“We are going to crave more authentic in-person experiences as our online interactions are seemingly less authentic”

@thedarktangent utterly nailing it

I’ve a soft spot for researchers who revisit old problems and bugs and have another go. One of my top talks and research for this year by Yuqi Qui on DNS ECS bypasses, aka Rebirthday attack

Took a year worth of research to do. They spent a huge chunk of time perfecting their internet-wide scanning approach and working with vendors to get this resolved.

Super impressive stuff from Yuqi

NEW by me: Cloud app host Vercel says it was hacked and that some customers' data was taken.

Vercel blames an earlier breach at Context AI (*unrelated to OpenAI). Hackers allegedly used their access in March to hack a Vercel employee, who had linked a Context AI app to their work account.

https://techcrunch.com/2026/04/20/app-host-vercel-confirms-security-incident-says-customer-data-was-stolen-via-breach-at-context-ai

After just having responded to the third #curl security report for the evening I noticed a post that cheered me up...

Have a good Friday everyone!

https://www.linkedin.com/posts/moekatib_millions-of-people-look-up-to-steve-jobs-activity-7450947453085749248-K1w-

Attention Adventurers!

KEYNOTES ARE LIVE ON THE SITE!

@caseyjohnellis
@PhillipWylie

Come hang out around the campfire w these storied experts as they delve through their lore, legends, and long-winded explanations of how to pronounce gif

https://kernelcon.org/register

NEW: A bug in a student admissions website exposed the personal information of parents and their children, including their names, dates of birth, home addresses, pictures, and details about their school.

The bug, now fixed, was a sequential IDOR. At least 1.63 million student records were exposed.

https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/