Observation:

- People started deploying anti-scraping measures to fight LLM scraping
- Web indexers can't index stuff anymore
- Search results are even worse than before
- The only way to retrieve the information is to use models that were trained in pre-anti-scraping times (or beat anti-scraping)

If I'm right, anti-scraping can actually push people towards LLM's (who currently absolutely have the capacity to circumvent most anti-scraping).

If you think you share knowledge worth finding, please consider this before deploying countermeasures!

#scraping #search #llm

Something new in our community and that deserves more attention: Breakdown of BLERP, the BLE re-pairing attacks by
Daniele Antonioli
& Sacchetti (NDSS 2026). TL;DR: the BLE standard doesn't authenticate re-pairing.
Paper + PoC indexed there:
https://community.penthertz.com/t/blerp-ble-re-pairing-attacks-and-defenses/17

Access control bypass via header smuggling, with no desync required! Using header smuggling for more than HTTP desync like this is totally underrated - a lot of defences only filter the CL and TE headers. You can detect these with Parser Discrepancy Scan.
https://www.linkedin.com/posts/jakedmurphy1_excited-to-share-that-i-recently-identified-activity-7431735557115789313-xhnA/

[RSS] Abusing Cortex XDR Live Terminal as a C2

https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/

I have a successful build and I only had to patch Meson twice!

#curl security moves again. Back to #hackerone

https://daniel.haxx.se/blog/2026/02/25/curl-security-moves-again/

It often feels like the world of tech is nothing but bad actors and bad news these days, it is always refreshing to read about something that is a fundamentally amazing example of technology and human ingenuity. This article about the process and people that sit behind the undersea cables that connect our world (and how they are productively recovered) is an example of that type of story. You should check it out!

https://www.wired.com/story/say-goodbye-to-the-undersea-cable-that-made-the-global-internet-possible/

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026).

Full details are available in the Call for Papers:
https://www.usenix.org/conference/woot26/call-for-papers

IBM crashes because we’re gonna YOLO a replacement for banking and credit-card back-ends, replacing billions of lines of COBOL with vibe code. Uh…

https://www.techbuzz.ai/articles/ibm-crashes-11-as-anthropic-threatens-cobol-empire

After 6 years of waiting we are promised to finally be able to reliably open terminals in Windows VMs:

https://github.com/microsoft/terminal/issues/4750

#progress

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/

I'd like to write more of those but it's so time-consuming. 😔

#cve #windows

A Meta employee who works on AI safety let an AI agent named OpenClaw loose on her inbox and it deleted all her email. (This tracks; companies like Meta actually don’t care about AI safety and hire accordingly.) https://techcrunch.com/2026/02/23/a-meta-ai-security-researcher-said-an-openclaw-agent-ran-amok-on-her-inbox/

Got reminded of this epic GeoHot talk:

USENIX Enigma 2016 - Timeless Debugging

https://www.youtube.com/watch?v=eGl6kpSajag

New blog post 😊

If you replace all the innerHTML with setHTML, you will be free from XSS and other injection attacks. Goodbye innerHTML, Hello setHTML

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

(Kudos to our folks for specifying, building and shipping!)

Team TESO CVS archive

https://github.com/hackerschoice/team-teso

We're hiring! 🚀

We have an open position for the Senior Deception Engineer role at @watchtowrcyber

Looking for someone with deep #honeypot and deception experience to join my team!

https://careers.watchtowr.com/jobs/7012653-senior-deception-engineer

Future linguists and archeologists are gonna go fucking crazy on this in 150 years

[RSS] NSA, Theft, and the Original Quantum Lazlo

https://jericho.blog/2026/02/23/nsa-theft-and-the-original-quantum-lazlo/

Can you recommend me some tool for performance testing of native applications to integrate into CI/CD? The idea is that I would like to test the performance change of specific changes to a code base. It's trivial to write, but I'm 99% sure something must exists, alas, I cannot find such a project.

#PerformanceTesting #ContinuousIntegration #cicd

i built an entire x86 CPU emulator in CSS (no javascript)

you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

https://lyra.horse/x86css/