It's a lesser known fact that these bad boys are still used to serve Windows updates:

RE: https://mastodon.social/@bagder/116001950411560304

My CVEs are still at 0 medals, but thanks to VxWorks I was able to achieve a CVE on Mars (#Curiosity rover, CVE-2023-38346) 😉

Btw. if anyone from #NASA could confirm curiosity was/is really affected (but probably without attack vector so no impact I guess), that would mean a lot to me

Epstein and Steve Bannon discussing how to get spectrum boys^W^Whackers on their side as they are the "most powerful (dangerous) US group":

https://threadreaderapp.com/thread/2018146239716667744.html

Also, how to get Bannon to stage at DEFCON lol

One of many talks I missed for not going to #fosdem, happy to watch them online now! “ga68, the GNU Algol 68 compiler at FOSDEM 2026” — https://m.youtube.com/watch?v=42rOV7mBd1E

The cathartic effect of reverse engineering without a business objective should have its own therapy book.

Gen Alpha smashes the stack with "gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggg"... (0x67676767)

One of our AI threat team pointed me at this:

https://zenodo.org/records/18444900

Interesting analysis of Moltshite.

#threatintel, #aislop

i made a version of wikipedia you can doomscroll
https://xikipedia.org/

[RSS] vr2jb: Pwning the PlayStation VR2 using Sony's hidden recovery mode

https://bnuuy.solutions/2026/02/01/ps-vr2-recovery-mode.html

Help needed: I'm writing a commissioned piece on getting business insurance for AI issues. Are you an expert I could quote on the topic? Do you know one? Please forward this around! Email is dgerard@gmail.com. Thank you!

[RSS] Pipe Dreams: Remote Code Execution via Quest Desktop Authority Named Pipe

https://www.netspi.com/blog/technical-blog/adversary-simulation/pipe-dreams-remote-code-execution-via-quest-desktop-authority-named-pipe/

[RSS] Notepad++ Hijacked by State-Sponsored Hackers

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

#REshare exporter for #BinaryNinja is getting into shape! A sane API and good documentation made a world of difference, but of course I found a bit in the type system that required some hacks :)

https://github.com/v-p-b/reshare

Code coming next week after some more testing.

#ReverseEngineering

According to the Epstein files, he had a "personal hacker" working for him. The FBI document says Epstein's personal hacker was an "Italian citizen born in Calabria who developed zero-day exploits and offensive cyber tools and sold the tools to governments."

https://www.justice.gov/epstein/files/DataSet%2010/EFTA01683874.pdf

"[Redacted] sold a zero-day to Hebollah. [Redacted] was known as the first person to hack and find vulnerabilities in Blackberries and iOS. He was known for finding Firefox vulnerabilities. [Redacted] former company was acquired by CrowdStrike in fall of 2017 and was currently a vice president there."

"S//NF= was very good at finding vulnerabilities was friends with "old school" European hackers. "Received a trunk of cash from Hezbollah when was in Italy; drove the money to Switzerland and deposited it in another ba [redacted]. [redacted] owned a theater company in California and he used the theater company to launder his zeroday money

"Made six figures from the sale of his zero-days. He sold his tools to United Kingdom GCHQ and provided training to the organization. He also sold his zero-days to a Central African government, as well as Hezbollah for political reasons. The Italian Government asked for help, but [redacted] declined because he felt the Government was incompetent. Calabria was mob-controlled an did not have much loyalty for his birth country.

"[Redacted] sold his exploits to the United States and United Kingdom, but he would not sell to Asian countries because he a is racist. He was also anti-Semitic. [Redacted] was terrified of Russia, however, and would never travel there. He lived in Dubai at one time, and was acquainted with the [redacted] lived in Oman as well. He may have an Iranian and Israeli passport, in addition to his Vatican City passport"

Looks likely the top commenter here is correct about "Epstein's hacker":

https://www.reddit.com/r/cybersecurity/comments/1qsi6ds/informant_told_fbi_that_jeffrey_epstein_had_a/

From a single tiny bug recursion creates infinite tiny bugs that eat your program whole.

RE: https://mastodon.social/@XC3LL/115990518822402879

Very valuable insight if you are into #redteaming

For researchers and those trying to disclose incidents responsibly or get help:

There is an international organization called FIRST.

From the FIRST Teams website:

"This is a list of the contact information for incident response teams participating in FIRST, the Forum of Incident Response and Security Teams. The teams are responsible for providing FIRST with their latest contact information for this page. The list is alphabetized by team name. All telephone numbers are preceded with the appropriate country code."

There are 829 teams listed. Some are government CERT teams, some are corporate incident response teams.

You might want to bookmark the site to speed up your attempt to contact these teams:

https://www.first.org/members/teams/#

#responsibledisclosure #incidentresponse #CERT

I appear to have created a "sound card" for a 4-bit CPU.

As you do.

https://diyelectromusic.com/2026/01/31/td4-4-bit-sound/

#TD4 #SynthDIY

RE: https://diyelectromusic.com/?p=19735

today’s one-sentence horror:

sudo has been largely maintained by a single person for ~30+ years

Raymond Chen published half dozen posts about SAFEARRAY handling:

What’s the difference between Safe­Array­Access­Data and Safe­Array­Add­Ref?
https://devblogs.microsoft.com/oldnewthing/20260126-00/?p=112016

A digression on the design and implementation of Safe­Array­Add­Ref and extending APIs in general
https://devblogs.microsoft.com/oldnewthing/20260127-00/?p=112018

Why did I lose the data even though I called Safe­Array­Add­Ref?
https://devblogs.microsoft.com/oldnewthing/20260128-00/?p=112021

How can I retain access to the data in a SAFEARRAY after my method returns?
https://devblogs.microsoft.com/oldnewthing/20260129-00/?p=112023

Why not store the SAFEARRAY reference count as a hidden allocation next to the SAFEARRAY?
https://devblogs.microsoft.com/oldnewthing/20260130-00/?p=112025