My first blog post on Windows Administrator Protection is out. https://projectzero.google/2026/26/windows-administrator-protection.html probably the most interesting and complex bug out of the 9 I found, but that doesn't mean the rest weren't interesting as well, stay tuned :D

RE: https://infosec.exchange/@briankrebs/115962508398912420

This might actually be the point where I just refuse to go.

Not getting an Apple/Google-sanctioned phone with SafetyNet in order to enter a country.

[RSS] Bypassing Windows Administrator Protection

https://projectzero.google/2026/26/windows-administrator-protection.html

[RSS] More Scope Injection for Fun and Profit (or, why those security updates broke your functions) [ColdFusion]

https://www.hoyahaxa.com/2026/01/more-scope-injection-for-fun-and-profit.html

[RSS] Districton 1 Slides - Control the Variables and You Control the Code: Language-Level Vulnerabilities in Adobe ColdFusion

https://www.hoyahaxa.com/2026/01/districton-1-slides-control-variables.html

[RSS] After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than fix the issues... Admins should follow the defensive recommendations to mitigate the issues if they choose to continue using the software or can't migrate to a different solution.

https://specterops.io/blog/2026/01/21/task-failed-successfully-microsofts-immediate-retirement-of-mdt/

Sign-up and first information are now live!
Save the date and start working on your productions!
https://2026.revision-party.net/

🆕 The URL Pattern API is Newly Available!

Use it to match and extract parts of URLs, no need to reinvent routing logic. Supports literals, wildcards, named groups, and even regex constraints.

Learn how it works 👇
https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API

it sounds like the Log4J bug-bounty might soon close as well: https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/comment-page-1/#comment-27393

Meta drops appeal against court ruling requiring non-algorithmic social media timelines https://nltimes.nl/2026/01/26/meta-drops-appeal-court-ruling-requiring-non-algorithmic-social-media-timelines

Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba’s Physical Access Control System https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system/

The end of the #curl bug-bounty

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

The presumption that free software is sufficient or necessary to ensure all software you depend on is trustworthy is simultaneously naive and ignorant of what software is capable of. The only realistic way to develop trust in software is to trust the people who write it, and development processes associated with free software make that trust easier.

The other day it was cows using tools, today its penguins using satellite imagery.

When playing chess against the computer I always feel like Wookie

Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME" errors after installing the January 2026 Patch Tuesday security updates.

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-windows-11-boot-failures-after-january-updates/

Demystifying CVE-2025-47987 [Heap-based buffer overflow in Windows Cred SSProvider Protocol LPE]

https://kryptoenix.github.io/blog/demystifying-CVE-2025-47987/

Budapest Micro will be back in March with workshops and Chiptune \o/

https://www.scene.hu/2026/01/24/budapest-micro-vol3-2026-03-28-harom-hollo-budapest/

(I've been to a *lot* of different, often very extreme shows, but I will never forget the first Budapest Micro!)

#chiptune #demoscene #budapest

[RSS] Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary

https://binary.ninja/2026/01/23/reversing-linux-anti-re.html

#ReverseEngineering

[RSS] [Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

https://code-white.com/blog/2026-01-nsm-rce/

CVE-2025-34164, CVE-2025-34165