#curl security moves again. Back to #hackerone

https://daniel.haxx.se/blog/2026/02/25/curl-security-moves-again/

It often feels like the world of tech is nothing but bad actors and bad news these days, it is always refreshing to read about something that is a fundamentally amazing example of technology and human ingenuity. This article about the process and people that sit behind the undersea cables that connect our world (and how they are productively recovered) is an example of that type of story. You should check it out!

https://www.wired.com/story/say-goodbye-to-the-undersea-cable-that-made-the-global-internet-possible/

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026).

Full details are available in the Call for Papers:
https://www.usenix.org/conference/woot26/call-for-papers

IBM crashes because we’re gonna YOLO a replacement for banking and credit-card back-ends, replacing billions of lines of COBOL with vibe code. Uh…

https://www.techbuzz.ai/articles/ibm-crashes-11-as-anthropic-threatens-cobol-empire

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/

I'd like to write more of those but it's so time-consuming. 😔

#cve #windows

A Meta employee who works on AI safety let an AI agent named OpenClaw loose on her inbox and it deleted all her email. (This tracks; companies like Meta actually don’t care about AI safety and hire accordingly.) https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/

New blog post 😊

If you replace all the innerHTML with setHTML, you will be free from XSS and other injection attacks. Goodbye innerHTML, Hello setHTML

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

(Kudos to our folks for specifying, building and shipping!)

We're hiring! 🚀

We have an open position for the Senior Deception Engineer role at @watchtowrcyber

Looking for someone with deep #honeypot and deception experience to join my team!

https://careers.watchtowr.com/jobs/7012653-senior-deception-engineer

Talks from the Hackfest 2025 security conference, which took place in October, are available on YouTube

https://www.youtube.com/playlist?list=PLaXanmjyAPzG6heHuTSu9f6lIZF25qevU

Future linguists and archeologists are gonna go fucking crazy on this in 150 years

Some breaking news out of Russia: Officials have started an investigation into Telegram founder Pavel Durov for promoting terrorism

https://www.kommersant.ru/doc/8460981?from=top_main_2

I occasionally help an elderly neighbor get stuff done with their computer. And every single time, I walk away in incandescent rage at how hard we have made this stuff for people who have not spend their entire waking lives marinating in it

Can you recommend me some tool for performance testing of native applications to integrate into CI/CD? The idea is that I would like to test the performance change of specific changes to a code base. It's trivial to write, but I'm 99% sure something must exists, alas, I cannot find such a project.

#PerformanceTesting #ContinuousIntegration #cicd

i built an entire x86 CPU emulator in CSS (no javascript)

you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

https://lyra.horse/x86css/

8086 instruction set implemented in pure css, amazing https://lyra.horse/x86css/