Part of the reason of every service turning shit is that some technical writers assume that shit can only ever run on k8s...

https://worstofbreed.net/patterns/k8s-overkill/

#documentation

I laughed

https://github.com/curl/curl/pull/20312

There, now you know.

RE: https://mastodon.social/@fj/114024334222739130

Think of the folks at Palantir who built this.
https://www.404media.co/elite-the-palantir-app-ice-uses-to-find-neighborhoods-to-raid/

God bless people who do stuff like getting in touch with the US patent office and putting the source code for the 1998 furby on archive.org

https://archive.org/details/furby-source/mode/2up

I just got the weirdest e-mail:

It's a lab result for someone else. It has a PDF attachment, but I can see nothing malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist (in the US).

I'd say this must be a typo, but my e-mail address has only the first character (and probably the domain) matching with the persons name. I highly doubt his internet handle is a short keyboard distance from my Hungarian handle.

I have two theories:

a. This is a highly sophisticated scam (but I don't see the scam part yet)
b. Copilot hallucinated my e-mail address (which is actually pretty easy to scrape from the web)

Jerry did a nice write up on how to take on NTLM in your environment.

We've got some Very Fun updates coming out in the next little while on this front too.

https://techcommunity.microsoft.com/blog/CoreInfrastructureandSecurityBlog/active-directory-hardening-series---part-8-%E2%80%93-disabling-ntlm/4485782

Wikipedia turns 25 today! 🎂📚

To celebrate, we’re looking back at its baby pictures—some of the earliest captures of the site, preserved in the #WaybackMachine.

Take a nostalgic peek at early Wikipedia ⤵️

https://web.archive.org/web/20030301000000*/en.wikipedia.org

#WikipediaDay #Wikipedia25 @wikipedia

As I will be travelling starting tomorrow, I declare the #nakeddiefriday today.

Instead of going deeper into one particular die, this will be several of them but one-pagers.

This one is HV9911 by Supertex (now owned by Microchip). Those following me have probably seen the epic struggle with restoring a diving light; this one came from the LED driver chip in the light. Entirely undamaged, as far as I can tell. Of particular interest is an array of fuses in the top right corner.

#electronics #reverseengineering #icre

let's pour one to -fbounds-safety 🔥🌸
https://tech.lgbt/@fay59/115900565326279983

A 0-click exploit chain for the Pixel 9 /by @natashenka

Part 1.:
https://projectzero.google/2026/01/pixel-0-click-part-1.html

Part 2.:
https://projectzero.google/2026/01/pixel-0-click-part-2.html

Part 3.:
https://projectzero.google/2026/01/pixel-0-click-part-3.html

"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."

https://www.openwall.com/lists/oss-security/2026/01/10/1

Messages like this give me some hope in humanity <3

[RSS] CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center

https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/

Nariman Gharib, an #Iran cyber-espionage expert (on exile):

Obtained #Starlink terminal debug data from Iran during the ongoing internet shutdown.

The telemetry shows direct evidence of GPS spoofing: the dish detected 18 #GPS satellites with valid signal lock, but activated its anti-spoofing countermeasures (inhibitGps: true). This isn’t simple jamming; the government appears to be broadcasting fake GPS signals to confuse terminals.

The impact: 20%+ sustained packet loss, connection never stabilized after 24 minutes, bandwidth restricted, and beam pointing ~1° off target. Starlink stayed online but was barely usable.

The anti-spoofing detection works, but SpaceX’s fallback positioning can’t currently maintain normal performance under electronic warfare.

First documented technical evidence of state-level GPS spoofing against consumer satellite internet.

https://github.com/narimangharib/starlink-iran-gps-spoofing/blob/main/starlink-iran.md

New vulnerability report from Talos:

Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2279

CVE-2025-61973

#Ghidra 12.0.1 released, Change History:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

One question: have you seen recently packed software (malware or some proprietary application) that isn't Windows PE files? Like, I don't know, Linux ELFs, or MacOS MACH-O files, or Android apks.
#malware #packers

RE: https://furry.engineer/@soatok/115896145424737173

As a professional source code reviewer, I gotta agree with “We cannot overstate the extent to which just reading the OpenSSL source code has become miserable.” The answer to “how does OpenSSL—” is always “I don’t know and I don’t have six months to find out.” This is not true of alternative libraries with the same functionality.

📢 LAST CALL: IDA Plugin Contest!

The submission window closes January 15, 2026 @ 11:59pm CET.

Read the entry instructions and full details here:
https://hex-rays.com/plugin-contest

Good luck!