This is a big deal. Already seeing evidence of this by way of OpenClaw installations.

https://opensourcemalware.com/blog/axios-compromised

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

I skim through a lot of articles daily and in this age of slop my signal/noise decisions are heavily influenced by whether the piece is being hosted on a custom domain (showing that the author cares enough to maintain one).

[RSS] Reverse Engineering Crazy Taxi, Part 2

https://wretched.computer/post/crazytaxi2

Tom Ptacek posted a great writeup titled "Vulnerability Research Is Cooked", covering the state of vulndev and its rapidly accelerating future:
https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/

"As of March 2026, Alphabet’s market cap is ~$2T while Lockheed Martin’s is ~$120B."

https://martinvol.pe/blog/2026/03/30/how-the-ai-bubble-bursts/

Anyone knows anything more about this #Tunnelblick #vulnerability?

"CVE-2026-31893 describes a serious Tunnelblick vulnerability.

This vulnerability is present in all versions of all Tunnelblick versions 3.3beta26 through 9.0beta01.

Tunnelblick 8.0.1 and 9.0beta02 contain fixes for the vulnerability.

The CVE is expected to be published and this page updated on or before 2026-03-27."

https://tunnelblick.net/CVE-2026-31893.html

Micropatches released for Arbitrary Registry Key Delete As Local System With Consolidator Scheduled Task (CVE-2025-59512) https://blog.0patch.com/2026/03/micropatches-released-for-arbitrary.html

RE: https://social.heise.de/@heiseonlineenglish/116316847500488516

“Oh, we murdered 100 kids? Oh, that's unfortunate.

We just had some stale data in our Palantir Project Maven data lake that was used by our ‘highly accelerated, software-supported targeting process’. We'll clear the cache sometimes.”

Honesty is not policy.
#webcomics #comics

“Reverse Engineering the ITE 8910 Keyboard RGB Protocol for OpenRGB” with #radare2 https://chocapikk.com/posts/2026/reverse-engineering-ite8910-keyboard-rgb/

[RSS] Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)

https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/

A walkthrough on patching Dell UEFI firmware at the SPI flash level to disable pre-boot DMA protection — bypassing the BIOS password entirely. The interesting part: the UEFI UI still reports the setting as enabled, and TPM measured boot doesn't detect the NVRAM change, so BitLocker unlocks normally. The patch also persists through official Dell BIOS updates. From there it's DMAReaper to kill IOMMU + PCILeech for a SYSTEM shell. Significant measured boot policy gap. https://www.mdsec.co.uk/2026/03/disabling-security-features-in-a-locked-bios/

NINETY DAYS

NINETY INCIDENTS

NINETY PERCENT

YOU PAID FOR ALL FIVE NINES BUT YOU’LL ONLY NEED THE EDGE

#github

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

In 1967, IBM introduced the System/4 Pi line of aerospace computers, packing mainframe performance into a compact box. 4 Pi computers powered everything from military aircraft to the Space Shuttle to sonar systems on submarines. Thread...

I got 99 problems and they're all red balloons.

To celebrate the failure of Hungarian Railways (MÁV) to properly switch to DST, here's the famous list of

Falsehoods Programmers Believe About Time

https://gist.github.com/timvisee/fcda9bbdff88d45cc9061606b4b923ca

Watch electricity hit a fork in the road at half a billion frames per second

https://www.youtube.com/watch?v=2AXv49dDQJw

Alpha Phoenix blows my mind again!

[RSS] Soviet CDs And CD Players Existed, And They Were Strange

https://hackaday.com/2026/03/29/soviet-cds-and-cd-players-existed-and-they-were-strange/