(No) surprise!

I think we all saw this coming... #Odido didn't remove data when they said they would, which we now know because it leaked out. Some leaked data was from customers who left 10 years ago, while they state they remove it after 2. Only 8 years late. Even the tax office doesn't need it that long...

https://nos.nl/artikel/2602804-odido-overschrijdt-eigen-termijn-bewaren-gegevens

#datalek #privacy #databreach #cybersecurity #dataleak #security #TMobile

OPNSense managed to destroy itself during an update, still people wonder why companies buy Fortinet...

What stage of #enshittification is it when Amazon adds a "Download Problems" option to it's Refund menu instead of fixing their system so people can download their digital purchases?

(Would it be ironic if I supported Anna's Archive with Amazon gift cards after I downloaded the books from there?)

a nice neat “quartz of course” generator

https://marshdeer.github.io/xkcd2501-generator/

RE: https://furry.engineer/@soatok/116082533052740652

ok the ghost vuln is quite funny. the WAF example really sounds like an array is involved there and it would have bet 20 bucks that its a type confusion (because despite it being 2026 its really easy to shoot yourself in the foot if your types get quirky)

but - spoilers - nope, its really just straight up string interpolation into raw sql like in the good ol days lmao. oh well, happens

[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793)

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

nono - kernel-enforced capability sandbox for AI agents https://nono.sh

I’ve been working on this for a while, but let’s make it official: I started a little Tumblr-like microblog about software craft and quality!

You can sign up via RSS or a weekly newsletter digest. There’s already almost two months of content in there, if you just want to check it out.

Hope you like it!

https://unsung.aresluna.org/

Just got this link on my discord - https://www.kickstarter.com/projects/bitman/bootblock-rebels - passing it along because this book looks fun!

The past two months, I've been working on a little pet project, lovingly called OnlyJunk.Fans: hosted iocaine. For free. Because I could, and wanted to.

It's going to officially launch on the 17th of February, in just a few days. But I thought I'll blog about it before the launch, because I won't have time to do so later.

🚨 New advisory was just published!

Source code review of the Novarain/Tassos framework uncovered 3 critical primitives: unauthenticated file read, unauthenticated file deletion, and SQL injection enabling arbitrary DB reads, affecting 5 widely deployed Joomla! Extensions. Chained together, these bugs allow reliable RCE and administrator account takeover on unpatched Joomla! Instances: https://ssd-disclosure.com/joomla-novarain-tassos-framework-vulnerabilities/

❤️ Thank you to the #Archlinux Wiki maintainers! ❤️

#Maintainers in general, and maintainers of documentation most of the time get way too little recognition for their contributions to #SoftwareFreedom.

ArchWiki is one of the pearls of the internet! That's why I dedicated my this year's #ilovefs post to the #ArchWiki maintainers!

https://k7r.eu/i-love-the-work-of-the-archwiki-maintainers/

Naming things is freaking hard...

Ars Technica retracted an article about how AI is making the world worse because...
the Ars article itself contained AI-generated quotes in it.

https://arstechnica.com/staff/2026/02/editors-note-retraction-of-article-containing-fabricated-quotations/

Welp, we had a decent run, folks. But it's time to call it.

Not sure if it’s useful for anyone. 0 dependency parser for plist (xml only) in the browser

https://codecolor.ist/tinyplist/

[RSS] IDA Pro 9.3 released

https://docs.hex-rays.com/release-notes/9_3

[RSS] vitoplantamura/BugChecker: SoftICE-like kernel debugger for Windows 11

https://github.com/vitoplantamura/BugChecker

r2web now has a built-in code editor 🤟, Edit radare2 scripts right in-browser, Fully mobile UI friendly as always.

#radare2

2026, the year of the AI-driven attacker that could do back flips, they said.

Meanwhile, there's a magic number that allows Auth Bypass against Ivanti EPM (CVE-2026-1603)

something about a pledge 🙄

Now that we have the infinite monkeys as software, could someone let them know that we don't need someone to write the complete works of Shakespeare again? We have libraries for that.