the grugq's newsletter

November 20, 2025

November 20, 2025

November 20, 2025 https://risky.biz/BTN145/ The https://t.co/OpFfwtJCLm post by @xoreipeip shows how prepared statements can be exploited in NodeJS using...

---

November 19, 2025

November 19, 2025

November 19, 2025 This new 0day found by Google Big Sleep if not via fuzzing harness but purely by reasoning would be super cool! Coincidence with the Gemini...

---

November 18, 2025

November 18, 2025

November 18, 2025 The @ThinkstCanary ThinkstScapes Q3 report is out. A great quarterly overview of interesting research shared in the security community. It...

---

November 17, 2025

November 17, 2025

November 17, 2025 https://djnn.sh/posts/anthropic-s-paper-smells-like-bullshit/ Some in cybersec were debating how much VPNs protect your privacy while on...

---

November 16, 2025

November 16, 2025

November 16, 2025 #SpyNews - week 46 (November 9-15):A summary of 66 espionage-related stories from week 46 coming from...

---

November 15, 2025

November 15, 2025

November 15, 2025 On Monday, I’ll present a case that goes beyond the Anthropic espionage report, which in my view is far from comprehensive, showcasing one...

---

November 14, 2025

November 14, 2025

November 14, 2025 WSJ just dropped another strong investigation on how China is exploiting loopholes in U.S. export controls. To summarize what is happening...

---

November 13, 2025

November 13, 2025

November 13, 2025 A repo is for learning various heap exploitation techniques by @shellphishhttps://t.co/MDbkqR41jq pic.twitter.com/IhGrIoeIEQ— Alex Plaskett...

---

November 12, 20255

November 12, 2025

November 12, 20255 It’s been a year since I wrote this guide for @gijn on security best practices for investigative journalists, all of which is still very...

---

November 11, 2025

November 11, 2025

November 11, 2025 Kimi K2 thinking is truly impressive for an oss model, with it's assistant we developed fully firefox rce given 0x41414141 primitive in...

---

November 10, 2025

November 10, 2025

November 10, 2025 ...and check out this bonkers pipeline of upcoming vulns from Google Project Zero's transparency report! Perhaps the DNG fun is just...

---

November 9, 2025

November 9, 2025

November 9, 2025 Our assembly lessons are trending on @github !We have nearly 10k stars. https://t.co/fZyFRyTKWP pic.twitter.com/qZ7JpxsBZe— FFmpeg (@FFmpeg)...

---

November 8, 2025

November 8, 2025

November 8, 2025 What felony piracy taught me about B2C sales https://prison.josh.mn/lessons https://fly.io/blog/everyone-write-an-agent/...

---

November 7, 2025

November 7, 2025

November 7, 2025 #Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):https://t.co/aYK8gTJVXY— Sam Stepanyan (@securestep9) November 6,...

---

November 5, 2025

November 5, 2025

November 5, 2025 Read our latest crazy story on the spy who was so successful at pretending he's someone else that the GRU "killed off" his real persona and...

---

November 4, 2025

November 4, 2025

November 4, 2025 We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long...

---

November 3, 2025

November 3, 2025

November 3, 2025 VulnIndex — the fastest way to find real security researchhttps://t.co/q8G2JJ5lAW— Swissky (@pentest_swissky) November 2, 2025 Great VSquare...

---

November 2, 2025

November 2, 2025

November 2, 2025 Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds and have spawned a philosophical conversation on the...

---

November 1, 2025

November 1, 2025

November 1, 2025 Really cool story about the developer of ZeroAccess -The ZeroAccess Developer and His Windows Kernel-Mode...

---

October 31, 2025

October 31, 2025

October 31, 2025 Happy Halloween A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited.The attack chain:-...

---