Archive • the grugq's newsletter

April 24, 2025 Wrote about a novel technique that leverages the well-known Device Code #phishing approach. It dynamically initiates the flow as soon as the...

April 23, 2025 pic.twitter.com/i7KlHvgCRZ— UwU-Underground (@uwu_underground) April 22, 2025 This is good stuff from the crew at Ghost on a topic that's...

April 22, 2025 Russian take on how protective CUAS nets along the roads can also be dangerous, since "... this defensive architecture is clearly visible from...

April 21, 2025 https://t.co/dzW6fq8dhN is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity...

April 20, 2025 It's spring break and my son started a lemonade stand. I asked him how much lemonade he sold in the last hour. "$3" he said. I told him,...

April 19, 2025 I love this website 😂Thanks dodge 🫡🖖 pic.twitter.com/j1zTGPgbjU— mRr3b00t (@UK_Daniel_Card) April 18, 2025 The British Army successfully...

April 18, 2025 🐧 After 6 months of research, my 5-part Linux Persistence series is now complete!🐧🧵 Full series...

April 17, 2025 This is unhinged, and hilarious. Story live: CISA extends MITRE-backed CVE contract hours before its lapsehttps://t.co/djgU2FMkCM— David...

April 16, 2025 Russian cyber and information warfare and its impact on the EU and UK Russian cyber and information warfare and its impact on the EU and UK |...

April 15, 2025 "Stuxnet still flunks the test of cyberwar, as I argued in 2013: It was not a disruptive incident, technology did not cause offense to...

April 14, 2025 Happy Songkran! It’s Thai new year over here (it’s a week long party, apparently right beneath my window) so expected reduced output. North...

April 13, 2025 Great summary of the new Google paper on defeating prompt injection by design by increasing control and data flow separation with privileged...

April 12, 2025 pic.twitter.com/JIWVNP4uRx— Josh Kamdjou (@jkamdjou) April 10, 2025 Witness History - The Reichstag fire - BBC SoundsIn February 1933, the...

April 11, 2025 In iOS 18.4, Apple introduced a bug in dynamic symbol resolutions for some specific exports. @0xf4b took a long journey down a rabbit hole to...

April 10, 2025 I was there. It was meant literally.“JD Work — now on the US NSC — shocked some by warning that the US would take lethal action against...

April 9, 2025 Episode 4 of Where Warlocks Stay Up Late featuring Skyper is now live on our YouTube and Spotify channels 🧙Skyper, aka Eduart Steiner (an...

April 8, 2025 I've added a local CORS proxy, added some more FREE enrichments and some other bits and bobs:https://t.co/bdJdwb9YP6— mRr3b00t...

April 7, 2025 April 4th Noah Urban a/k/a "King Bob", an alleged member of the infamous "Scattered Spider" group, plead guilty to all charges in all cases.Mr....

April 6, 2025 EU: These are scary times – let's backdoor encryption! https://www.theregister.com/2025/04/03/eu_backdoor_encryption/?td=rt-3a One Bug to Rule...

April 5, 2025 No words pic.twitter.com/EyHtRLbIpq— Andy Yen (@andyyen) April 3, 2025 April is #SupplyChainIntegrityMonth! NCSCgov and its partners are asking...

April 4, 2025 Home | MIT Secure Hardware DesignMIT 6.5950/6.5951 Cracking the CrackersReversing the TNT team macOS crack library to understand if there is...

April 3, 2025 🎥 DistrictCon Year 0 recordings are now live on YouTube! Check out the AMAZING content from our Track 1 Speakers, Junkyard competitors, and...

April 2, 2025 I got 14 new Apple CVEs in this release😎 https://t.co/kut6EI5xdE pic.twitter.com/e0U2Khf3hv— Mickey Jin (@patch1t) April 1, 2025 A while back...

April 1, 2025 Synthetics Implemented Right @leveragesir has been hacked for $355kThis is a clever attack. In the vulnerable contract Vault...

