March 13, 2026

        March 13, 2026

March 13, 2026

        March 13, 2026

🚨 Meet #CrackArmor. What happens when vulnerabilities are found in the very security module designed to protect your Linux system?

I am incredibly proud to share the latest research from our team at the Qualys Threat Research Unit (TRU). We have uncovered CrackArmor: a set of 9…
— Saeed Abbasi (@saeed4bbasi) March 13, 2026

            https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root    

Qualys keeping some real OG hackers on the payroll, always love reading their findings. Rest in peace to our friend Stealth, truly one of the greatest. https://t.co/BW9aPow3p3 pic.twitter.com/fSA08yIyNM
— Richard Johnson (@richinseattle) March 13, 2026

Instead of reading The Atlantic article from today, I'd encourage you instead to check out the best gambling article of all time from 7 years ago @spanky @davehill77 
And if you've never read it, you're in for a treat. I reread this once a year.
 https://t.co/lUD14nhUrt
— Brian Winter (@TheGoldenBlazer) March 12, 2026

                                        Requiem for a Sports Bettor - The Ringer
                                    Gambling on sports has never been more high-stakes or more accessible. But with the invasion of Europe-based companies in the game, the pros are feeling squeezed and routinely getting banned from plying their trade. Is this the end of the professional sports bettor?

New details emerge about the arrested Chinese spy in Prague, reported by @okundra :

- Mr. Jang I-ming worked for MSS, used fake cover as „journalist“

- he was under detailed surveillance by Czech counter-intelligence (BIS)

- when the Chinese spy was arrested in Prague, Czechia…
— Jakub Janda 楊雅嚳 (@_JakubJanda) March 12, 2026

                                        Čínský špion v Praze: na koho sbíral informace a proč se možná dostane na svobodu?  • RESPEKT
                                    Případ agenta Pekingu míří před soud a dává naději jednomu českému vězni v Číně

The fact that most captchas are based on robots not being able to identify bikes or traffic lights doesn't fill me with confidence for self-driving cars.
— Martin Pilgrim (@MartinPilgrim1) March 12, 2026

Honestly, this Straight of Hormuz drama is making me realize that we really lucked out with getting an interesting worldmap. Great seed.
— corsaren (@corsaren) March 12, 2026

An alternative explanation: when SpaceX implemented the whitelist, they may have migrated verified terminals to a different AS. What this graph could be showing is not "75% of traffic was Russian" but rather "75% of terminals moved off AS14593 to a new AS where whitelist… https://t.co/RYP7oUHIgw
— Ruslan Leviev (@RuslanLeviev) March 13, 2026

There should also be a MacArthur Dumbass Grant where they give you $800 to do something interesting but fundamentally very stupid.
— vg (@VitruviusGrind) March 12, 2026

If we could just raise sea levels by 150 meters we get a backup Strait of Hormuz pic.twitter.com/f6IPLlm8a7
— Terrible Maps (@TerribleMaps) March 12, 2026

An AI agent was told only to retrieve a document. When it encountered access restrictions, it reverse-engineered the authentication system, identified a hardcoded secret key, and forged admin credentials to bypass it.

This is one of three scenarios we documented in a new… pic.twitter.com/ishTYKzeHb
— Irregular (@Irregular) March 12, 2026

We decided to revisit an old research problem with some new LLM powered tooling. Check out our latest blog post to see how we approached this research, and the new Java deserialization gadget chains it discovered in just two days! https://t.co/3kSWWl71W9
— Atredis Partners (@Atredis) March 12, 2026

            http://buff.ly/CeAQZ2B    

"For the first time since we began publishing the CTHR in 2021, we observed a tactical pivot by threat actors. They’re now targeting third-party software vulnerabilities more than weak or missing credentials as the primary initial access vector." https://t.co/wSC5lPPGAZ
— Richard Seroter (@rseroter) March 12, 2026

                                        Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats | Google Cloud Blog
                                    Threat actors are exploiting vulnerabilities faster than ever, from our newest Cloud Threat Horizons Report. Here’s what CISOs need to know.

AI agents told to conduct routine tasks on a simulated corporate network went rogue. "No adversarial prompting was involved. The agents independently discovered vulnerabilities, escalated privileges, disabled security tools, and exfiltrated data." https://t.co/jDjDgPb5rk
— Kim Zetter (@KimZetter) March 12, 2026

                                        Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors - Irregular
                                    In controlled experiments, AI agents performing routine enterprise tasks were found to autonomously engage in offensive cyber operations, including vulnerability exploitation, privilege escalation, and steganographic data exfiltration. The agents received no offensive instructions of any kind. The research identifies four contributing factors to this emergent behavior and examines why standard cybersecurity controls are insufficient against agentic threat actors.

Kim calls out a detail in the attack on Stryker attack that will get lost in medical/national security headlines.

Executives had personal phones wiped because corporate MDM was installed on their private devices!!

Without proper personal backups, personal assets are potentially… https://t.co/lXrRjYrEhN
— Jeremy Banon (@jeremybanon) March 12, 2026

This is an old classic from #phrack, the tricks have become even more complex and we'll never ask you to donate to a patreon for our content! pic.twitter.com/YlzlCwW0TC
— Richard Johnson (@richinseattle) March 12, 2026

Ex-MI5 contractor flew to Latvia to pass secrets to foreign power, court hears https://t.co/h4QmY2LOhY
— Dr. Dan Lomas (@Sandbagger_01) March 12, 2026

                                        Ex-MI5 contractor flew to Latvia to pass secrets to foreign power, court hears | UK News | Sky News
                                    Juan Joseph, 42, is on trial accused of breaching the Official Secrets Act at the Old Bailey, where large parts of the case are being heard behind closed doors over national security concerns.

Ukraine opens battlefield data to train AI models for autonomous systems — first in the world 🤘

Millions of annotated combat frames from thousands of missions are now available for partners to train AI. This creates a new win-win cooperation model: partners refine their… pic.twitter.com/l07MQBX1Nu
— Mykhailo Fedorov (@FedorovMykhailo) March 12, 2026

                            Don't miss what's next. Subscribe to the grugq's newsletter:

            Email address (required)

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on Hacker News

                                Share via email

                                Share on Mastodon

                                Share on Bluesky