July 17, 2025

                July 17, 2025

            July 17, 2025

            July 17, 2025

https://t.co/b0CJjfm4eB pic.twitter.com/PhAlnlIKrI
— Silas Cutler // p1nk (@silascutler) July 17, 2025

This is so much! 🔥🔥😎

Found two new Potato triggers just today. Not only Potato but can also be used for LPE as remote auth is done which could be relayed to LDAP without Signing enabled. Or relayed to ADCS for a certificate.https://t.co/H83AIxtskn
— S3cur3Th1sSh1t (@ShitSecure) July 15, 2025

This is neat, using EntrySign to backport microcode patches to EOL systems without BIOS updates. https://t.co/LzfyikvzKV
— Tavis Ormandy (@taviso) July 17, 2025

I just learned that OSC8 (hyperlinks) in Windows Terminal uses ShellExecute(). Excellent trolling potential for README files 😆 pic.twitter.com/7dKrIfLNRn
— Tavis Ormandy (@taviso) July 17, 2025

Ukraine's military intelligence agency confirmed that it participated with two volunteer hacking groups in an operation against Gaskar Group, a Russian drone company https://t.co/G5koRFDDhd
— The Record From Recorded Future News (@TheRecord_Media) July 16, 2025

Unchained Skies: A Deep Dive into Reverse Engineering and Exploitation of Drones from @m_u00d8 / @74ck_0 https://t.co/kX2rRscmtC
— Silas Cutler // p1nk (@silascutler) July 16, 2025

CVE-2025-4941 - Trend ZDI analyst  @hosselot details the Firefox bug used at #Pwn2Own Berlin by Manfred Paul. Includes root cause analysis and video demo. https://t.co/OEY3e4YEpQ
— Trend Zero Day Initiative (@thezdi) July 15, 2025

The data footprints of China’s transnational repression https://t.co/FJ5kk1oHRd
— switched (@switch_d) July 17, 2025

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: