Nobody in the history of the universe has ever, ever, wanted to paste rich text. Even if they did, the colors are all wrong.

I was on @smashingsecurity and we were extremely silly but educational. Come find out the correct star sign to catfish people. It is not Wars or Trek, sadly.

https://www.smashingsecurity.com/449-how-to-scam-someone-in-seven-days/

449: How to scam someone in seven days

Romance scammers have apparently discovered astrology... and Taurus is their secret weapon. In episode 449 of "Smashing Security", we take a look inside an actual romance-fraud handbook - complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to

#programming #software

Slop drives me crazy and it feels like 95+% of bug reports, but man, AI code analysis is getting really good. There are users out there reporting bugs that don't know ANYTHING about our stack, but are great AI drivers and producing some high quality issue reports.

This person (linked below) was experiencing Ghostty crashes and took it upon themselves to use AI to write a python script that can decode our crash files, match them up with our dsym files, and analyze the codebase for attempting to find the root cause, and extracted that into an Agent Skill.

They then came into Discord, warned us they don't know Zig at all, don't know macOS dev at all, don't know terminals at all, and that they used AI, but that they thought critically about the issues and believed they were real and asked if we'd accept them. I took a look at one, was impressed, and said send them all.

This fixed 4 real crashing cases that I was able to manually verify and write a fix for from someone who -- on paper -- had no fucking clue what they were talking about. And yet, they drove an AI with expert skill.

I want to call out that in addition to driving AI with expert skill, they navigated the terrain with expert skill as well. They didn't just toss slop up on our repo. They came to Discord as a human, reached out as a human, and talked to other humans about what they've done. They were careful and thoughtful about the process.

People like this give me hope for what is possible. But it really, really depends on high quality people like this. Most today -- to continue the analogy -- are unfortunately driving like a teenager who has only driven toy go-karts.

Examples: https://github.com/ghostty-org/ghostty/discussions?discussions_q=is%3Aclosed+crash+author%3A0xBigBoss

ghostty-org ghostty · Discussions

Explore the GitHub Discussions forum for ghostty-org ghostty. Discuss code, ask questions & collaborate with the developer community.

Are you a security researcher or journalist? We want to hear from you — please take this survey!

Dissent Doe at DataBreaches, and I, are running this survey to better understand the state of legal demands and criminal threats in cybersecurity. Help us by filling out this survey! (and please share!)

https://forms.gle/yAiNNq2gTqE6ctWU8

Survey about legal and criminal threats experienced by journalists and security researchers

Researchers who try to responsibly disclose leaks, vulnerabilities, and other security breaches or mishaps may face legal threats or lawsuits. Similarly, journalists may find themselves threatened with lawsuits or other legal consequences if they report on leaks or breaches. Both researchers and journalists also face threats by criminals ("threat actors") if they report on them in ways the threat actors find unflattering or harmful. In our many years of reporting on leaks, breaches, and criminal gangs, DataBreaches.net and Zack Whittaker have often exchanged "war stories" about what threats we have received or had to contend with. After one particularly tiring week, we wanted to conduct a survey of researchers and journalists to ask about their experience with threats. We are using a broad definition of "researcher" to include self-defining or volunteer researchers (and not just academic or vendor-based researchers), as well as a broad definition of "journalist," to include bloggers and anyone who regularly reports on news and research, including commentary sites. Here are our questions, and we hope you will respond. Responses can be anonymous, but it will be helpful if you provide a real name or moniker and contact information, so we can follow up if we have questions. (Responses are encrypted in transmission and at-rest in line with Google's privacy policies. We plan to close this survey by end of day January 18, 2026.) Thank you for taking the time to complete this survey. (To report a survey bug, please reach out.)

The EU will launch the digital euro as a 100% European digital payments system to replace reliance on Visa, Mastercard, and Apple and Google Pay, with the European Central Bank issuing a digital form of cash. It will be built entirely in Europe, have zero transaction fees, instant payments, and strong privacy, giving the EU full control over its payments infrastructure.

https://www.independent.ie/business/digital-euro-what-it-is-and-how-we-will-use-the-new-form-of-cash/a165973061.html

(https://archive.ph/ERzTA)

Digital euro: what it is and how we will use the new form of cash

It’s January 1, 2029, the first day of the digital euro. You are in a shop buying milk and bread, and decide to pay with this new money. How exactly will it work?

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.

I'll add this spoiler, from the end:

"I am happy to report that the first KrebsOnSecurity stories of 2026 will go deep into the origins of Kimwolf, and examine the botnet’s unique and highly invasive means of spreading digital disease far and wide. The first in that series will include a somewhat sobering and global security notification concerning the devices and residential proxy services that are inadvertently helping to power Kimwolf’s rapid growth."

https://krebsonsecurity.com/2025/12/happy-16th-birthday-krebsonsecurity-com/

EFF has defended tech users, digital creators, and researchers for over 35 years. Your support is the reason we can keep up this fight. Donate today! https://eff.org/YEC

Stand Together to Protect Democracy

Donate in 2025 to support digital privacy and free speech!

The European Commission (EC) is considering a “Digital Omnibus” package that would substantially rewrite EU privacy law, particularly the landmark General Data Protection Regulation (GDPR). It’s not a done deal, and it shouldn’t be. https://www.eff.org/deeplinks/2025/12/eus-new-digital-package-proposal-promises-red-tape-cuts-guts-gdpr-privacy-rights

EU's New Digital Package Proposal Promises Red Tape Cuts but Guts GDPR Privacy Rights

The European Commission (EC) is considering a “Digital Omnibus” package that would substantially rewrite EU privacy law, particularly the landmark General Data Protection Regulation (GDPR). It’s not a done deal, and it shouldn’t be.The GDPR is the most comprehensive model for privacy legislation...