Technology

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.

Last month, the popular social video app TikTok finalized a deal with investors, including Oracle, to appease a bipartisan bill that called on the app’s Chinese owner, ByteDance, to divest — or be banned in the United States.

The deal launched a frenzy among its US-based users over possible censorship, with some accusing it of taking down footage of ICE agents or restricting searches for words, such as “Epstein.” While TikTok denied these claims, pointing to a “data center power outage,” the app also changed its privacy policy at the time — now allowing it to collect more detailed data on its users, including their precise locations.

That sparked new fears. As The New Republic argues, TikTok’s deal means that agents at Immigration and Customs Enforcement (ICE), whose deportation efforts have been supercharged under the Trump administration, could skip tedious court-ordered data requests and monitor users by buying their data from private data brokers that obtain the info from TikTok directly — a “highly ironic” development, the magazine writes, considering the ByteDance deal was motivated in the first place by fears over Chinese state-sponsored surveillance.

In the days after the US Department of Justice (DOJ) published 3.5 million pages of documents related to the late sex offender Jeffrey Epstein, multiple users on X have asked Grok to “unblur” or remove the black boxes covering the faces of children and women in images that were meant to protect their privacy.

DDoS hit blog that tried to uncover Archive.today founder's identity in 2023. [...] A Tumblr blog post apparently written by the Archive.today founder seems to generally confirm the emails’ veracity, but says the original version threatened to create “a patokallio.gay dating app,” not “a gyrovague.gay dating app.”

https://www.heise.de/en/news/Archive-today-Operator-uses-users-for-DDoS-attack-11171455.html:

By having Archive.today unknowingly let users access the Finnish blogger's URL, their IP addresses are transmitted to him. This could be a point of attack for prosecuting copyright infringements.

It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.

This time around, SecurityScorecard's STRIKE threat intelligence team is sounding the alarm over the sheer volume of internet-exposed OpenClaw instances it discovered, which numbers more than 135,000 as of this writing. When combined with previously known vulnerabilities in the vibe-coded AI assistant platform and links to prior breaches, STRIKE warns that there's a systemic security failure in the open-source AI agent space.

"Our findings reveal a massive access and identity problem created by poorly secured automation at scale," the STRIKE team wrote in a report released Monday. "Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers."

On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation.

The pattern points toward one or more North American Tier 1 transit providers implementing port 23 filtering

Communicating with AI agents (like OpenClaw) via messaging apps (like Slack and Telegram) has become much more popular. But it can expose users to a largely unrecognized LLM-specific data exfiltration risk, because these apps support ‘link previews’ as a feature. With previews enabled, user data can be exfiltrated automatically after receiving a malicious link in an LLM-generated message -- whereas without previews, the user would typically have to click the malicious link to exfiltrate data. For example, OpenClaw via Telegram is exposed by default. Test any agent / communication app pairing below!

My favorite comment on the article is “The problem with capitalism is that you eventually run out of other people's money."

found this on a linus tech tips video https://www.youtube.com/watch?v=o4e-Kt02rfc

Who are the real people behind the accounts spreading fury about the capital online? And what motivates them?

DECLAWED Dashboard.

Starting in early March, the platform will place every account into a default "teen-appropriate" experience unless it has proof that users are adults.

The move has brought widespread criticism from Discord users, who are citing privacy and security concerns following a recent breach of a third-party vendor that ended up exposing around 70,000 government ID images used to verify the age of Discord users.