New security advisory in our bug parade: Unauthenticated Remote Code in dormakaba evolo Service.

.NET Remoting is still a thing...

https://mogwailabs.de/en/advisories/mlsa-2026-001/

RE: https://infosec.exchange/@enablesecurity/116300709031150946

VoIP/WebRTC security has needed a DVWA equivalent for a long time. We built DVRTC: full dockerized VoIP stack, intentionally vulnerable, 7 guided exercises.

Live instance at pbx1.dvrtc.net — try it now.

https://www.enablesecurity.com/blog/introducing-dvrtc-damn-vulnerable-real-time-communications/

#infosec #webrtc #voipsecurity #penetrationtesting #training

Would you like to chat with [un]prompted con about AI security? Follow a thread across every session, brief your team, or just base your research on the knowledge collected?

For both conference days, every talk with full transcripts and slides was loaded into a NotebookLM, and [un]prompted became more than just a hybrid online/physical con, with this one of many examples of what an AI-native conference could look like.

And there is no reason for a conference to end when you walk out the door. We can engage with the content and attendees beyond transcripts, summaries, and Slack.

And yes, as it’s NotebookLM you can always use it to generate a podcast - on any topic 🙂

This is the brainchild of the brilliant Rob T. Lee (which you shouldn’t be surprised about when it comes to Rob). All I had to do was get out of the way.

It was diligently executed on by Julie Michelle Morris, who sat through endless sessions to make it happen. And, empowered by Emanuel Gawrieh and Dragos Ruiu, who immediately jumped in without a second thought, and helped set up the system.

Access it here:
🔗 https://notebooklm.google.com/notebook/78ee3710-1741-488d-af06-159f518e9510?authuser=1

Thank you Rob and team for stepping up, and helping make the conference what it became. We live in the future.

This week on #OpenSourceSecurity I chat with Brad Axen about Goose and the Agentic AI Foundation

I'm often skeptical about AI claims, but I do approve the foundation model and seeing Goose donated to it

Brad has some good insights into what we're seeing and what's probably coming in the future. It's hard to keep track of everything happening

https://opensourcesecurity.io/2026/2026-02-goose-aaif-brad-axen/

RE: https://infosec.exchange/@attackanddefense/116115800055258835

Watch this documentary and hear me say that I am not nervous at all and just a tiny bit excited while speaking really fast and gesturing like a mad man. This was awesome!

Due to $reasons I came across this blogpost https://www.elttam.com/blog/env/ about turning ENV variables into code execution which is nice. But the Python vector is depending on Perl, I didn't like that :P.

Digging a bit deeper in the code often helps, so it did this time:

Looking at https://github.com/python/cpython/blob/d73634935cb9ce00a57dcacbd2e56371e4c18451/Lib/webbrowser.py#L51-L52 I could simplify the payload to: