Archive • the grugq's newsletter

October 28, 2025

October 28, 2025 📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we...

October 27, 2025

October 27, 2025 Spent some time on an old iOS WebKit bug to learn about browser exploitation https://t.co/CDySlTzGM6 pic.twitter.com/0a7maHBU8b— Billy Ellis...

October 26, 2025

October 27, 2025

October 26, 2025 This week I had the pleasure of guest lecturing at both Georgetown University and Johns Hopkins SAIS on the intersection of AI, cyber and...

October 24-25, 2025

October 25, 2025

October 24-25, 2025 This significantly changes the context of the “iOS Vuln dev hacked!” story. It is a clear national security issue, with exploits sold to...

October 23, 2025

October 23, 2025 1/ Who wins in the Information Security AI arms race: Defenders? Attackers? or the new AI tools just cancel each other?Our answer...👇...

October 23, 2025

October 22, 2025

October 23, 2025 1/ Who wins in the Information Security AI arms race: Defenders? Attackers? or the new AI tools just cancel each other?Our answer...👇...

October 22, 2025

October 21, 2025

October 22, 2025 bed overheated because AWS-east was down. but um....... its good because it alerted them to the outage? i dont even know what to do with...

October 20, 2025

October 20, 2025 We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we...

October 18-19, 2025

October 19, 2025

October 18-19, 2025 https://www.antipope.org/charlie/blog-static/2025/10/the-pivot-1.html 1/ UPDATE: South Korea's spy agency has finally broken its silence...

October 16, 2025

October 16, 2025 We learn of a F5 Networks breach by "a highly sophisticated nation-state" from an SEC filing:https://t.co/WwPFNPDjgM— Ryan Naraine...

October 15, 2025

October 15, 2025 My DEFCON talk about cryptomoney laundering techniques is out! At minute 20:30, I demonstrate how I use an AI agent to assist my...

October 14, 2025

October 14, 2025 The plan? At dusk, 50 people went to San Francisco's longest dead-end street and all ordered a Waymo at the same time.The world's first:...

October 12, 2025

October 12, 2025 Christopher Berry, one of the suspects in the China spy case, allegedly had secure communication apps used only by Beijing agents installed...

October 11, 2025

October 11, 2025 Apple's Real World CTF : you get the flag, you get the bountyhttps://t.co/gY6mayzpLy pic.twitter.com/i299t0U6P6— matteyeux (@matteyeux)...

October 9-10, 2025

October 10, 2025

October 9-10, 2025 https://understandingwar.org/research/cognitive-warfare/a-primer-on-russian-cognitive-warfare/ The Discord breach is another example of...

October 8, 2025

October 8, 2025 https://t.co/VswrXw9ZjZ pic.twitter.com/mukGkzNca6— Damin Toell (@damintoell) October 7, 2025 POChttps://t.co/6VziQNQ76p...

October 7, 2025

October 7, 2025 This was an interesting read, but to their credit, I was expecting a bit wider coverage. The coverage of IO in sync with kinetic strikes is...

October 5-6, 2025

October 6, 2025

October 5-6, 2025 GitHub - b1n4r1b01/n-daysContribute to b1n4r1b01/n-days development by creating an account on GitHub. GitHub - stealth/crash: crypted admin...

October 3-4, 2025

October 4, 2025

October 3-4, 2025 There is someone exposing IRGC (Islamic Revolutionary Guard Corps) stuff on GitHub.I'm not a IRGC geopolitical nerd, so I can't assess the...

October 2, 2025

October 2, 2025 Most #CyberSecurity classes focus on Western technology stacks, fueling #APT groups with TTPs to ravage our own networks. We are flipping the...

October 1, 2025

October 1, 2025 Pre-pandemic, the calculus was what the likelihood was of an employee being bribed to insert a USB stick into their work computer at the...

September 30, 2025

September 30, 2025 Just uploaded my RomHack slides about attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it....

September 29, 2025

September 29, 2025 Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year https://t.co/XopOVNmfnc— binaryboy (@b1n4r1b01)...

September 28, 2025

September 28, 2025 Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with...

September 27, 2025

September 27, 2025 Precisely this: 👇Understanding how something is built helps you understand how it can break. The best way to understand how something is...

September 26, 2025

September 26, 2025 In 2016 Geoffrey Hinton said “we should stop training radiologists now" since AI would soon be better at their jobs.He was right: models...

September 25, 2025

September 25, 2025 We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers...

September 24, 2025

September 24, 2025 A very special between two nerds… Between Two Nerds: How the US can win the cyber war - Risky Business Media OPSEC fails that beggar...

September 23, 2025

September 23, 2025 Poland’s deputy prime minister said that if Poland were hit by a cyberattack on critical infrastructure such as energy or water with broad...

September 22, 2025

September 22, 2025 this was a googlectf challenge btw https://t.co/tC2yYC09At pic.twitter.com/FzaRuBAaWX— Rebane (@rebane2001) September 21, 2025 Thorough...

September 21, 2025

September 21, 2025 Just published some notes on httpjail - this is a really interesting new sandboxing project, it lets you run a process (on macOS or Linux...

September 20, 2025

September 20, 2025 The vast majority of hacking is just credentials. There are four basic ways to get creds:STABSteal: using malware, etc.Try: brute force,...

September 18-19, 2025

September 19, 2025

September 18-19, 2025 I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful...

September 17, 2025

September 17, 2025 Quite a good Between Two Nerds discussion. Between Two Nerds: The limits of cyber power - Risky Business Media OpenAI literally just...

September 16, 2025

September 16, 2025 When we decompile an APK and see an unreadable https://t.co/BbQf3H943H.bundle, it could be Hermes bytecode. Using https://t.co/DBonMwpUBM...

September 15, 2025

September 15, 2025 Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 &...

September 13-14,

September 14, 2025

September 13-14, There's a sick linenoise article by @iximeow in @phrack 71 called "Learning An ISA By Force Of Will", where ixi goes from unknown binary...

September 12, 2025

September 12, 2025 Scattered Lapsus$ Hunters has provided the following message on breachforums[.]hn.They have essentially retired....

September 11, 2025

September 11, 2025 Claude "File creation" is actually a sandboxed code execution environment and has full internet access.This is great for me, since we now...

September 10, 2025

September 10, 2025 wow... great finds. good writeup, worth a read! :) and if you've ever been to burgerking drivethru, AI is analyzing your convos ;D...

September 9, 2025

September 9, 2025 Great technical writeup on how NodeZero solves Game of Active Directory (GOAD):TL;DR – How NodeZero Solved GOAD in 14 Minutes:NodeZero...

September 8, 2025

September 8, 2025 In this paper, we present CVE-GENIE, an automated, large language model (LLM)-based multi-agent framework designed to reproduce real-world...

September 7, 2025

September 7, 2025 Extensive analysis of PHRACK's "North Korea Files"🇰🇵https://t.co/xLHGlM0NyK🔥 “the most comprehensive and technically intimate disclosures”...

September 6, 2025

September 6, 2025 Did you know that we have over 50 talks from past years of CYBERWARCON available on our YouTube? Catch them here >...

September 5, 2025

September 5, 2025 🚨 Czech cybersecurity agency NÚKIB issues HIGH threat warning about data transfers to China and remote administration of technical assets...

September 4, 2025

September 4, 2025 Between Two Nerds: How threat actors are using AI to run wild - Risky Business Media The Gentlemen Hackers interviewing Halvar Flake:...

September 2-3, 2025

September 3, 2025

September 2-3, 2025 NEW: The standards of the US Telephone Security Group (TSG), to prevent phones from being turned into a listening...

September 1, 2025

September 1, 2025 Was in a bookshop and asked a worker if he could recommend books to me. He said "Sure, they're great".— Andy Ryan (@ItsAndyRyan) August 30,...

August 30–31, 2025

August 31, 2025

August 30–31, 2025 New: Tesla said it didn't have critical data in a fatal crash. Then a hacker found it. "For any reasonable person, it was obvious the data...

August 29, 2025

August 29, 2025 I'm once again looking at the epic 20-part essay which Ian Lance Taylor wrote about linkers https://t.co/DKtvyCiP6r - did anyone ever write...