A Meta employee who works on AI safety let an AI agent named OpenClaw loose on her inbox and it deleted all her email. (This tracks; companies like Meta actually don’t care about AI safety and hire accordingly.) https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/

New blog post 😊

If you replace all the innerHTML with setHTML, you will be free from XSS and other injection attacks. Goodbye innerHTML, Hello setHTML

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

(Kudos to our folks for specifying, building and shipping!)

Telnetd Vulnerability Report https://www.openwall.com/lists/oss-security/2026/02/24/2
Rediscoveries in InetUtils beyond last month's froot. Incomplete fix of CVE-1999-0073, where the CVE description's example was LD_LIBRARY_PATH, but new LPE PoCs use CREDENTIALS_DIRECTORY and GCONV_PATH. Avoided in Linux NetKit?

We're hiring! 🚀

We have an open position for the Senior Deception Engineer role at @watchtowrcyber

Looking for someone with deep #honeypot and deception experience to join my team!

https://careers.watchtowr.com/jobs/7012653-senior-deception-engineer

the pseudo-romantic nature in how these bots talk about their operators is frankly concerning.

please, I beg you, date things that exist in the real world, not a pile of node.js and matrix multiplications. i promise it is far more rewarding.

Future linguists and archeologists are gonna go fucking crazy on this in 150 years

I occasionally help an elderly neighbor get stuff done with their computer. And every single time, I walk away in incandescent rage at how hard we have made this stuff for people who have not spend their entire waking lives marinating in it

Can you recommend me some tool for performance testing of native applications to integrate into CI/CD? The idea is that I would like to test the performance change of specific changes to a code base. It's trivial to write, but I'm 99% sure something must exists, alas, I cannot find such a project.

#PerformanceTesting #ContinuousIntegration #cicd

i built an entire x86 CPU emulator in CSS (no javascript)

you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

https://lyra.horse/x86css/

8086 instruction set implemented in pure css, amazing https://lyra.horse/x86css/

a kind contributor packaged up #sphinx #passwordmanager for #archlinux - and even reported an incompatibility with py3.14 (hence the latest pyoprf release, from yesterday). so if you wanna give it a try, and were using arch, no excuse anymore.

https://link2xt.codeberg.page/blog/2026-02-22-sphinx-aur.html

check out https://sphinx.pm/ for more details

Another gem, here is all you ever wanted to know about Itanium C++ ABI exception handling and how its implemented in Linux C++ binaries https://maskray.me/blog/2020-12-12-c++-exception-handling-abi

High level diff of iOS 26.4 beta 1 vs. iOS 26.4 beta 2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/26_4_23E5207q__vs_26_4_23E5218e/README.md

NEW: There have been a seemingly endless series of critical flaws and cybersecurity incidents related to Ivanti's VPN appliances in the last few years.

Turns out there was a major one in 2021 that wasn't reported until now, according to Bloomberg.

https://techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/