[RSS] After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than fix the issues... Admins should follow the defensive recommendations to mitigate the issues if they choose to continue using the software or can't migrate to a different solution.

https://specterops.io/blog/2026/01/21/task-failed-successfully-microsofts-immediate-retirement-of-mdt/

Sign-up and first information are now live!
Save the date and start working on your productions!
https://2026.revision-party.net/

🆕 The URL Pattern API is Newly Available!

Use it to match and extract parts of URLs, no need to reinvent routing logic. Supports literals, wildcards, named groups, and even regex constraints.

Learn how it works 👇
https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API

it sounds like the Log4J bug-bounty might soon close as well: https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/comment-page-1/#comment-27393

Meta drops appeal against court ruling requiring non-algorithmic social media timelines https://nltimes.nl/2026/01/26/meta-drops-appeal-court-ruling-requiring-non-algorithmic-social-media-timelines

Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba’s Physical Access Control System https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system/

The end of the #curl bug-bounty

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

The presumption that free software is sufficient or necessary to ensure all software you depend on is trustworthy is simultaneously naive and ignorant of what software is capable of. The only realistic way to develop trust in software is to trust the people who write it, and development processes associated with free software make that trust easier.

The other day it was cows using tools, today its penguins using satellite imagery.

When playing chess against the computer I always feel like Wookie

Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME" errors after installing the January 2026 Patch Tuesday security updates.

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-windows-11-boot-failures-after-january-updates/

Demystifying CVE-2025-47987 [Heap-based buffer overflow in Windows Cred SSProvider Protocol LPE]

https://kryptoenix.github.io/blog/demystifying-CVE-2025-47987/

Budapest Micro will be back in March with workshops and Chiptune \o/

https://www.scene.hu/2026/01/24/budapest-micro-vol3-2026-03-28-harom-hollo-budapest/

(I've been to a *lot* of different, often very extreme shows, but I will never forget the first Budapest Micro!)

#chiptune #demoscene #budapest

[RSS] Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary

https://binary.ninja/2026/01/23/reversing-linux-anti-re.html

#ReverseEngineering

[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

https://code-white.com/blog/2026-01-nsm-rce/

CVE-2025-34164, CVE-2025-34165

2girls1cup.mov

RE: https://stefanbohacek.online/@stefan/115950604491314488

AMD4700S Root Key 0 SHA256: 95333bf313b67f653e2b80518d39e39cbc8f481f61a86f6052d2b277217206d3
AMD4700S Root Key 1 SHA256: e2e0e8f8e0c66339c28ed3ee66e2fc9499ac5a5332009f57df556b4b319a73a7
AMD4700S Root Key 2 SHA256: f87833eb4a152f25d07051e73b23a5923fa8ddbdac879940eb1703fa5f9a4d09
AMD4700S Root Key 3 SHA256: 5163e65a31dab1bb833802390dc0bc0d330c8592e20f31133f2be27dbec109b8

Hash values calculated using the raw key bytes. If you get something else, try reversing all key bytes.

One of my hinges broke (it supported a small, light door for whole 10 years...) and the only replacement I found would be from the UK manufacturer, wholesale, so I put on this great album:

https://www.youtube.com/watch?v=ktYn7OZCN4c&list=PLymNFxwBo3tjsy_HQdenCQ1K4a5hrHv9t

stumbled into the Logitech subreddit and found out that Logitech's code signing certificate for macOS expired a few weeks ago, which caused Logitech Options+ to be unable to launch, which stopped everyone's mice from working until Logitech updated it.

so much stupid involved here.

There is an open position on my team:
https://crowdstrike.wd5.myworkdayjobs.com/en-CA/crowdstrikecareers/job/United-Kingdom---Remote/Security-Researcher--Malware-Triage--Remote-_R26466
While this is not currently listed here, I am certain that U.S. remote is an option and if you're in Canada, I strongly expect that this would work as well.