March 17, 2026

MG

        March 17, 2026

March 17, 2026

        March 17, 2026

-The Iraq War was a disaster 
-Yeah but if we changed one letter and tried again?
— Karl Sharro (@KarlreMarks) March 16, 2026

we’re about to speedrun this realization across every institution in society aren’t we https://t.co/FjVHCdXoIY
— Rishi Mody ツ (@rishimody) March 16, 2026

Now You See mi - Now You're Pwned: Exploiting Xiaomi Smart Cameras for fun and credithttps://t.co/6Xqf9g4BiR

Our intern's research post is up, full code of an RCE exploit + a "cloud jailbreak" released with it. After embargo expiry, 3 vulnerabilities currently remain unfixed.
— Taszk Security Labs (@TaszkSecLabs) March 16, 2026

                                        Now You See mi: Now You're Pwned - taszk.io labs
                                    Exploiting and jailbreaking Xiaomi Home Security Smart Cameras

> nobody could’ve guessed higher standards of living reduce fertility

Literally Malthus, 225 years ago, who nobody reads:

> Among the clerks in counting-houses, and the competitors for all kinds of mercantile and professional employment, it is probable that the preventative… https://t.co/Whgot9azVw pic.twitter.com/w5Dg9bSkva
— Conrad Bastable (@ConradBastable) March 16, 2026

My friend @joegrand did it again. He’s not just recovering millions in crypto wallets, but also unveiling messy relationships, betrayal, etc. A very entertaining watch reminiscent of the start of a murder mystery. 

He’s also upgraded from voltage glitching to electro magnetic…
— MG (@_MG_) March 16, 2026

$75,000,000 Crypto Wallet Bulk Hack — Joe Grand
source: MG (@MG)

Over 700,000 repos ship crypto libraries that default to a static IV, creating widespread key reuse. We also released mquire, a Linux memory forensics tool, and added 12 new open-source Claude Code skills for security engineering. March Tribune: https://t.co/jqoW9hzIAa
— Trail of Bits (@trailofbits) March 17, 2026

            https://mailchi.mp/trailofbits/march-2026-tribune    

CIA in movies: Mission Impossible type shit

CIA in real life: “You are gay” https://t.co/5mXp99yaE1 pic.twitter.com/w8j4URrOhw
— Great House (@xspotsdamark) March 17, 2026

I suspect the phrase "non-kinetic no-fly zone" gave me permanent brain damage. I think about it all the time. 

Nothing better encapsulates the enduring Western faith in magical weaponry, and equally enduring disinterest in things like friction, strategy, politics, and tradeoffs. https://t.co/a08IbdWfY6
— Neil Renic (@NC_Renic) March 17, 2026

Hacking is easy. Hacking without getting caught is much harder.

In our red teaming engagements, breaching the target network is only the beginning. Once inside, the real priority is staying under the radar. Every action carries risk; a single careless move can burn the entire…
— thaidn (@XorNinja) March 17, 2026

This is an excellent paper from the folks at @AISecurityInst and worth reading. I will have to read it again but this particular point is a good one and I think the takeaway is important. Cyber attack chains across a set of enterprise systems (simulated or real) have a finite… https://t.co/SXOb0IzYvG
— chrisrohlf (@chrisrohlf) March 16, 2026

The 1% remaining functional Internet access in Iran has now dropped 90% as well. That's an unfortunate follow up to a  parallel issue resulting from Starlink's latest firmware update, which has apparently made many of terminals in Iran go dark!

Part of this extreme push is… https://t.co/sBG4ZVajJA
— Hamid Kashfi (@hkashfi) March 16, 2026

meet VMkatz, https://t.co/eza4AXRuFT
— NK (@Nikaiw) March 16, 2026

                                        GitHub - nikaiw/VMkatz: Extract Windows credentials directly from VM memory snapshots and virtual disks · GitHub
                                    Extract Windows credentials directly from VM memory snapshots and virtual disks - nikaiw/VMkatz

nikaiw/VMkatz (356 stars, Rust)
  Extract Windows credentials directly from VM memory snapshots and virtual disks
source: NK (@Nikaiw)

Both Discord and Telegram are being banned for use by Russian forces. I need to underline, this is catastrophic. An unparalleled disaster surpassing the Starlink shutdown. This will have dramatic operational impacts especially for drone teams in the short term if/when… https://t.co/clXOBj2k3w
— Woofers (@NotWoofers) March 16, 2026

Come work with us! https://t.co/YBLQVJwGCF
— Silvio Cesare (@silviocesare) March 16, 2026

Can AI agents conduct advanced cyber-attacks autonomously?

We tested seven models released between August 2024 and February 2026 on two custom-built cyber ranges designed to replicate complex attack environments.

Here’s what we found🧵 pic.twitter.com/rFRkOQu8yU
— AI Security Institute (@AISecurityInst) March 16, 2026

Wild story about a group of really sick people gambling on missile strikes in Israel & threatening journalists who report in ways that affect their bets.https://t.co/bNBaHnKnxS https://t.co/w3fyqtBAaW
— Shashank Joshi (@shashj) March 16, 2026

            https://www.timesofisrael.com/gamblers-trying-to-win-a-bet-on-polymarket-are-vowing-to-kill-me-if-i-dont-rewrite-an-iran-missile-story/    

LOLEXFIL
Living off the land Data Exfiltration methodhttps://t.co/iW2n2LBGK1
— mthcht (@mthcht2) March 15, 2026

            https://lolexfil.github.io    

                            Don't miss what's next. Subscribe to the grugq's newsletter:

            Email address (required)

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on Hacker News

                                Share via email

                                Share on Mastodon

                                Share on Bluesky