the grugq's newsletter
Archives
Search
Subscribe
November 14, 2025
November 14, 2025
November 14, 2025 WSJ just dropped another strong investigation on how China is exploiting loopholes in U.S. export controls. To summarize what is happening...
November 13, 2025
November 13, 2025
November 13, 2025 A repo is for learning various heap exploitation techniques by @shellphishhttps://t.co/MDbkqR41jq pic.twitter.com/IhGrIoeIEQ— Alex Plaskett...
November 12, 20255
November 12, 2025
November 12, 20255 It’s been a year since I wrote this guide for @gijn on security best practices for investigative journalists, all of which is still very...
November 11, 2025
November 11, 2025
November 11, 2025 Kimi K2 thinking is truly impressive for an oss model, with it's assistant we developed fully firefox rce given 0x41414141 primitive in...
November 10, 2025
November 10, 2025
November 10, 2025 ...and check out this bonkers pipeline of upcoming vulns from Google Project Zero's transparency report! Perhaps the DNG fun is just...
November 9, 2025
November 9, 2025
November 9, 2025 Our assembly lessons are trending on @github !We have nearly 10k stars. https://t.co/fZyFRyTKWP pic.twitter.com/qZ7JpxsBZe— FFmpeg (@FFmpeg)...
November 8, 2025
November 8, 2025
November 8, 2025 What felony piracy taught me about B2C sales https://prison.josh.mn/lessons https://fly.io/blog/everyone-write-an-agent/...
November 7, 2025
November 7, 2025
November 7, 2025 #Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):https://t.co/aYK8gTJVXY— Sam Stepanyan (@securestep9) November 6,...
November 5, 2025
November 5, 2025
November 5, 2025 Read our latest crazy story on the spy who was so successful at pretending he's someone else that the GRU "killed off" his real persona and...
November 4, 2025
November 4, 2025
November 4, 2025 We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long...
November 3, 2025
November 3, 2025
November 3, 2025 VulnIndex — the fastest way to find real security researchhttps://t.co/q8G2JJ5lAW— Swissky (@pentest_swissky) November 2, 2025 Great VSquare...
November 2, 2025
November 2, 2025
November 2, 2025 Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds and have spawned a philosophical conversation on the...
November 1, 2025
November 1, 2025
November 1, 2025 Really cool story about the developer of ZeroAccess -The ZeroAccess Developer and His Windows Kernel-Mode...
October 31, 2025
October 31, 2025
October 31, 2025 Happy Halloween A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited.The attack chain:-...
October 30, 2025
October 30, 2025
October 30, 2025 NEW: exec at zero-day supplier pleads guilty to selling to buyer in Russia.FBI had warned elite supplier Trenchant about a potential leak in...
October 29, 2025
October 29, 2025
October 29, 2025 More interposer fun, this time with DDR5 memory. Breaking TDX, SGX, SEV and even Nvidia TEEs. Checkout our work at https://t.co/Jl1dpGnM6J,...
October 28, 2025
October 28, 2025
October 28, 2025 📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we...
October 27, 2025
October 27, 2025
October 27, 2025 Spent some time on an old iOS WebKit bug to learn about browser exploitation https://t.co/CDySlTzGM6 pic.twitter.com/0a7maHBU8b— Billy Ellis...
October 26, 2025
October 27, 2025
October 26, 2025 This week I had the pleasure of guest lecturing at both Georgetown University and Johns Hopkins SAIS on the intersection of AI, cyber and...
October 24-25, 2025
October 25, 2025
October 24-25, 2025 This significantly changes the context of the “iOS Vuln dev hacked!” story. It is a clear national security issue, with exploits sold to...
Newer archives
Older archives