the grugq's newsletter

Subscribe
Archives
June 22, 2025

June 22, 2025

June 22, 2025

https://t.co/kZuTtTS9dV
Pretty cool experimentation work from the Infoblox team to speed up the boring work of web searches for open source threat intelligence reports and extracting IoCs. If you spend a lot of time at work copying and pasting stuff from security blogs... ๐Ÿ‘€

โ€” randy@infosec.exchange (@rpargman) June 20, 2025


What is interesting to me here is how a perfect crime fell apart because a member on the periphery was busted for something unrelated.

The court heard authorities were alerted to the scheme when the lavish lifestyle of a Portuguese man and his partner caught the attention of French authorities.

Questioned by police about the acquisition of properties in France and Portugal worth โ‚ฌ1.2m while on an income of about โ‚ฌ2,500 a month, the man โ€“ who it turned out worked as a handyman in Parisian galleries โ€“ confessed to his part in working as a middleman who collaborated in the furniture fraud, news agency AFP reported. The money trail then led investigators to Mr Desnoues and Mr Pallot.

The furniture fraud who hoodwinked the Palace of Versailles - BBC News

Bill Pallot and Bruno Desnoues falsified 18th-century furniture they said belonged to French royalty.


This is my research project in creating read, write and allocate primitives that can be turned into an injection in order to evade certain telemetry which I presented last year in RedTreat. I hope everyone likes it \m/. https://t.co/GY37MMfCGl

โ€” trickster0 (@trickster012) June 21, 2025


Vanessa Molter shared a talk on GLASSBRIDGE, a group of 4 companies that push pro-PRC narratives by operating networks of inauthentic news sites & newswire services.

Talk here >>> https://t.co/kMdg7hVSIi
Here research here >>> https://t.co/GcJfTLyJa9

โ€” CYBERWARCON (@CYBERWARCON) June 20, 2025


Woah, @WangTielei talk โ€œSending Me Your IOUserClients: A Bypass to Immovable Portsโ€ at @deepsec_cc was insanely good! I enjoyed it! Super clever new discovery. feels awesome to see other researchers referencing my past work. pic.twitter.com/0Th5sGYWEO

โ€” Huke (@08Tc3wBB) June 20, 2025


Three unexpected attack scenarios:
1. Marshaling private data with misconfigured tags
2. Parser differentials in a microservices architecture
3. Cross-format confusion attacks (JSONโ†’XML)https://t.co/2IpN8pvVI0

โ€” Trail of Bits (@trailofbits) June 18, 2025


Vibe coded a minimal #bugbounty progress tracker app

It helps

โ†’ Break down the complex hunting methodology, inspired by @Jhaddix's TBHM, into simple steps
โ†’ Avoids missing test cases
โ†’ Pro-privacy: Offline, no data collected
โ†’ Uses less memory
โ†’ Stores data in .YAML files pic.twitter.com/qGOmmoZTk5

โ€” payloadartist (@payloadartist) June 21, 2025

https://paragon.lovable.app/

GitHub: https://t.co/p6LrAvAFuA

โ€” payloadartist (@payloadartist) June 21, 2025


Linus Torvalds & Bill Gates just met each other for the first time pic.twitter.com/vEGq6C44pg

โ€” nixCraft ๐Ÿง (@nixcraft) June 21, 2025


Prompt injection works a lot better if your message sounds like the data the model was trained on.

Some prompt formats that have worked in real bugs: pic.twitter.com/uf8AdUqEbm

โ€” Critical Thinking - Bug Bounty Podcast (@ctbbpodcast) June 21, 2025


The future is wild.

https://www.reddit.com/r/CombatFootage/comments/1lgy71n/ukrainian_ground_drone_cut_off_the_fiber_optic/


working on a theory that US intervention in the middle east is correlated to 11 year solar cycle of sunspot activity pic.twitter.com/ZMhJmYrjqJ

โ€” onionweigher ๐Ÿง…โš–๏ธ (@onionweigher) June 22, 2025


#SpyNews - week 25 (June 15-21):
A summary of 84 espionage-related stories from week 25 coming from ๐Ÿ‡ธ๐Ÿ‡ด๐Ÿ‡ฎ๐Ÿ‡ฑ๐Ÿ‡ฎ๐Ÿ‡ท๐Ÿ‡ฎ๐Ÿ‡ณ๐Ÿ‡ต๐Ÿ‡ฐ๐Ÿ‡ฉ๐Ÿ‡ฐ๐Ÿ‡ท๐Ÿ‡บ๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‡ฒ๐Ÿ‡ฝ๐Ÿ‡จ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡น๐Ÿ‡ท๐Ÿ‡น๐Ÿ‡ผ๐Ÿ‡ง๐Ÿ‡ท๐Ÿ‡ฐ๐Ÿ‡ฟ๐Ÿ‡ซ๐Ÿ‡ท๐Ÿ‡ต๐Ÿ‡ธ๐Ÿ‡ฆ๐Ÿ‡ฟ๐Ÿ‡ณ๐Ÿ‡ฑ๐Ÿ‡ฎ๐Ÿ‡น๐Ÿ‡ป๐Ÿ‡ฆ๐Ÿ‡ณ๐Ÿ‡ฌ๐Ÿ‡ธ๐Ÿ‡ช๐Ÿ‡ฒ๐Ÿ‡ณ๐Ÿ‡ช๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ท๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ‡ท๐Ÿ‡ธ๐Ÿ‡ฝ๐Ÿ‡ฐ๐Ÿ‡ฑ๐Ÿ‡ป๐Ÿ‡ซ๐Ÿ‡ฎ๐Ÿ‡ฐ๐Ÿ‡ท๐Ÿ‡ฐ๐Ÿ‡ต๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ธ๐Ÿ‡ฆ๐Ÿ‡ฎ๐Ÿ‡ถ๐Ÿ‡ฏ๐Ÿ‡ด๐Ÿ‡ธ๐Ÿ‡พ๐Ÿ‡ฐ๐Ÿ‡ผ๐Ÿ‡ฑ๐Ÿ‡ง๐Ÿ‡น๐Ÿ‡ณ๐Ÿ‡บ๐Ÿ‡ฟ๐Ÿ‡ฉ๐Ÿ‡ช๐Ÿ‡ง๐Ÿ‡ช๐Ÿ‡ฆ๐Ÿ‡ฒ๐Ÿ‡ง๐Ÿ‡ฌ๐Ÿ‡ฆ๐Ÿ‡น๐Ÿ‡จ๐Ÿ‡พ https://t.co/VllXWDbIgD#espionage #OSINT #HUMINT #SIGINT #spy

โ€” Spy Collection (@SpyCollection1) June 22, 2025


๐Ÿ‡บ๐Ÿ‡ธ #US: The FBI has arrested James Wesley Burger, a 21 year old from Round Rock, Texas, for allegedly threatening a violent attack on a Christian music festival, which he discussed on the online game Roblox.

Federal agents were tipped off by another user who overheard Burgerโ€ฆ pic.twitter.com/rFWCK2WRpG

โ€” POPULAR FRONT (@PopularFront_) June 22, 2025


Guys i don't mean to brag but my feedback was valuable and will be used to improve the user experience

โ€” John Attridge (@John_Attridge) June 21, 2025
Don't miss what's next. Subscribe to the grugq's newsletter:
X