[RSS] Introducing rzweb: A Web-Based Binary Analyzer Using Rizin and WebAssembly - Open-Source and Browser-Only

https://github.com/indalok/rzweb

Really, no one?

[RSS] wtf is NS_ERROR_INVALID_CONTENT_ENCODING? investigating shared dictionaries and ChatGPT breakage in Firefox

https://joshua.hu/chatgpt-fail-loading-firefox

Tracing the ptrace

https://blogs.oracle.com/linux/tracing-the-ptrace

GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)

https://www.openwall.com/lists/oss-security/2026/01/16/5

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

https://www.openwall.com/lists/oss-security/2026/01/16/6

Part of the reason of every service turning shit is that some technical writers assume that shit can only ever run on k8s...

https://worstofbreed.net/patterns/k8s-overkill/

#documentation

I laughed

https://github.com/curl/curl/pull/20312

There, now you know.

RE: https://mastodon.social/@fj/114024334222739130

Think of the folks at Palantir who built this.
https://www.404media.co/elite-the-palantir-app-ice-uses-to-find-neighborhoods-to-raid/

God bless people who do stuff like getting in touch with the US patent office and putting the source code for the 1998 furby on archive.org

https://archive.org/details/furby-source/mode/2up

I just got the weirdest e-mail:

It's a lab result for someone else. It has a PDF attachment, but I can see nothing malicious in it. The sender domain exists and does lab stuff. I looked up the person in the document and he seems to exist (in the US).

I'd say this must be a typo, but my e-mail address has only the first character (and probably the domain) matching with the persons name. I highly doubt his internet handle is a short keyboard distance from my Hungarian handle.

I have two theories:

a. This is a highly sophisticated scam (but I don't see the scam part yet)
b. Copilot hallucinated my e-mail address (which is actually pretty easy to scrape from the web)

Jerry did a nice write up on how to take on NTLM in your environment.

We've got some Very Fun updates coming out in the next little while on this front too.

https://techcommunity.microsoft.com/blog/CoreInfrastructureandSecurityBlog/active-directory-hardening-series---part-8-%E2%80%93-disabling-ntlm/4485782

Wikipedia turns 25 today! 🎂📚

To celebrate, we’re looking back at its baby pictures—some of the earliest captures of the site, preserved in the #WaybackMachine.

Take a nostalgic peek at early Wikipedia ⤵️

https://web.archive.org/web/20030301000000*/en.wikipedia.org

#WikipediaDay #Wikipedia25 @wikipedia

As I will be travelling starting tomorrow, I declare the #nakeddiefriday today.

Instead of going deeper into one particular die, this will be several of them but one-pagers.

This one is HV9911 by Supertex (now owned by Microchip). Those following me have probably seen the epic struggle with restoring a diving light; this one came from the LED driver chip in the light. Entirely undamaged, as far as I can tell. Of particular interest is an array of fuses in the top right corner.

#electronics #reverseengineering #icre

let's pour one to -fbounds-safety 🔥🌸
https://tech.lgbt/@fay59/115900565326279983

A 0-click exploit chain for the Pixel 9 /by @natashenka

Part 1.:
https://projectzero.google/2026/01/pixel-0-click-part-1.html

Part 2.:
https://projectzero.google/2026/01/pixel-0-click-part-2.html

Part 3.:
https://projectzero.google/2026/01/pixel-0-click-part-3.html

"I hope you're fine and healthy. The reason I am writing this mail is to share a few of my experiments and research I've done to come up with a reasonable stack pivot detection for the Syd kernel. TL;DR I have failed and I have learned a lot."

https://www.openwall.com/lists/oss-security/2026/01/10/1

Messages like this give me some hope in humanity <3

[RSS] CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center

https://cymulate.com/blog/cve-2026-20965-azure-windows-admin-center-tenant-wide-rce/

Nariman Gharib, an #Iran cyber-espionage expert (on exile):

Obtained #Starlink terminal debug data from Iran during the ongoing internet shutdown.

The telemetry shows direct evidence of GPS spoofing: the dish detected 18 #GPS satellites with valid signal lock, but activated its anti-spoofing countermeasures (inhibitGps: true). This isn’t simple jamming; the government appears to be broadcasting fake GPS signals to confuse terminals.

The impact: 20%+ sustained packet loss, connection never stabilized after 24 minutes, bandwidth restricted, and beam pointing ~1° off target. Starlink stayed online but was barely usable.

The anti-spoofing detection works, but SpaceX’s fallback positioning can’t currently maintain normal performance under electronic warfare.

First documented technical evidence of state-level GPS spoofing against consumer satellite internet.

https://github.com/narimangharib/starlink-iran-gps-spoofing/blob/main/starlink-iran.md