Exactly 2 years ago, Readeck 0.10 was released 🎂

So today is a good day to publish the 2026 roadmap! With some important news about the hosted service, a sneak peek on upcoming features in January and a few words about AI.

https://readeck.org/en/blog/202512-2026-roadmap/

This Gmail hack is unsettling not because it’s flashy, but because it’s bureaucratic. Attackers aren’t breaking encryption or outsmarting algorithms. They’re filling out forms. By changing an account’s age and abusing Google’s Family Link feature, they can quietly reclassify an adult user as a “child” and assume parental control. At that point, the rightful owner isn’t hacked so much as administratively erased.

The clever part is that everything happens inside legitimate features. Passwords are changed. Two-factor settings are altered. Recovery options are overwritten. And when the user tries to get back in, Google’s automated systems see a supervised child account and do exactly what they were designed to do: say no.

Google says it’s looking into the issue, which suggests this wasn’t how the system was supposed to work. But it’s a reminder of an old lesson. Security failures often happen when protective mechanisms are combined in ways no one quite imagined. The tools aren’t broken. The assumptions are.

There’s no dramatic fix here, only mildly annoying advice that suddenly feels urgent. Review recovery settings. Lock down account changes. Use passkeys. Because once an attacker controls the recovery layer, proving you’re you can become surprisingly difficult.

TL;DR
🧠 Family safety tools are being weaponized
⚡ Account recovery can be shut down entirely
🎓 Legitimate features enable the lockout
🔍 Prevention matters more than appeals

https://www.forbes.com/sites/daveywinder/2025/12/07/google-looking-into-gmail-hack-locking-users-out-with-no-recovery

#Cybersecurity #Gmail #IdentitySecurity #AccountRecovery #DigitalRisk #security #privacy #cloud #infosec

So how about Europe's cloud woes? A lot happened in 2025, and things became much clearer. We truly can't continue to wed our governments to 🇺🇸 clouds. While there are encouraging developments, it is incredibly odd that neither cloud buyers nor the European 🇪🇺 software/hosting industry are seeing the urgency to act. But, governments & regulators could forge a useful path towards a solution in 2026:
https://berthub.eu/articles/posts/the-european-cloud-2025/

When I jump from a github email notification link into a browser, github shows me the „too many requests“ error page.

Because I am not logged into GH on my phone.

So I am treated like an AI crawler.

By Microsoft. To protect itself.

The Innovation team at @Tarlogic explores how to automate function identification in symbol-less ESP32 firmware using Ghidra FIDB, turning opaque binaries into readable code in a matter of minutes ⚙️🔍

#reverseengineering

https://www.tarlogic.com/blog/esp32-firmware-using-ghidra-fidb/

'i wont accept a pdf attachment from you because youre a redteamer and you might try to hack me' isnt the galaxy brain defensive secuity posture that you think it is

The early web was driven by curiosity, openness, and play, not monetization. Creativity flourished because experimentation was encouraged.

Creator Audrey Witters reflects on that era, using her now-famous animated alien GIF as an example of how playful, freely-shared work helped shape digital culture—and why preserving it still matters.

Learn more ⤵️ https://blog.archive.org/2025/12/22/audrey-witters/

#EarlyWeb #DigitalHistory #Creativity @internetarchive

19+ Vulnerabilities + PoCs for the MediaTek MT7622 Wifi Driver https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html

Did someone get you this air quality monitor as a gift? I wanted to have it log the data, but didn’t quite trust it with internet access. I dug around a bit, got a root shell and untethered it. Read the writeup: https://blog.29b.net/dispatches/cgs2_decloud/

When the European Commission approached us about funding a bug bounty for BIND 9, we were impressed with the proposal. We have a policy against bug bounties (because we were frustrated with people wasting our time), but under this proposal, the YesWeHack team would do initial triage, and use their expertise to minimize the 'slop' reports. This is a game-changer for a small development team.

The bounty program is active, and we are looking for our first valid report.

https://yeswehack.com/programs/bind-bug-bounty-program

on a zoom call Chuck Moore the author of Forth announced that Windows updates have rendered his otherwise working colorForth system inoperable and unfixable. moving to another operating system would amount to a rewrite. as a result he said it's "time to move on" from Forth.

several people on the call thanked him for changing their lives with his language, for giving them a lifetime of joyful work and a powerful simple way of thinking about computing, to which he responded "I can only hope it was worthwhile"

Has someone here reverse engineered the USB configuration protocol between the #Logitech GHub software and #BlueYeti microphones?
Want to configure the hardware DSP on #Linux.

#ReverseEngineering

Day 22 of Advent of Compiler Optimisations!

Comparing a string_view against "ABCDEFG" should call memcmp, right? Watch what Clang actually generates — no function call at all, just a handful of inline instructions using some rather cunning tricks. How does it compare 7 bytes so efficiently when they don't fit in a single register?

Read more: https://xania.org/202512/22-memory-cunningness
Watch: https://youtu.be/kXmqwJoaapg

#AoCO2025

🚨 In 2026, Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro) return to OffensiveCon with a training on "Hunting Zero-Days in Embedded Devices".

☝️This training equips you with skills to uncover zero-day vulnerabilities through in-depth study and practical exercises on various vulnerabilities across different CPU architectures. More details here🔗https://www.offensivecon.org/trainings/2026/hunting-zero-days-in-embedded-devices.html

🚀 Don't miss this chance to improve your skills!

For those looking for a covid/flu vaccine around #39c3 bcrt at the globetrotter(.de) shop in hamburg north gives out shots, about 20-30 per shot. I paid 49 for covid+flu, also for non-germans.

(They do ask for your details, no idcard or details needed)

Pretty cool - it turns out that the way I write my blog posts is called 'BLUF': Bottom Line up Front, and it was standardized by the US Army in their information management guidelines: https://en.wikipedia.org/wiki/BLUF_(communication)