#curl security moves again. Back to #hackerone

https://daniel.haxx.se/blog/2026/02/25/curl-security-moves-again/

It often feels like the world of tech is nothing but bad actors and bad news these days, it is always refreshing to read about something that is a fundamentally amazing example of technology and human ingenuity. This article about the process and people that sit behind the undersea cables that connect our world (and how they are productively recovered) is an example of that type of story. You should check it out!

https://www.wired.com/story/say-goodbye-to-the-undersea-cable-that-made-the-global-internet-possible/

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026).

Full details are available in the Call for Papers:
https://www.usenix.org/conference/woot26/call-for-papers

IBM crashes because we’re gonna YOLO a replacement for banking and credit-card back-ends, replacing billions of lines of COBOL with vibe code. Uh…

https://www.techbuzz.ai/articles/ibm-crashes-11-as-anthropic-threatens-cobol-empire

@timbray

@da_667 malware born after 1993 can't virus. All they know is be on their phones, run mirai, steal crypto, eat hot chip and lie

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/

I'd like to write more of those but it's so time-consuming. 😔

#cve #windows

A Meta employee who works on AI safety let an AI agent named OpenClaw loose on her inbox and it deleted all her email. (This tracks; companies like Meta actually don’t care about AI safety and hire accordingly.) https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/

New blog post 😊

If you replace all the innerHTML with setHTML, you will be free from XSS and other injection attacks. Goodbye innerHTML, Hello setHTML

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

(Kudos to our folks for specifying, building and shipping!)

Telnetd Vulnerability Report https://www.openwall.com/lists/oss-security/2026/02/24/2
Rediscoveries in InetUtils beyond last month's froot. Incomplete fix of CVE-1999-0073, where the CVE description's example was LD_LIBRARY_PATH, but new LPE PoCs use CREDENTIALS_DIRECTORY and GCONV_PATH. Avoided in Linux NetKit?

We're hiring! 🚀

We have an open position for the Senior Deception Engineer role at @watchtowrcyber

Looking for someone with deep #honeypot and deception experience to join my team!

https://careers.watchtowr.com/jobs/7012653-senior-deception-engineer

Talks from the Hackfest 2025 security conference, which took place in October, are available on YouTube

https://www.youtube.com/playlist?list=PLaXanmjyAPzG6heHuTSu9f6lIZF25qevU

the pseudo-romantic nature in how these bots talk about their operators is frankly concerning.

please, I beg you, date things that exist in the real world, not a pile of node.js and matrix multiplications. i promise it is far more rewarding.

Future linguists and archeologists are gonna go fucking crazy on this in 150 years