[RSS] Microsoft DirectX End-User Runtime Web Installer Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2293

5,200 holes carved into a Peruvian mountain left by an ancient economy

Has anyone tried to feed it into a PDP11 as a punch card yet? If I found anything old with holes in it, I would definitely see if it is a FORTRAN program.

#algernonReviewsHackerNews

NEW: A hacker broke into a server at the Child Exploitation Forensic Lab in the FBI’s New York Field Office and compromised files related to the Epstein investigation, as first reported by Reuters.

“Following the 2023 cyber incident, the FBI contained the affected network and determined the incident to be an isolated one. The FBI restricted access to the malicious actor and rectified the network,” an FBI spokesperson said.

https://techcrunch.com/2026/03/11/hacker-broke-into-fbi-and-compromised-epstein-files-report-says/

RE: https://ec.social-network.europa.eu/@EUCommission/116211334179600320

this is a meme and not in the good meaning of the word

even less than GAIA-X, just rofl :/

SCOOP: The iPhone mass hacking toolkit used by Russian spies was developed at U.S. military contractor L3Harris, former employees said.

The Coruna toolkit was used against Ukrainians during the war and by Chinese cybercriminals, according to Google.

But the toolkit was initially developed for governments in the Five Eyes spy alliance, and it was used in Operation Triangulation, according to one source.

https://techcrunch.com/2026/03/09/an-iphone-hacking-toolkit-used-by-russian-spies-likely-came-from-u-s-military-contractor/

Hear me out: The boiling point of ethanol is well within the range of operating temperatures of GPUs, so we could use all those AI datacenters to brew moonshine!

Released a tool to erase X-Gold 608 (06.15.00 iPad) baseband.
https://github.com/tihmstar/bberase_ultrasn0w

This is useful if you want to downgrade your iPhone 3G to iOS 2.0 with the matching baseband.

The exploit/payload was taken from redsn0w and some code from xerub. There isn't really anything novel here, but until now there wasn't a straightforward way to erase the baseband or to downgrade to iOS 2.0 baseband on the iPhone 3G.

Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.

https://cyllective.com/blog/posts/lenovo-vantage

This agent could've been 10 lines of Bash.

TIL Geohot is blogging:

https://geohot.github.io//blog/jekyll/update/2026/03/11/running-69-agents.html

🚨 New advisory was just published!

A critical vulnerability in UNISOC modem firmware allows one User Equipment (UE) to remotely attack another over the cellular network. By sending specially crafted malformed SDP within SIP signaling messages, an attacker can trigger memory corruption in the target modem, potentially leading to remote execution of arbitrary native code on the victim device: https://ssd-disclosure.com/unisoc-t612-rce/

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/

[RSS] Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy

https://xclow3n.github.io/post/6

[RSS] How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

The exact moment software went downhill was when #mozilla changed away from this.

#retrocomputing

examples for the tcpdump and dig man pages https://jvns.ca/blog/2026/03/10/examples-for-the-tcpdump-and-dig-man-pages/

NEW: A former DOGE employee allegedly stole Americans' personal data from two large databases at the Social Security Administration, according to a new report.

The former employee allegedly put the databases on a thumb drive and wanted to use them at their new contractor job.

https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

We are following this story very closely and send our best wishes for recovery to Jello, multi-year HOPE speaker & keynote. https://www.kqed.org/arts/13987466/punk-legend-jello-biafra-hospitalized-after-stroke

If I were to recommend one cryptography book for implementors in 2026, would it be:

(Edit, would love your comments as to why.)

In re: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

I see people in here being smug about an OPSEC failure, and other people pointing out that "we only respond to local law enforcement requests" is a much bigger set than you might think, but it's all focused on what the individual can do to protect their privacy and anonymity against nosy state actors.

Most of the solutions proposed are either very insecure (mailing cash) or sufficiently technically complex to be out of the skill set of the average computer user.