TFW LLM keeps hallucinating

Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.

https://cyllective.com/blog/posts/lenovo-vantage

@joxean Have we tried applying microcode updates?

@dmnk ...that will do unexpected shit at the worst possible times?

This agent could've been 10 lines of Bash.

TIL Geohot is blogging:

https://geohot.github.io//blog/jekyll/update/2026/03/11/running-69-agents.html

🚨 New advisory was just published!

A critical vulnerability in UNISOC modem firmware allows one User Equipment (UE) to remotely attack another over the cellular network. By sending specially crafted malformed SDP within SIP signaling messages, an attacker can trigger memory corruption in the target modem, potentially leading to remote execution of arbitrary native code on the victim device: https://ssd-disclosure.com/unisoc-t612-rce/

@Sandfish6811 I can't dive deeper into this rn, but the linked GHSA confirms the essence of the vulnerability and the way it was introduced.

I checked and you are right that the hash is not sent back during auth, I'll probably leave a comment about this on /r/ so they can clarify.

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/

[RSS] Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy

https://xclow3n.github.io/post/6

[RSS] How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

The exact moment software went downhill was when #mozilla changed away from this.

#retrocomputing

examples for the tcpdump and dig man pages https://jvns.ca/blog/2026/03/10/examples-for-the-tcpdump-and-dig-man-pages/

NEW: A former DOGE employee allegedly stole Americans' personal data from two large databases at the Social Security Administration, according to a new report.

The former employee allegedly put the databases on a thumb drive and wanted to use them at their new contractor job.

https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

thoughtful chin scratching

https://gist.github.com/mondain/b0ec1cf5f60ae726202e?permalink_comment_id=3958696

We are following this story very closely and send our best wishes for recovery to Jello, multi-year HOPE speaker & keynote. https://www.kqed.org/arts/13987466/punk-legend-jello-biafra-hospitalized-after-stroke

If I were to recommend one cryptography book for implementors in 2026, would it be:

(Edit, would love your comments as to why.)

In re: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

I see people in here being smug about an OPSEC failure, and other people pointing out that "we only respond to local law enforcement requests" is a much bigger set than you might think, but it's all focused on what the individual can do to protect their privacy and anonymity against nosy state actors.

Most of the solutions proposed are either very insecure (mailing cash) or sufficiently technically complex to be out of the skill set of the average computer user.

> Truly a perfect news alert

https://bsky.app/profile/paleofuture.bsky.social/post/3mgppdsqm2k2n

@hasherezade @REverseConf that. font.