March 14, 2025

                March 14, 2025

            March 14, 2025

            March 14, 2025

Some exciting research to share from Binarly REsearchers @cci_forensics and @pagabuc  -- a novel approach to UEFI bootkit detection. 

🔥Read the technical paper: "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior"

👉 https://t.co/KwmiNq9hdc pic.twitter.com/2UEtUiMiEN
— BINARLY🔬 (@binarly_io) March 13, 2025

Update: 
This Bybit launderer is trying to transfer their frozen USDC/USDT and does not understand why the transactions keep failing 🤣 https://t.co/sLsshZ6vrj pic.twitter.com/n5REKbQibY
— Nick Bax.eth (@bax1337) March 13, 2025

"This is decades-old code. On a first glance, it seems strange that it took so long to find such a trivial bug with fuzz testing..."

"This is really the same issue as CVE-2017-9047, just in a different function." - Back to 2017😅https://t.co/hXF3LKWuBU https://t.co/mwI1KZ8fGZ
— j00sean (@j00sean) March 13, 2025

Two equally smart Amazon robotspic.twitter.com/iaQvVT4veR
— Massimo (@Rainmaker1973) March 13, 2025

Bug reports and pocs:https://t.co/W4z514PeC8https://t.co/ItTL1xOKaA https://t.co/vKe0LPz1rQ
— j00sean (@j00sean) March 13, 2025

New FCC Chairman Brendan Carr has created a national security team at the commission to handle telecom supply chain risks, cyber threats, and emerging-technologies (6G, AI, quantum, space) competition with China: https://t.co/6E2TW1KYla
— Eric Geller (@ericgeller) March 13, 2025

https://t.co/ZYwPUN8Qg2 pic.twitter.com/TA751YWC3G
— horse powder (@JuliusIrvington) March 13, 2025

My Scammer Girlfriend: Baiting A Romance Fraudster

                  My Scammer Girlfriend: Baiting A Romance Fraudster | www.bentasker.co.uk
Romance fraud has been growing as an issue for years. It's not uncommon to see news stories with bewildered victims explaining just how deeply they'd been sucked in. After receiving a number of opener            

Security researcher @gentoo_python discovered a Prompt Injection on VirusTotal.

Could this be used as a form of social engineering to trick users into thinking a file is safe when it's not?

File hash: 1d30bfee48043a643a5694f8d5f3d8f813f1058424df03e55aed29bf4b4c71ce pic.twitter.com/PS5K5nWAqL
— vx-underground (@vxunderground) March 14, 2025

KrbRelayEx-RPC tool is out! 🎉
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;) https://t.co/Aebt5iFIjC pic.twitter.com/oObMOQYy1W
— Andrea Pierini (@decoder_it) March 13, 2025

Don't miss what's next. Subscribe to the grugq's newsletter: