RE: https://mastodon.social/@hennavirkkunen/115888721732640894

I’ve been informed this is an official account and that makes it good news!

Hello #FediHire, I am a laid off malware analyst still looking for work. It's hard out there. I can program in various languages (primarily C++, Python and Rust) and can study non-malware code with just as much ease as complex malware. Enterprise application ready!

Accolades here: https://www.linkedin.com/in/sean-m-taylor-security-engineer/
Code here: https://github.com/frank2

Any biters? Please let me know!

Just saw this on a post on LinkedIn

https://creepylink.com/

It is a URL shortener that makes your links as suspicious as possible. Simply amazing

For example:

https://google.com/

got turned into:

https://capitalone.c1ic.link/Z8gfcH_claim_gift_card.pl

I'm pretty sure every healthcare organization I've ever received an SMS from is already using this technology

We are excited to announce the CFP for the next tmp.0ut Volume 5!

https://tmpout.sh/blog/vol5-cfp.html

If AI coding is so good, where are the performance numbers?

Claude bros know how to measure performance. They just don't.

https://www.youtube.com/watch?v=xeU208KqeRc&list=UU9rJrMVgcXTfa8xuMnbhAEA - video
https://pivottoai.libsyn.com/20260113-if-ai-coding-is-so-good-where-are-the-performance-numbers - podcast

time: 7 min 34 sec

https://pivot-to-ai.com/2026/01/13/if-ai-coding-is-so-good-where-are-the-performance-numbers/ - blog post

ALERT: ACS 1.1.9.11 has been released due to CVE-2025-66516. Please update ASAP!

"IBM strongly recommends upgrading to 1.1.9.11, and discontinuing use of versions 1.1.9.8 through 1.1.9.10."
"Fixes will only be provided for the latest update."

https://www.ibm.com/resources/mrs/assets?source=swg-ia

#IBMi #ACS #Security

Here's my analysis of the recent-ish 9.3 Critical in #Emby (CVE-2025-64113).

Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.

https://gebir.ge/blog/its-not-mine-cve-2025-64113/

Does anyone happen to own an ATM that they’re willing to sell? Preferably NCR or Wincor/Diebold Nixdorf. I‘m based in Hamburg and the ATM is mainly intended for #40C3. Will also take only parts or broken or ancient ATMs as well. Very long shot but worth a try :)

#39C3

Signal Creator Marlinspike Wants To Do For AI What He Did For Messaging https://slashdot.org/story/26/01/13/1529250/signal-creator-marlinspike-wants-to-do-for-ai-what-he-did-for-messaging?utm_source=rss1.0mainlinkanon

[RSS] Symless: an IDA assistant for structure reconstruction

https://blog.thalium.re/posts/symless-an-ida-assistant-for-structure-reconstruction/

[RSS] X41 Audited CRI-O Runtime

https://x41-dsec.de/security/research/job/news/2026/01/13/cri-o/

Observation: low-quality MCPs have more GitHub stars than their high-quality alternatives.

isomorphisms per monad

[RSS] Hungary grants asylum to former Polish minister implicated in spyware probe

https://therecord.media/hungary-asylum-spyware-probe-poland

'i learn so much by using an LLM' sure thing, just as anyone who ever 'learned' programming from a book while not bothering to type out a single line of code.

🔔CFP for #OffensiveCon26 is STILL open.
If you want a slot on one of the most technical offensive security stages out there, this is it.

We’re looking for real, original work: cutting-edge security research, novel exploit techniques, and deep technical investigations that actually move the field forward. Ready or not, the deadline is coming.

🗓️ CFP Deadline: 1 March 2026, 6:00 pm UTC
📬 Submit your talk: https://buff.ly/bPTM6wl

⏳ Last weeks. No extensions.

A useful chart on what type to use for flags in C/C++ depending on your D&D alignment:

Shot in the dark but is anyone else here a teacher? I am working on revising the literacy curriculum at my school and feel as though I’m doing it in complete isolation. I’d love to chat with another professional about it. #forkiverse #teachers #curriculum (im trying with this tagging stuff but I have legit never done it before)

On the morning of the 13th day of the year we have received *checks notes* 13 #curl vulnerability reports on Hackerone this year.

None a confirmed vulnerability.

libpng memory corruptions:

* CVE-2026-22695 - Heap buffer over-read in `png_image_read_direct_scaled` (regression from CVE-2025-65018 fix)

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

* CVE-2026-22801 - Integer truncation causing heap buffer over-read in `png_image_write_*`

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8