@opensource shout-out to @kirschner , for his post about the 500 million euro that the German government spends each year (!) on Microsoft licensing, while asking how much #opensource we could have procured and developed with a fraction of that money. During @nlnet 's presentation.

@soatok

"why are compilers, man?"

So toolchain engineers have a safe space to recover after working on linkers.

( @resistor )

#curl security moves again. Back to #hackerone

https://daniel.haxx.se/blog/2026/02/25/curl-security-moves-again/

It often feels like the world of tech is nothing but bad actors and bad news these days, it is always refreshing to read about something that is a fundamentally amazing example of technology and human ingenuity. This article about the process and people that sit behind the undersea cables that connect our world (and how they are productively recovered) is an example of that type of story. You should check it out!

https://www.wired.com/story/say-goodbye-to-the-undersea-cable-that-made-the-global-internet-possible/

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026).

Full details are available in the Call for Papers:
https://www.usenix.org/conference/woot26/call-for-papers

IBM crashes because we’re gonna YOLO a replacement for banking and credit-card back-ends, replacing billions of lines of COBOL with vibe code. Uh…

https://www.techbuzz.ai/articles/ibm-crashes-11-as-anthropic-threatens-cobol-empire

@timbray

@da_667 malware born after 1993 can't virus. All they know is be on their phones, run mirai, steal crypto, eat hot chip and lie

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/

I'd like to write more of those but it's so time-consuming. 😔

#cve #windows

A Meta employee who works on AI safety let an AI agent named OpenClaw loose on her inbox and it deleted all her email. (This tracks; companies like Meta actually don’t care about AI safety and hire accordingly.) https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/

New blog post 😊

If you replace all the innerHTML with setHTML, you will be free from XSS and other injection attacks. Goodbye innerHTML, Hello setHTML

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

(Kudos to our folks for specifying, building and shipping!)

Telnetd Vulnerability Report https://www.openwall.com/lists/oss-security/2026/02/24/2
Rediscoveries in InetUtils beyond last month's froot. Incomplete fix of CVE-1999-0073, where the CVE description's example was LD_LIBRARY_PATH, but new LPE PoCs use CREDENTIALS_DIRECTORY and GCONV_PATH. Avoided in Linux NetKit?

We're hiring! 🚀

We have an open position for the Senior Deception Engineer role at @watchtowrcyber

Looking for someone with deep #honeypot and deception experience to join my team!

https://careers.watchtowr.com/jobs/7012653-senior-deception-engineer