See that the procedures adopted are as inconvenient as possible for the management, involving the presence of a large number of employees at each presentation, entailing more than one meeting for each grievance, bringing up problems which are largely imaginary, and so on.

Every now and then, someone shares a hilarious Kagi result. Now they'll have a place in the Kagi Bloopers hall of fame:

https://help.kagi.com/kagi/bloopers/

We've integrated with Surveillance Watch, an interactive database that documents surveillance and spyware entities.

When searching for an entity that appears on their list, we'll display a banner on its domain to alert you that it's a known surveillance tech provider.

#Kagi #Search #Surveillance #Spyware #Privacy

Binary Ninja 5.2, Io, is live and it's out of this world! https://binary.ninja/2025/11/13/binary-ninja-5.2-io.html

With some of our most requested features of all time including bitfield support, containers, hexagon, Ghidra import, and a huge upgrade to TTD capabilities, plus a ton more, make sure to check out the changelog!

This is my new favorite #design #fail.

Your periodic reminder that most CLI password prompts accept Ctrl+U to fully clear input so you can try again. Leave that backspace key alone.

It sometimes surprises me to learn that there are people who don't know that one of the first really big datasets used to train and evaluate computer language and social models was (and still is) a bunch of internal emails from Enron.

Yes, that Enron. Collected as part of the investigation into its collapse.

https://en.wikipedia.org/wiki/Enron_Corpus

I wrote a proof-of-concept and writeup for CVE-2025-48593, an Android Bluetooth issue that only seems to affect devices that act as Bluetooth headsets / speakers. (i.e. NOT phones, only smartwatches/wearables/cars. And only after pairing. So you can stop worrying.)

https://github.com/zhuowei/blueshrimp

It should be a use-after-free; I haven’t gotten it to do anything interesting though.

So far, I was only able to get a null pointer deref (without malloc debug) or an attempted write to library rodata (with malloc debug).

Today, we're launching SlopStop: Community-driven AI slop detection in Kagi Search.

Join our collective defense against AI-generated spam and content farms:

https://blog.kagi.com/slopstop

#Kagi #Search #AISlop

Update to 4.11.1 now if you use it

CVE-2025-43515
https://support.apple.com/en-us/125693

https://infosec.exchange/@codecolorist/115385827463979240

The video for my TalosCon 2025 keynote, "The Complexity of Simplicity", is now up:

https://www.youtube.com/watch?v=Cum5uN2634o

Slides:

https://speakerdeck.com/bcantrill/the-complexity-of-simplicity

Huge Ws for Rust adoption in Android!

Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics.

https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

In our latest blog we speak with Marion Marschalek of @blackhoodie on how community fuels career, how one challenge led to many opportunities and how you can get involved.
https://hex-rays.com/blog/blackhoodie-interview-2025

Is it my weak search-fu again, or the new qlpack.yml format for #CodeQL is not officially documented? @GitHubSecurityLab

The best resource I could find is this one by @trailofbits:

https://appsec.guide/docs/static-analysis/codeql/advanced/#creating-new-query-packs

"DiaSymbolView is a tool for visually inspecting debug information recorded in .pdb files. It relies on MSDIA API and presents a hierarchy of debug symbols and their 200+ properties."

https://github.com/diversenok/DiaSymbolView

#fromBsky

I bet I can use Atomic Rockets to calculate the kinetic energy of an IBM PS/2 Model 80 dropped from low orbit

Making .NET Serialization Gadgets by Hand https://www.vulncheck.com/blog/making-dotnet-gadgets

LibAFL 0.15.4 has just been released 🎉

Of the 30 Contributers for this release, almost half are new faces <3

https://github.com/AFLplusplus/LibAFL/releases/tag/0.15.4

#Fuzzing #LibAFL #AFLplusplus

The open-source FFmpeg project, used by companies like Google for multimedia processing, urged Google to fund its volunteer developers. FFmpeg is overwhelmed by bugs reported by Google's AI security tools and lacks resources to fix them quickly. https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/