Slow Newsletter this week
Slow Newsletter this week Hi everyone, I’m going to be away this week and will have limited opportunity to do the reading necessary to collect the newsletter...
May 21, 2026
May 21, 2026 the 90 day disclosure policy is dead :: Himanshu Anand :: Threat Notes TLDR The 90 day responsible disclosure window was built for a world where...
May 20, 2026
May 20, 2026 https://www.reuters.com/world/china/germany-arrests-married-couple-suspicion-spying-china-2026-05-20/ Security Engineer, Information Security...
May 19, 2026
May 19, 2026 Nice write up from the Cloudflare team, but the post here is misleading. Patch faster is not the wrong answer, because most teams are patching...
May 17, 2026
May 17, 2026 Three page-cache privilege escalation vulnerabilities in three weeks. Copy Fail, Dirty Frag, Fragnesia. The pattern is clear.CIQ's response to...
May 16, 2026
May 16, 2026 0xdeadbeefnetwork/ssh-keysign-pwn (408 stars, C) Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass +...
May 15, 2026
May 15, 2026 New Myths for Old - CERIAS - Purdue University After the Buggy Whip - CERIAS - Purdue University More Than the Code - CERIAS - Purdue University...
May 14, 2026
May 14, 2026 New Myths for Old - CERIAS - Purdue University After the Buggy Whip - CERIAS - Purdue University More Than the Code - CERIAS - Purdue University...
May 12, 2026
May 12, 2026 scary rumours circulating rn pic.twitter.com/ocRAm0x780— London New Liberals (@LondonNewLibs) May 11, 2026 The last cinephile in the world is a...
May 11, 2026
May 11, 2026 The Cyber Reality States Don’t Want to AdmitJust me ranting about the irrational Western reaction to Russia’s actual cyber capacity builing...
May 8, 2026
May 8, 2026 💥 Introducing "Dirty Frag"A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.No race, no...
May 7, 2026
May 7, 2026 But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The...
May 6, 2026
May 6, 2026 There’s something ominous about the speed with which the entire world has marched to require identification on platforms and, as I expected,...
May 5, 2026
May 5, 2026 This one is ours! CVE-2026-42511 was discovered by Joshua Rogers from our research team using @Aisle_Inc's AI system in FreeBSD, the same...
May 4, 2026
May 4, 2026 We have a record of Cleopatra's handrwiting: γινέσθωι "make it happen", appending a tax exemption. https://t.co/X6XNuGauy9...
May 3, 2026
May 3, 2026 The RansomISAC published regarding "Zhengzhou 403 Network Technology Co., Ltd.", a cert we reported in 2025 after it was used to sign...
May 2, 2026
May 2, 2026 Google nailed their bug bounty program because they’re seeing a huge influx of reports, likely because LLMs are doing extremely well at variant...
May 1, 2026
May 1, 2026 If people are really curious about https://t.co/zJqjRZkKcD, @5unKn0wn is the GOATed researcher who is responsible! https://t.co/pKODZo3G5t—...
April 30, 2026
April 30, 2026 TLDR: got a bunch of agents to find remote unauth'd OOBs in ksmbd, CVE-2026-31432 and CVE-2026-31433. CVE-2026-31432 specifically is "RCE-...
April 29, 2026
April 29, 2026 you never think this will happen to you, but this happened to me today. a DPRK actor posed as somebody i previously worked with at the...
