🔴 Clift: a new MLIR dialect for decompiling C

Clift is the AST-like IR that the rev.ng decompiler uses as the last stage before emitting C code.

Clift is an MLIR dialect, a sort of "meta IR" that enables you to define your own types and instructions

Good news. We just published the Firefox Security & Privacy newsletter for 2025 Q4

https://attackanddefense.dev/2026/01/30/firefox-security-privacy-newsletter-2025-q4.html

Very important post by @kagihq (feel free to ignore the AI CEO-speak at the beginnig):

Waiting for dawn in search: Search index, Google rulings and impact on Kagi

https://blog.kagi.com/waiting-dawn-search

Feels like Sun spot activity is wild today...

As developing a decent QA process for Linux distros seems to be impossible I don't get how enabling automatic updates by default seemed like a reasonable thing to do...

This is wild, there have been changes on the Cain&Able repository lately (yes that tool you used in your first IT security hands-on class 20 years ago) https://github.com/xchwarze/Cain #itsecurity #hacking

County Pays $600,000 To Pentesters It Arrested For Assessing Courthouse Security https://it.slashdot.org/story/26/01/29/2147207/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security?utm_source=rss1.0mainlinkanon

Cable modem died, yaay...

RE: https://tech.lgbt/@ShadowJonathan/115979646528496303

Give me Universal Basic Income and watch me obsessively plant fruit and nut trees in the entire city.

rustc be like

RE: https://mas.to/@pooh/115980278517566505

As a former K-12 technology educator, let me break this down for you. If a "toy" comes with an app, it isn't a toy; it's a data collection mechanism, and likely a brand loyalty engine.

Kids don't need these things. In fact, they're much, much better off without them.

https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/

[RSS] How to bisect Linux Kernel build and boot failures with TuxMake and TuxRun

https://www.linaro.org/blog/how-to-bisect-linux-kernel-build-and-boot-failures-with-tuxmake-and-tuxrun/

"A common fallacy is to assume authors of incomprehensible code will somehow be able to express themselves lucidly and clearly in comments."
– @kevlin

"... or prompts." I would like to add.

NoFX pops out of retirement to say #fuckICE 🤘:

https://www.youtube.com/watch?v=sU6s6VEJxrU

Today's software signatures may not survive tomorrow's quantum computers.
Over the past two years, we collaborated with the Sigstore community to build controlled cryptographic agility into the ecosystem with a centralized algorithm registry, configurable restrictions, and Go implementations of post-quantum algorithms LMS and ML-DSA to prove it's future-ready. https://blog.trailofbits.com/2026/01/29/building-cryptographic-agility-into-sigstore/

[RSS] RCE in Command & Conquer Generals

https://www.atredis.com/blog/2026/1/26/generals

[RSS] CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue

https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

[RSS] Samstung Part 1 :: Remote Code Execution in MagicINFO 9 Server

https://srcincite.io/blog/2026/01/28/samstung-part-1-remote-code-execution-in-magicinfo-server.html

Only ninety-nine (99) days to go!! High time to submit your abstract(s) to the program committee. We are really looking forward to receive & review them! https://cfp.nluug.nl/.

🚨 New advisory was just published! 🚨

Three new post auth vulnerabilities have been found in ISPConfig. These vulnerabilities allow attackers who have either Reseller or Client accounts to escalate to root level access via unsafe theme handling and backup restore/download symlink abuse: https://ssd-disclosure.com/ispconfig-multiple-post-auth-privilege-escalation-vulnerabilities/