), doesn't even use a local or open model, it's literally just Google's models run via their API

@lindsey yes.

@jpkeisala https://github.com/jgraph/drawio-desktop

Full-Blown Cross-Assembler…in a Bash Script

https://hackaday.com/2026/02/06/full-blown-cross-assembler-in-a-bash-script/

It doesn't matter whether C is good or not. It matters that if I write code in two languages that aren't C, and I want it to all be part of the same process, I need to care about C. C pervades all. You cannot escape it. C will outlive all of us. The language will die and the ABI will persist. The far future will involve students learning about C just to explain their present day. Our robot overlords will use null terminated strings. C will outlive fungi.

@TarkabarkaHolgy that's actually reasonable, it's expectations of modern family logistics that is bonkers

PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?

Like https://github.com/i3/i3/pull/6564 for example

Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!

This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.

[RSS] Django SQL Injection in RasterField lookup (CVE-2026-1207)

https://vulnerabletarget.com/VT-2026-1207

New Project Zero issue:

Samsung: QuramDng Warp opcodes out-of-bounds read

https://project-zero.issues.chromium.org/issues/462544562

CVE-2026-20973

[RSS] CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

https://www.thezdi.com/blog/2026/2/4/cve-2025-6978-arbitrary-code-execution-in-the-arista-ng-firewall

When a piece of type gets damaged, it's like a fingerprint that can be used to tie all the work of a printer together, whether or not their name appears on the title page. The Catalog of Distinctive Type is building a database of these fingerprints for Restoration England. https://cdt.library.cmu.edu/

RE: https://infosec.exchange/@albinowax/116018773839725691

I'm happy to be on the TOP 10 list for the second time, this time with the fun SOAP stuff.

I'm even more happy to see ORM research in 2nd place. I saw it live during BHEU and it was awesome 🤟

Cisco has discovered DKnife, an AitM toolkit installed on hacked routers and edge devices by Chinese hackers, designed to intercept and tamper with traffic to deliver malware

https://blog.talosintelligence.com/knife-cutting-the-edge/

The path to #pwning the PS VR2 (part 1) - "Recovery mode" <- yet another case study on how assumptions should always be checked in practice 🤷

https://bnuuy.solutions/2026/02/01/ps-vr2-recovery-mode.html