Archive • the grugq's newsletter

June 24, 2025 RUSI Experts react to US strikes on Iran's nuclear facilities - click below for analysis from @BurcuAOzcelik, @MTSavill, and @DDolzikova....

June 23, 2025 Stacca Stacca! This is an amazing film. Part of an italian TV documentary it shows two hackers doing some hacking via X.25 into a US military...

June 22, 2025 https://t.co/kZuTtTS9dVPretty cool experimentation work from the Infoblox team to speed up the boring work of web searches for open source...

June 21, 2025 Your average non-state APT doesn't use browser exploits for initial access. They don't give a shit about the kernel or the EDR, they don't...

June 20, 2025 Package Hallucinations: How LLMs Can Invent Vulnerabilities | USENIX I’ve started joining every Google Meet 30 seconds early.When you join...

June 19, 2025 Hacking with AI - Atlantic CouncilCan generative AI help hackers? By deconstructing the question into attack phases and actor profiles, this...

June 18, 2024 🚗🔌 We reverse engineered the Tesla Wall Connector and uncovered a previously undocumented attack surface via the charging cable. From protocol...

June 17, 2025 Predatory Sparrows are back Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects...

June 16, 2025 News: The Washington Post has suffered a cyber intrusion that compromised the emails of at least several reporters at the paper, including...

June 15, 2025 #SpyNews - week 24 (June 8-14):A summary of 67 espionage-related stories from week 24 coming from...

June 14, 2025 “Finally, Copilot hides the source of the instructions, so the user can’t trace what happened”Fun times ahead! https://t.co/fTi9P6A42k...

June 13, 2025 today i learned.https://t.co/zNcUATyhEo pic.twitter.com/QIfHEdYqcN— J⩜⃝mie Williams (@jamieantisocial) June 11, 2025 Every time I read...

June 12, 2025 "We have been able to do that through the use of AI tools far more quickly than what was done previously—which was to have humans go through".I...

June 11, 2025 GitHub - autoscrape-labs/pydoll: Pydoll is a library for automating chromium-based browsers without a WebDriver, offering realistic...

June 10 I've always said self-driving technology would save lives. Had there been humans driving those cars, the death toll would be devastating....

June 9, 2025 If one knows the input language of the system to be tested, one can generate inputs in a very efficient manner.In GDBMiner, the GNU debugger...

June 8, 2025 I left a server online with VNC wide open to see how it would be interacted with. This is one of the more interesting interactions:...

June 7, 2025 The DIA employee apparently offered US classified information to the German foreign intelligence service BND: https://t.co/qKYqcTMDeZ...

June 6, 2025 Happy D Day! My short impulse talk from Cycon has been published: https://t.co/a94l2zpw7N— Halvar Flake (@halvarflake) June 5, 2025 We released...

June 5, 2025 We’re sharing more about how we report vulnerabilities we discover in third-party software—through research or automated means. Our new...

June 4, 2025 guy who thinks crossing the rubicon was a big deal because it was physically difficult to move from one side to the other...

June 3, 2025 You're gonna allocate memory? On the heap? In this economy?— David Adrian (@davidcadrian) June 2, 2025 New: Trump's proposed CISA budget would...

June 2, 2025 https://t.co/3YQhgVGYuR— UwU-Underground (@uwu_underground) May 31, 2025 There are a lot of misconceptions about the Snowden revelations -...

June 1, 2025 Hidden Bear: The GRU hackers of Russia’s most notorious kill squadRussian GRU Unit 29155 is best known for its long list of murder and sabotage...

May 31, 2025 Looks like @BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make...

May 29, 30 2025

May 29, 30 2025 you know, i can think of a few reasons why "in the intelligence world" you might want it to be difficult to transfer data off a computer...

May 28, 2025 Recent attacks on institutions in the Netherlands were the work of a previously unknown Russian hacking group that Dutch intelligence agencies...

May 27, 2025 This post from @s1guza should be mandatory reading for seceng. Playing whack-a-mole with first-order primitives or just patching vulnerabilities...

May 26, 2025 Since the discussion is going around again on the topic of disclosure i keep coming back to this blog post by @halvarflake...

May 25, 2025 NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (“The Mask”), which then vanished and only...

May 24, 2025 GPT Honeypot: Finding the Needle in the Haystack / Coalition Research's Workspace | ObservableOver the past 9 months, the research team at...

May 23, 2025 Here’s the collection of the most significant exploits that I’ve published in the past three decades or so. Enjoy!https://t.co/FDPo4ydHTc—...

May 22, 2025 This is a wild story. SCOOP: In Feb, federal agencies "lost" many #FOIA requests but you probably had no idea. It turns out that the FOIAs...

May 21, 2025 My keynote at @offensive_con 2025, "How Offensive Security Made Me Better at Defense":Video: https://t.co/WM9GuW19cZSlides:...

May 20, 2025 The slides for my OffensiveCon talk "Finding and Exploiting 20-year-old bugs in Web Browsers" https://t.co/NAXPhs1xl5— Ivan Fratric 💙💛...

May 19, 2025 O2 VoLTE: locating any customer with a phone call | mastdatabase.co.ukPrivacy is dead: For multiple months, any O2 customer has had their...

May 18, 2025 There’s a lot of “VPN’s are snakeoil, just use HTTPS” discourse again, so here, I’ll sell the farm for the sake of demonstrating exactly how...

May 17, 2025 Analysis: Unpacking Iran’s counterintelligence apparatus - FDD's Long War Journal #intelligence #covert #CI #Iran https://t.co/1xDCYK2pDo—...

May 16, 2025 https://neal.fun/internet-artifacts/ Not that many impacted customers ( but 1% of monthly active transacting wallets), but the info that was...

May 15, 2025 https://swtch.com/~rsc/regexp/regexp2.html ok ok fine, for old time's sake https://t.co/eJnUdUcGzf pic.twitter.com/FeWCDAsX4U— blasty (@bl4sty)...

May 14, 2025 Happy to announce my new paper "The cryptoint library": https://t.co/Spc0eUGVdW Constant-time code is the main way that we avoid leaking secrets...

May 13, 2025 Florida bill requiring encryption backdoors for social media accounts has failed https://t.co/zpnWt5A3nj— switched (@switch_d) May 12, 2025 The...

May 12, 2025 https://fathom.lib.uchicago.edu/2/21701757/ While true that this was the greatest SIGINT prize of the war, it did not initiate reading of the...

May 11, 2025 ‘High levels of trust [in our secret agencies] based on low levels of knowledge’. That’s a fascinating conclusion which will, rightly, command...

May 10, 2025 How to turn security research into profit: a CL.0 case study | PortSwigger ResearchHave you ever seen a promising hacking technique, only to try...

May 9, 2025 Russian hackers are interested in chaos and money, says NATO CCDCOE directorMay 8, 2025, ERR | Estoniahttps://t.co/HibxWpGMWg | Russian...

May 8, 2025 Leaked System Prompts Interesting to read some of them. GitHub - asgeirtj/system_prompts_leaksContribute to asgeirtj/system_prompts_leaks...

May 7, 2025 CimFS: Crashing in memory, Finding SYSTEM! @cplearns2h4ck dug into Microsoft CimFS, found a sneaky 0-day, and guess what? The fix by Microsoft...

May 6, 2025 Exceptional episode of one of the absolute best Between Two Nerds: How tools evolve - Risky Business Media Vibe debugging via MCP for WinDBG...

May 5, 2025 And there we go. https://t.co/3SqeNhmk9U— Matthew Green is on BlueSky (@matthew_d_green) May 5, 2025 This may be the longest photographic...