Here's my analysis of the recent-ish 9.3 Critical in #Emby (CVE-2025-64113).

Sadly, the vulnerability turned out to be pretty boring, but I've tried to make the best of it.

https://gebir.ge/blog/its-not-mine-cve-2025-64113/

Does anyone happen to own an ATM that they’re willing to sell? Preferably NCR or Wincor/Diebold Nixdorf. I‘m based in Hamburg and the ATM is mainly intended for #40C3. Will also take only parts or broken or ancient ATMs as well. Very long shot but worth a try :)

#39C3

Signal Creator Marlinspike Wants To Do For AI What He Did For Messaging https://slashdot.org/story/26/01/13/1529250/signal-creator-marlinspike-wants-to-do-for-ai-what-he-did-for-messaging?utm_source=rss1.0mainlinkanon

[RSS] Symless: an IDA assistant for structure reconstruction

https://blog.thalium.re/posts/symless-an-ida-assistant-for-structure-reconstruction/

[RSS] X41 Audited CRI-O Runtime

https://x41-dsec.de/security/research/job/news/2026/01/13/cri-o/

Observation: low-quality MCPs have more GitHub stars than their high-quality alternatives.

isomorphisms per monad

[RSS] Hungary grants asylum to former Polish minister implicated in spyware probe

https://therecord.media/hungary-asylum-spyware-probe-poland

'i learn so much by using an LLM' sure thing, just as anyone who ever 'learned' programming from a book while not bothering to type out a single line of code.

🔔CFP for #OffensiveCon26 is STILL open.
If you want a slot on one of the most technical offensive security stages out there, this is it.

We’re looking for real, original work: cutting-edge security research, novel exploit techniques, and deep technical investigations that actually move the field forward. Ready or not, the deadline is coming.

🗓️ CFP Deadline: 1 March 2026, 6:00 pm UTC
📬 Submit your talk: https://buff.ly/bPTM6wl

⏳ Last weeks. No extensions.

A useful chart on what type to use for flags in C/C++ depending on your D&D alignment:

Shot in the dark but is anyone else here a teacher? I am working on revising the literacy curriculum at my school and feel as though I’m doing it in complete isolation. I’d love to chat with another professional about it. #forkiverse #teachers #curriculum (im trying with this tagging stuff but I have legit never done it before)

On the morning of the 13th day of the year we have received *checks notes* 13 #curl vulnerability reports on Hackerone this year.

None a confirmed vulnerability.

libpng memory corruptions:

* CVE-2026-22695 - Heap buffer over-read in `png_image_read_direct_scaled` (regression from CVE-2025-65018 fix)

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

* CVE-2026-22801 - Integer truncation causing heap buffer over-read in `png_image_write_*`

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

This is the Web of the 1990s and, to some degree, the early 2000s — that some of us experienced and remember.

The Web that some of us want to make a come back.

#WorldWideWeb

The Remarkable Computers Built Not to Fail by Asianometry

https://www.youtube.com/watch?v=SSSB7ZTSXH4

#tandem #hp

This is a super thought-provoking read: "your password doesn't matter": https://techcommunity.microsoft.com/blog/microsoft-entra-blog/your-paword-doesnt-matter/731984

It looks at all of the major failure cases of passwords, pointing out that only one password complexity choice (avoiding a password in the top 10) really influences those failure modes.

The rest can only be addressed with MFA.

[RSS] From gixy-ng to Gixy-Next: rescuing Gixy from AI slop

https://joshua.hu/gixy-ng-ai-slop-gixy-next-maintained

⚗️🧪 Periodic Table of Elements (UMT d.o.o. / Igor Pravst, 1996) - a very nice example of such a program with a lot of data, found on a floppy disk 💾 💾

[RSS] Multiple Vulnerabilities in OpenProject

https://mantodeasecurity.de/en/2026/01/multiple-vulnerabilities-in-openproject/