Love web & AI security research? Want to do it full time on-site with myself, Gareth Heyes & Zak Fedotkin? Join the PortSwigger Research team - we're hiring!

https://apply.workable.com/portswigger/j/FC27ED6166/

90% of the time you don’t need a DevOps guy.

You need a C++ guy, a SQL guy, and one fat server with a lot of ram.

StackOverflow used to run on *one* SQL Server with a hot spare.

Peaked Alexa Rank #36, 10+ Million visits a day.

Rust 1.93.0 has been released! 🌈 🦀✨

This release includes a new musl version for the *-linux-musl targets, adds support for #​[cfg] inside asm!(), and adds [T]::as_array, VecDeque::{pop_front_if, pop_back_if}, Vec/String::into_raw_parts, fmt::form_fn, and more! ✨

Check out the blog post and release notes for all the details: https://blog.rust-lang.org/2026/01/22/Rust-1.93.0/

JWT {"alg": "let-me-innnnn"} vuln

https://pentesterlab.com/blog/cve-2026-23993-harbourjwt-unknown-alg-jwt-bypass

TEE security breaks down in predictable ways. In our December webinar, we showed exactly where.
Jules Drean from Tinfoil walked through their threat model, covering repositories, hardware configurations, and CVM images. Our security engineers, Paul Bottinelli and Tjaden Hess, dug into vulnerabilities they've found in production TEE deployments.

Watch the full recording: https://watch.getcontrast.io/register/trail-of-bits-top-tee-bugs-you-should-fix-before-your-audit?utm_source=socials

Why there’s no European Google?
And why it is a good thing!

My answer to the European Commission "call for evidence on Open Source."

https://ploum.net/2026-01-22-why-no-european-google.html

#geminiprotocol link: gemini://ploum.net/2026-01-22-why-no-european-google.gmi

Kagi is growing! We're seeking an experienced Product Designer to join our fully remote team. If you're passionate about our vision and meet the qualifications outlined below, we'd love to hear from you!

https://kagi.peopleforce.io/careers/v/178633-product-designer-uiux

#Kagi #Jobs #FediHire #Remote

CVE-2026-22200: Ticket to Shell in osTicket https://horizon3.ai/attack-research/attack-blogs/ticket-to-shell-exploiting-php-filters-and-cnext-in-osticket-cve-2026-22200/

We need legislation on sideloading ASAP. Yesterday, I learned the hard way that I’m not allowed to use my own personal, paid developer certificate to sign IPAs I want to install on my own personal device. Wow. 😬

Google released its plan for opting out of its AI https://youtube.com/shorts/qnBWMcKKkKE?si=MnLxFNzzX8n3JAEo

I’ve written about the history of the word hacker and the word cracker, in French “hacker” is “pirate” and this little news clipping from L’Evangéline from May of 1980 shows that the word was in mainstream use earlier than hacker was in English. I think this is a story about the Dalton Gang.

I can share now:
Absolutely normal hotel room before #Pnw2Own attempt