March 31, 2025 What would you do if you could spy on SMS messages? @theredguild and @opsek_io have identified SLOVENLY COMET, a threat actor which has been...

March 30, 2025 A good read: The Security Conversation – Adversary Fan Fiction Writers GuildIs Offensive Security just security testing? No. Offensive...

March 29, 2025 BlackLock Ransomware Exposed After Researchers Exploit Leak Site VulnerabilityBlackLock's misconfigured leak site exposed internal commands,...

March 28, 2025 Status update For those of you who reached out about the earthquake, I’m fine thank you. I spent a few hours sitting outside with my dog....

March 27, 2025 grugq on cyber in Europe I spoke to Sven at Interface yesterday about some cyber issues with Europe. The video is online already: EXCLUSIVE:...

March 26, 2025 THC's memexec now supports x86_64, aarch64, arm6/7 and mips64. The perl version is a 1-liner (cat /usr/bin/id | memexec) :> Helps to overcome...

March 25, 2025 Attackers love poking around SSO dashboards, so we gave them something to find! Drop a Fake SAML IdP App Canarytoken in your IdP -- if anyone...

March 24, 2025 https://t.co/1CH1WoMwKfImplemented arbitrary webkit code execution on iPhone (not PAC devices).You can chaining other exploits if you want for...

March 23, 2025 Landrun Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked...

March 22, 2025 Farewell to one of the most important spies of the Cold War. Oleg Gordievsky has died. A KGB officer who spied for MI6, he supplied vital...

March 21, 2025 https://x.com/ethicalchaos/status/1902481711109214484 People seem to fear vulnerability discovering and exploiting AI, but I worry more about...

March 20, 2025 This has the potential to be either horrible or not: https://t.co/3x859Lb4e6BLUF: Despite the rise of 32-bit devices, a large number of legacy...

March 19, 2025 Secure Annex - Enterprise Browser Extension Security & Management PlatformAn investigation into buying access to browsers through extensions...

March 18, 2025 Big day for Chinese threat intelMSS outs 4 alleged members of Taiwan's Information, Communications & Electronic Force Command, links them to...

March 17, 2025 For those interested in the browser cache smuggling attack I presented yesterday, you will find the full blogpost here...

March 16, 2025 #SpyNews - week 11 (March 9-15):A summary of 71 espionage-related stories from week 11 coming from...

March 15, 2025 $55000[382291459][wasm]Arbitrary Wasm type confusion is now openhttps://t.co/EbwB5VJeedPoC(exploits the hash collision + type confusion,...

March 14, 2025 Some exciting research to share from Binarly REsearchers @cci_forensics and @pagabuc -- a novel approach to UEFI bootkit detection. 🔥Read the...

March 13, 2025 Is this memory safety here in the room with us?@halvarflake posted slides for his keynote talk about the recent trends to resolve the problem...

March 12, 2025 In-Depth Technical Analysis of the Bybit Hack #Lazarushttps://t.co/chfR1uQ7Wg pic.twitter.com/dqMCJEBpiK— blackorbird (@blackorbird) March 11,...

March 11, 2025 In Russia’s cyber ecosystem, even FSB officers aren’t untouchable. CSI fellow @jshermcyber dives into the sentencing of an officer who took...

March 10, 2025 Here's RepoMan, a proof of concept surrounding git commit poisoning. The blog post dives a little deeper into how it all works and the...

March 9, 2025 Using RDP without leaving traces: the MSTSC public mode https://t.co/TMf3YP5JVS— Nicolas Krassas (@Dinosn) March 7, 2025 Sadly, too many...

March 8, 2025 When you struggle with first year linear algebra https://t.co/jF1XzxTBVg— Martin Bauer (@martinmbauer) March 6, 2025 Their task, as assigned by...

March 7, 2025 Multi-factor authentication works. From the indictment: 1 of the Chinese hacking teams was unsuccessful in breaking into email accounts of...

March 6, 2025 Chinese Great Firewall (website access blockade and. content filter for internet traffic) was leaking data! It's a fascinating discovery of...