It's great to see #EU open tech initiatives popping up, but somehow it feels like we are just **terrible** at making ourselves visible, esp. compared to US.

Like how is anyone supposed find this (otherwise great) project - named "docs" - using a search engine?

https://github.com/suitenumerique/docs/

Even assuming I find this project, how do I search for anything related to it (e.g. install guide)?

Why is the homepage in French by default, without a clearly visible language switcher (also looking at you, @Framasoft )?

Friendly reminder that Binary Ninja aarch64 disassembler is freaking awesome! I need to finish my soft fork of it but I love this one, and it's so fast :-]

https://github.com/Vector35/binaryninja-api/tree/dev/arch/arm64/disassembler

i do not value your privacy, which is why my website does not have any trackers on it what so ever. i have positively no idea if any human being besides myself has ever actually opened my website. your privacy is worth zero dollars to me. you couldn't even pay me to take it away.

RE: https://infosec.exchange/@BleepingComputer/116024815101538859

Such a great example of how one vulnerability can lead to discovering a ton more based almost purely on visibility. I found this 2 days after the first SmarterMail vuln. Three other researchers had identified the bug and reported it, and we only discovered the research collision when they asked us to reserve a CVE.

Under analyzed software vulnerability clustering is really interesting.

@DGutie @xabd Thanks, that's exactly why I don't really see the use-case for this. Even considering the 1-click deployment options - if you know those services, you can write 20 lines of HTML (that will not even look like everyone else's linktree).

[RSS] Pickling the Mailbox: A Deep Dive into CVE-2025-20393

https://starlabs.sg/blog/2026/01-pickling-the-mailbox-a-deep-dive-into-cve-2025-20393/

Update: Lacking any evidence that Signal considers sender consistency a security sensitive property - and given the limited impact I decided to just report this as a UI bug.

tl;dr you can trivially make signal polls that only members using Signal Desktop group can see/interact with/react to.

This allows you to basically hide messages from certain other members. Not great in principle, not very useful in practice. Might have it's uses when combined with other vectors.

https://github.com/signalapp/Signal-Android/issues/14583

I could go into history here, but suffice it to say: if someone tries to explain Class A, Class B, or Class C addresses to you, plug your ears and scream at them not to contaminate your brain with information obsoleted more than two decades ago.

[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/

Another alleged stalkerware software maker got compromised and someone leaked all their customers on a cybercrime forum.

AMD updates installed without signature checking (from an HTTP link, no less)? /via @drwhax

https://mrbruh.com/amd/

Recent report about a nation-state implant that would be useful to exploit this:

https://blog.talosintelligence.com/knife-cutting-the-edge/

@drwhax Many sw use HTTP updates so they can get through middleboxes. The bigger issue here is the lack of executable authenticode verification.

Oooooh SNAP!!! 💥

Prime Minister Pedro Sanchez of Spain:

“First, we will change the law in Spain to hold platform executives legally accountable for many infringements taking place on their sites. This means that CEOs of these tech platforms will face criminal liability […]
Second, we will turn algorithmic manipulation and amplification of illegal content into a new criminal offense. […]
spreading hate must come at a cost.”

Have a great weekend, Elon! 😘

https://www.youtube.com/live/NElqgJ1aXFA?si=M52qiZYBt55KRamm

Here is a sad (and somewhat pathetic, I guess) fact: The new Firefox "smart window" (which is an LLM-based browser), doesn't even use a local or open model, it's literally just Google's models run via their API

@lindsey yes.

@jpkeisala https://github.com/jgraph/drawio-desktop

Full-Blown Cross-Assembler…in a Bash Script

https://hackaday.com/2026/02/06/full-blown-cross-assembler-in-a-bash-script/

It doesn't matter whether C is good or not. It matters that if I write code in two languages that aren't C, and I want it to all be part of the same process, I need to care about C. C pervades all. You cannot escape it. C will outlive all of us. The language will die and the ABI will persist. The far future will involve students learning about C just to explain their present day. Our robot overlords will use null terminated strings. C will outlive fungi.

@TarkabarkaHolgy that's actually reasonable, it's expectations of modern family logistics that is bonkers