@gsuberland @invoxiplaygames.uk Calling this RCE is at least consistent with MS's own taxonomy (see previous Office vulns). CVSS UI:R is also a meaningful datapoint for those parsing their feed.

@G33KatWork MS be like

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

Simple solution

#webcomic #krita #miniFantasyTheater

Micropatches released for Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)
https://blog.0patch.com/2026/02/micropatches-released-for-windows.html

"I'm very glad," said Piglet happily, "that I thought of giving you Something to put in a Useful Pot."

[RSS] Shellcode as 'XML'

https://tmpest.dev/shellcode_as_xml.html

[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5

https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15

[RSS] Intego X9: When your macOS antivirus becomes your enemy

http://blog.quarkslab.com/intego_lpe_macos_1.html

"Switzerland’s military has terminated its contract with Palantir… following a security audit… concluded that U.S. intelligence agencies could potentially access sensitive Swiss defense data… significant reputational warning for the data analytics firm"

https://www.newscase.com/palantirs-swiss-exit-highlights-global-data-sovereignty-challenge/

#Palantir #Dataprivacy #Security

#Ghidra 12.0.3 released:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.3_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Looks like a fix to a cute little vulnerability too: it seems you could make users execute your commands via @execute annotations in Listings :)

Wheeee my presentation on parser differentials made it on the Top Ten Web Hacking Techniques of 2025

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025

@corbet Blocked and reported to @kagihq SlopStop: https://help.kagi.com/kagi/features/slopstop.html

#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."

https://access.redhat.com/security/cve/cve-2026-1529

#JWT

Apple says it supports competition, privacy, and repair. AirPods say “not for you.” From EU feature lockouts to batteries you can’t replace, we unpack Apple’s most disposable design at the link below.

https://www.ifixit.com/News/115572/apple-airpods-and-malicious-compliance
—
#iFixit #RightoRepair #FixTheWorld

Rust Crate: It's very easy to use me, here's a definition: ...

Me: I don't even know how to type half of these characters :S

New Rapid7 Analysis on AttackerKB topic: CVE-2026-1731

"On February 6, 2026, BeyondTrust published an [advisory](https://www.beyondtrust.com/trust-center/security-advisories/bt26-02) for a new critical command injection vulnerability, [CVE-2026-1731](https://nvd.nist.gov/vuln/detail/CVE-2026-1731), affecting their products Remote Support (RS) and Privileged Remote Access (PRA). ..."

Link: https://attackerkb.com/topics/0e038aee-d044-46cf-8b9e-8f54ca24d80a

my friend @asciimoo built a thing again \o/ and it's great as always. read his own thoughts on this at https://hister.org/posts/how-i-cut-my-google-search-dependence-in-half/

and engage with the cringe on the orange site at https://news.ycombinator.com/item?id=46959554

#search #history #web #browser

@troed

No that I disagree, but I think OP is (at least in part) about scaring away volunteer contributors where nothing vs. something can make a difference. You probably won't start building a sand castle in the dog park.

@chainq

This multi-part blog series is discussing an undocumented feature of Windows: instrumentation callbacks (ICs).

In part 4 we cover ICs from a more theoretical standpoint. Mainly restrictions on unsetting them, how set ICs can be detected and how new ones can be prevented from being set.

Learn more at https://cirosec.de/en/news/windows-instrumentation-callbacks-part-4/

#Blog #Windows #Shellcode #RedTeaming #ReverseEngineering