the grugq's newsletter

Subscribe
Archives
July 12, 2025

July 12, 2025

July 12, 2025

This one mostly flew below radar and media coverage, but I think is a significant case. The article refrains from directly naming the group or targets, but I guess it would take 30 seconds to figure out "Handala".

I spent a bit of time reviewing the dumps and there's indeed…

— Hamid Kashfi (@hkashfi) July 11, 2025



https://www.theregister.com/2025/07/10/airman_admits_dating_app_leaks/?td=rt-3a


Again an interesting bug, an excellent and very detailed report with PoC & exploit from 303f06e3🔥🔥🔥

[$50000][403211343][turboshaft]Improper Error Handling in LateLoadElimination for String Map -> RCEhttps://t.co/UWeDbeVNYh https://t.co/Kxb2HQ3yqu pic.twitter.com/lrUBH54sCg

— xvonfers (@xvonfers) July 11, 2025


"In general the report's central recommendation is that Europe break free from Atlantic [read: US] subordination and instead achieve strategic autonomy by partnering with China" https://t.co/IlnRKGvkE1

— Ramez Naam (@ramez) July 11, 2025


Modern obfuscation techniques - a great weekend read.

Master's thesis (by Roman Oravec) investigates various common obfuscation techniques and freely available implementations, focusing on the LLVM Pass Framework's potential for program obfuscation.

Additionally, several… pic.twitter.com/e7ErtjOUAH

— SEKTOR7 Institute (@SEKTOR7net) July 11, 2025


MoonPay apparently gets scammed out of a $250,000 donation to Trump inaugural fund

July 11, 2025 pic.twitter.com/WAwbFMk6go

— web3 is going just great (@web3isgreat) July 11, 2025


Here is our 0day for kernelCTF🩸
- 82k bounty
- quickest submission ever
- all instances pwned😎https://t.co/0sb11m8ITD

Disclaimer: We apologize for abusing the red black tree family. Turning grandparents against grandchildren is only acceptable in the context of pwn😤 https://t.co/nSXBNe8zm8

— Crusaders of Rust (@cor_ctf) July 11, 2025


Just dropped a blog post on reproducing a known voltage glitching attack to bypass APPROTECT on the nRF52840! 😎 Spent hours soldering & debugging to get it right. Not novel, but a messy journey—check it out: https://t.co/TY6WjWo1Fn

— Matias Soler (@gnuler) July 11, 2025


Can an AI model predict perfectly and still have a terrible world model?

What would that even mean?

Our new ICML paper formalizes these questions

One result tells the story: A transformer trained on 10M solar systems nails planetary orbits. But it botches gravitational laws 🧵 pic.twitter.com/GDxnK8gaid

— Keyon Vafa (@keyonV) July 11, 2025


Happy Friday! We're ending the week by publishing our analysis of Fortinet's FortiWeb CVE-2025-25257....https://t.co/p8v99cD5LG

— watchTowr (@watchtowrcyber) July 11, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
X