CVE-2025-56005 - If you pass untrusted data in the `run_this_code` parameter of bar() of library foo then untrusted code gets executed. This is a vulnerability, because it's not documented that `run_this_code` will run code.

Developer resigned:
https://github.com/dabeaz/ply/commit/9d7c40099e23ff78f9d86ef69a26c1e8a83e706a

#cve #slop #FOSS

I took a slip from my tea mug. It wasn't the rum I expected.

I'm deeply disappointed.

Have we considered suggesting DNS-over-ChatGPT yet?

With TikTok now going to be owned by Larry Ellison and Emerati MGX/G42, the concerns about it being used as a government propaganda machine really are totally put to rest. Phew!

(My hope remains that this move will ruin the product and the kids will move on.)

Microsoft is handing over Bitlocker keys to law enforcement. https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

[RSS] Firefox / WebRTC Encoded Transforms: UAF via undetached ArrayBuffer / CVE-2025-1432

https://aisle.com/blog/firefox-webrtc-encoded-transforms-uaf-via-undetached-arraybuffer-cve-2025-14321

Love web & AI security research? Want to do it full time on-site with myself, Gareth Heyes & Zak Fedotkin? Join the PortSwigger Research team - we're hiring!

https://apply.workable.com/portswigger/j/FC27ED6166/

[RSS] Dead Ends, Red Herrings, and Failures In Our Time

https://www.hoyahaxa.com/2026/01/dead-ends-red-herrings-and-failures-in.html

(ColdFusion research #fail)

[RSS] Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn

https://www.thezdi.com/blog/2026/1/23/pwn2own-automotive-2026-day-three-results-and-the-master-of-pwn

90% of the time you don’t need a DevOps guy.

You need a C++ guy, a SQL guy, and one fat server with a lot of ram.

StackOverflow used to run on *one* SQL Server with a hot spare.

Peaked Alexa Rank #36, 10+ Million visits a day.

[LWN] Responses to gpg.fail

https://lwn.net/SubscriberLink/1054220/c6f98b90a009fca2/

Rust 1.93.0 now provides much more helpful error messages when associated types miss lifetimes:

Thanks again to @ekuber for picking up my original report:

https://github.com/mainmatter/100-exercises-to-learn-rust/issues/245

[RSS] Ticket to Shell: Exploiting PHP Filters and CNEXT in osTicket (CVE-2026-22200)

https://horizon3.ai/attack-research/attack-blogs/ticket-to-shell-exploiting-php-filters-and-cnext-in-osticket-cve-2026-22200/

Rust 1.93.0 has been released! 🌈 🦀✨

This release includes a new musl version for the *-linux-musl targets, adds support for #​[cfg] inside asm!(), and adds [T]::as_array, VecDeque::{pop_front_if, pop_back_if}, Vec/String::into_raw_parts, fmt::form_fn, and more! ✨

Check out the blog post and release notes for all the details: https://blog.rust-lang.org/2026/01/22/Rust-1.93.0/

JWT {"alg": "let-me-innnnn"} vuln

https://pentesterlab.com/blog/cve-2026-23993-harbourjwt-unknown-alg-jwt-bypass

TEE security breaks down in predictable ways. In our December webinar, we showed exactly where.
Jules Drean from Tinfoil walked through their threat model, covering repositories, hardware configurations, and CVM images. Our security engineers, Paul Bottinelli and Tjaden Hess, dug into vulnerabilities they've found in production TEE deployments.

Watch the full recording: https://watch.getcontrast.io/register/trail-of-bits-top-tee-bugs-you-should-fix-before-your-audit?utm_source=socials

The latest entries on @codewhitesec 's vuln list seems to be a collision with @watchTowr 's SmarterMail publication:

https://code-white.com/public-vulnerability-list/#authenticationserviceforceresetpassword-missing-authentication-in-smartermail

I'm curious about the story here!

Why there’s no European Google?
And why it is a good thing!

My answer to the European Commission "call for evidence on Open Source."

https://ploum.net/2026-01-22-why-no-european-google.html

#geminiprotocol link: gemini://ploum.net/2026-01-22-why-no-european-google.gmi

Kagi is growing! We're seeking an experienced Product Designer to join our fully remote team. If you're passionate about our vision and meet the qualifications outlined below, we'd love to hear from you!

https://kagi.peopleforce.io/careers/v/178633-product-designer-uiux

#Kagi #Jobs #FediHire #Remote

CVE-2026-22200: Ticket to Shell in osTicket https://horizon3.ai/attack-research/attack-blogs/ticket-to-shell-exploiting-php-filters-and-cnext-in-osticket-cve-2026-22200/