If you wanna read the source material yourself, we have uploaded the most relevant court documents in the case against Peter Williams here:

https://www.documentcloud.org/projects/224000-usa-v-peter-doogie-williams/

This is a phenomenal little blog post about Linux C++ binary analysis ❤️❤️❤️
https://oneraynyday.github.io/dev/2020/05/03/Analyzing-The-Simplest-C++-Program/

And shoutout as always to @hexacorn for this resource: https://www.hexacorn.com/blog/2018/06/25/url-schemes-in-win-10/

@gsuberland @invoxiplaygames.uk Calling this RCE is at least consistent with MS's own taxonomy (see previous Office vulns). CVSS UI:R is also a meaningful datapoint for those parsing their feed.

@G33KatWork MS be like

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

Simple solution

#webcomic #krita #miniFantasyTheater

Micropatches released for Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)
https://blog.0patch.com/2026/02/micropatches-released-for-windows.html

"I'm very glad," said Piglet happily, "that I thought of giving you Something to put in a Useful Pot."

[RSS] Shellcode as 'XML'

https://tmpest.dev/shellcode_as_xml.html

[RSS] Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5

https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15

[RSS] Intego X9: When your macOS antivirus becomes your enemy

http://blog.quarkslab.com/intego_lpe_macos_1.html

"Switzerland’s military has terminated its contract with Palantir… following a security audit… concluded that U.S. intelligence agencies could potentially access sensitive Swiss defense data… significant reputational warning for the data analytics firm"

https://www.newscase.com/palantirs-swiss-exit-highlights-global-data-sovereignty-challenge/

#Palantir #Dataprivacy #Security

#Ghidra 12.0.3 released:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.3_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Looks like a fix to a cute little vulnerability too: it seems you could make users execute your commands via @execute annotations in Listings :)

Wheeee my presentation on parser differentials made it on the Top Ten Web Hacking Techniques of 2025

https://portswigger.net/research/top-10-web-hacking-techniques-of-2025

@corbet Blocked and reported to @kagihq SlopStop: https://help.kagi.com/kagi/features/slopstop.html

#Keycloak CVE-2026-1529: "lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."

https://access.redhat.com/security/cve/cve-2026-1529

#JWT

Apple says it supports competition, privacy, and repair. AirPods say “not for you.” From EU feature lockouts to batteries you can’t replace, we unpack Apple’s most disposable design at the link below.

https://www.ifixit.com/News/115572/apple-airpods-and-malicious-compliance
—
#iFixit #RightoRepair #FixTheWorld

Rust Crate: It's very easy to use me, here's a definition: ...

Me: I don't even know how to type half of these characters :S

New Rapid7 Analysis on AttackerKB topic: CVE-2026-1731

"On February 6, 2026, BeyondTrust published an [advisory](https://www.beyondtrust.com/trust-center/security-advisories/bt26-02) for a new critical command injection vulnerability, [CVE-2026-1731](https://nvd.nist.gov/vuln/detail/CVE-2026-1731), affecting their products Remote Support (RS) and Privileged Remote Access (PRA). ..."

Link: https://attackerkb.com/topics/0e038aee-d044-46cf-8b9e-8f54ca24d80a