Announcing #Pwn2Own Berlin 2026! We've got 10 categories for targets, including an expanded #AI target list. We have 4 AI categories - including coding agents (looking at you #Claude). More than $1,000,000 in cash & prizes available. Read the details at https://www.zerodayinitiative.com/blog/2026/3/11/announcing-pwn2own-berlin-for-2026

A number of obscenities without extension in your /tmp is a sure sign you should've gone to bed earlier.

Tempted to write a post that software development lost the plot a long time ago, and that the recent LLM developments are merely the icing on that cake. Software these days is not the painstaking work by people like @bagder or @hyc or @vitaut who write the best code they possibly can. Over the past decade, "the software world" has been developing in a very different way than that.

Multiple vulnerabilities in AppArmor

https://www.openwall.com/lists/oss-security/2026/03/12/7

Qualys is at it again!

Basshunter totally predicted LLM waifus

https://www.youtube.com/watch?v=1XK5-n4rR7Q

Inside the Russian explosives plot that sent incendiary parcels to the UK

https://www.bbc.com/news/articles/cpd83zwqlvno

Meanwhile, I can't get my handful of battery clips and LED's because DHL customs agents are too dumb to read :P

Metasploit Pro 5.0 is out now with a fresh UI and tons of improvements! Check out our announcement for details https://www.rapid7.com/blog/post/pt-announcing-metasploit-pro-5-penetration-testing-evolving/

Holy heck, #LookMumNoComputer will be at Eurovision?
And with this absolute banger?
https://lookmumnocomputer.bandcamp.com/track/eins-zwei-drei
#theStudio

yay i got my 10th chrome cve!!
i wrote a pretty fun patch for this one too
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html

I suspect most people outside of the UK won't have heard about the post office scandal, but it seems highly relevant to learn about now (given *waves* this):

For over 15 years, the software post offices in the UK had to use contained severe bugs, particular in accounting, that everyone at Fujitsu/horizon and the post blissfully ignored. Over 900 (!!!) postmasters were sentenced for alleged theft and fraud, some went to jail, some committed suicide. All because the software was shit and everyone who could do something about it didn't care and swept it under the rug.

Everything, including how it was uncovered, about this seems bizarre and Kafkaesque, but we better prepare for it to happen more often.

https://en.wikipedia.org/wiki/British_Post_Office_scandal

https://types.pl/@pigworker/116211919028571818

Be careful with that thing, it’s a confidential coffee maker

https://devblogs.microsoft.com/oldnewthing/20220426-00/?p=106528

#IBM #dresscode

CVE-2026-3784 beat a new #curl record. This flaw existed in curl source code for 24.97 years before it was discovered.

Illustrated in the slightly hard-to-read graph below. The average age of a curl vulnerability when reported is eight years.

https://curl.se/docs/CVE-2026-3784.html

Me? Trolling the other microcontroller vendors? Surely not! Maybe if they had bothered to do something about the most common source of vulnerabilities at some point in the last few decades, the could have been on the other side of the sign...

#CHERI #CHERIoT #SeriouslyFolksItsBeen40Years

RIP Tony Hoare. His obituaries are talking about quicksort, but I think his most notable accomplishments are Communicating Sequential Processes, the Occam programming language, and the Transputer, an early example of a parallel processor

https://blog.computationalcomplexity.org/2026/03/tony-hoare-1934-2026.html?m=1

[RSS] Where is BLAKE3?

https://bfswa.substack.com/p/where-is-blake3

[RSS] Google VRPs in Review - 2025

https://bughunters.google.com/blog/google-vrps-in-review-2025

[RSS] PageJack in Action: CVE-2022-0995 exploit

http://blog.quarkslab.com/pagejack-in-action-cve-2022-0995-exploit.html

[RSS] Microsoft DirectX End-User Runtime Web Installer Privilege Escalation Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2293

5,200 holes carved into a Peruvian mountain left by an ancient economy

Has anyone tried to feed it into a PDP11 as a punch card yet? If I found anything old with holes in it, I would definitely see if it is a FORTRAN program.

#algernonReviewsHackerNews

NEW: A hacker broke into a server at the Child Exploitation Forensic Lab in the FBI’s New York Field Office and compromised files related to the Epstein investigation, as first reported by Reuters.

“Following the 2023 cyber incident, the FBI contained the affected network and determined the incident to be an isolated one. The FBI restricted access to the malicious actor and rectified the network,” an FBI spokesperson said.

https://techcrunch.com/2026/03/11/hacker-broke-into-fbi-and-compromised-epstein-files-report-says/