not even half-way through this #curl release cycle we are already at 11 confirmed vulnerabilities - and there are three left in the queue to assess and new reports keep arriving at a pace of more than one/day

11 CVEs announced in a single release is our record from 2016 after the first-ever security audit (by Cure 53).

How it feels to be alive lately.

by Sarah Andersen

🚆 One journey. One ticket. Full rights.

We’re making cross-border train journeys simpler:

🎫 One booking across rail operators
Find, compare and book trains from different operators in one transaction.

🛡️ Full passenger rights for the whole journey
If you miss a connection on a single ticket, you’ll get assistance, including rerouting, reimbursement and compensation.

📲 Clearer pricing info
Travel options shown fairly and clearly, so you can easily compare and choose.

https://link.europa.eu/jMThrK

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.

https://depthfirst.com/nginx-rift

#CVE_2026_42945

RE: https://mastodon.social/@bagder/116554421875449945

"All modern AI models are good at this now. Anyone with time and some experimental spirits can find security problems now. The high quality chaos is real."

Second that. The number of confidential security reports for KeePassXC has also gone up (though nothing major yet). Those AI reports used to be slop, but they are now mostly legitimate . We don't know which models are being used by the reporters, but occasionally, we get the same things reported multiple times within the span of just days.