What Windows Server 2025 Quietly Did to Your NTLM Relay https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/

LOGOS/ASTLOGO.GIF

Want to learn more about Chrome exploitation?

In our latest article, we break down two critical Android GPU driver vulnerabilities that enabled Chrome sandbox escape from a compromised renderer and were used in full device exploit chains. Read the full technical analysis here: https://ssd-disclosure.com/chrome-gpu-sandbox-escape-via-qualcomm-adreno-and-arm-mali-gpu-drivers/

I just realized that my cyclomatic complexity calculator breaks with PyGhidra so I pushed some fixes:

https://github.com/v-p-b/rabbithole

#Ghidra #ReverseEngineering

I found this Veratasium documentary on the xz Jia Tan backdoor adventure quite good and surprisingly detailed:

https://www.youtube.com/watch?v=aoag03mSuXQ

This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

The package of my toothpaste says "95% Natural Origin".

5% of my toothpaste is supernatural :O

In the Future All Food Will Be Cooked in a Microwave, and if You Can’t Deal With That Then You Need to Get Out of the Kitchen

https://www.colincornaby.me/2025/08/in-the-future-all-food-will-be-cooked-in-a-microwave-and-if-you-cant-deal-with-that-then-you-need-to-get-out-of-the-kitchen/

The truth about "free" search and why it's a trap:

https://www.youtube.com/shorts/IrGegzLXRUk

#Kagi #Search

from my link log —

Turing completeness of GNU find: from mkdir-assisted loops to standalone computation.

https://arxiv.org/abs/2602.20762

saved 2026-02-25 https://dotat.at/:/XR86F.html

Signficant segments of the tech industry think we’re months away from not needing to review LLM-agent code anymore.

I just reviewed an LLM-generated PR in which it quietly switched two out of 100 calls to the get_customer_data() function to the variant that doesn’t check that the customer owns the requested data.

I’m sure this is fine.

Is it possible/reasonable to compile @fridadotre with V8 in 2026? (I just reported a couple of QuickJS bugs that are blockers for me)

If so, are there any documentation available about the build process or is that knowledge lost to bitrot?

#Frida #ReverseEngineering

[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) https://zerodayinitiative.com/advisories/ZDI-26-124/

Today's oofness is on us :(:

https://blog.talosintelligence.com/uat-8616-sd-wan/

#threatintel, #sdwan

And so but anyway, did I ever tell you about my most humiliating experience as a skilled and successful computer programmer?

How many people know that #WordPress was co-founded by a black man, Mike Little?

Or that he's from the north of England? A self-taught coder from #Stockport, just south of #Manchester? Or that he never received so much as a share, cent or job offer from the $7bn+ valued Automattic after spending five months working exclusively with Matt Mullenweg on the B2 fork?

After @bevangelist told me about @mikelittle I interviewed him for a documentary I never got round to making. Back then I was left with two certainties: he's Wozniak to Mullenweg's Jobs. Among other things he added the one-click upgrade that's been central to WP's bonkers 45%-of-the-web-success. And he's one of the nicest people I've ever interviewed, which is also bonkers given that he not only didn't share in WP's financial success, but that he's barely known.

But he should be - so, better late than never - please meet #MikeLittle, perhaps the most-influential-least-known person in #foss… https://25.netribution.co.uk/nic/mike-little-the-british-co-founder-of-wordpress-youve-probably-never-heard-of/

Observation:

- People started deploying anti-scraping measures to fight LLM scraping
- Web indexers can't index stuff anymore
- Search results are even worse than before
- The only way to retrieve the information is to use models that were trained in pre-anti-scraping times (or beat anti-scraping)

If I'm right, anti-scraping can actually push people towards LLM's (who currently absolutely have the capacity to circumvent most anti-scraping).

If you think you share knowledge worth finding, please consider this before deploying countermeasures!

#scraping #search #llm

Something new in our community and that deserves more attention: Breakdown of BLERP, the BLE re-pairing attacks by
Daniele Antonioli
& Sacchetti (NDSS 2026). TL;DR: the BLE standard doesn't authenticate re-pairing.
Paper + PoC indexed there:
https://community.penthertz.com/t/blerp-ble-re-pairing-attacks-and-defenses/17

Access control bypass via header smuggling, with no desync required! Using header smuggling for more than HTTP desync like this is totally underrated - a lot of defences only filter the CL and TE headers. You can detect these with Parser Discrepancy Scan.
https://www.linkedin.com/posts/jakedmurphy1_excited-to-share-that-i-recently-identified-activity-7431735557115789313-xhnA/

[RSS] Abusing Cortex XDR Live Terminal as a C2

https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/