March 20, 2026

        March 20, 2026

March 20, 2026

        March 20, 2026
Sorry about the slight absence. Twitter changed their API which broke the newsletter. Fixed. For now...

            They’re telling me a great empire will be destroyed if I attack Persia. Even the oracles who don’t like me very much, very nasty, they all said to me, “Sir, it’s one of the great empires, and it’ll be destroyed. And all because you attacked Persia.” That’s what they’re telling me.
                    — Ken Jennings (@kenjennings.bsky.social)            March 17, 2026        

After leaving counterintelligence, life became public due to WikiLeaks. This led to writing "Reverse Deception," a book on counter-exploitation, teaching how to hack hackers. It also laid out the first structured criteria for APTs. #Cybersecurity #Counterintelligence #Hacking pic.twitter.com/X4vz4tYjsb
— Phillip Wylie (@PhillipWylie) March 19, 2026

I have no idea when Virus Bulletin uploaded our paper - but here it is: our talk from last September at VB2025, where we talked about an APT41-adjacent group started using Google Calendar C2 as part of their espionage operation.

🔗Link below for the slides and paper pic.twitter.com/W5Hladx3BS
— 安坂星海 Azaka || VTuber (@AzakaSekai_) March 19, 2026

Black Cube, leaked tapes and corruption: Israeli spy firm crashes Slovenia’s election  https://t.co/azLOo3qdOT
— Dr. Dan Lomas (@Sandbagger_01) March 19, 2026

                                        Black Cube, leaked tapes and corruption: Israeli spy firm crashes Slovenia’s election  – POLITICO
                                    Foreign interference looms over the vote after accusations that a private intelligence company meddled in the campaign.  

The appeal of polyamory, for many journalists, lies in the thought of having more than one guaranteed reader.https://t.co/vW0tvxyXsl
— Ben Sixsmith (@BDSixsmith) March 20, 2026

imagine the suspense! very nice work from @qualys once again :) https://t.co/yMR2ZQ96tT pic.twitter.com/dynYYgwYt1
— blasty (@bl4sty) March 19, 2026

            https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt    

The one man who could have re-opened Hormuz by himself. https://t.co/M9cZNnUehf
— Shashank Joshi (@shashj) March 20, 2026

Ukrainian military intelligence managed to hack communications between the Iranian embassy in Moscow and people connected to Russia's Shahed-136 drone programme and has reported a sharp uptick in scientific cooperation between Moscow and Teheran. https://t.co/Zo6emIKBj7
— David Colon (@Colon_David) March 19, 2026

            https://www.intelligenceonline.com/middle-east-and-africa/2026/03/19/shahed-136-kyiv-says-russia-stepping-up-iran-technology-transfers,110683978-art    

Last year, I met a Mexican athlete who told me an incredible story—that he’d been kidnapped in 2023 and forced to compete for his life in a secret tournament of cartels. Once I started reporting, the story only got more surreal. 

For the May issue:https://t.co/O7YQwJRpu5
— McKay Coppins (@mckaycoppins) March 20, 2026

                                        The Incredible Story of the Cartel Olympics - The Atlantic
                                    A Mexican athlete said he was kidnapped and forced to compete for his life in a tournament of gangs. But was he actually playing a different game?

*decades where nothing happens* wow this sucks. *weeks where decades happen* wow this is worse.
— they/them might be giants ☭ (@babadookspinoza) March 18, 2026

You killed the moderate (Kantian Philosopher) now you get the radical (PhD in Supply Chain Logistics) https://t.co/XSvbpkSi5F
— Kanye East (@FuckedUpYogis) March 19, 2026

When I was at university a Nigerian on my engineering course told a joke about corruption I adapt it for the present:

So a Pakistani engineer, a Nigerian engineer and an English lawyer go to visit each others country after graduating.

Nigerian visits the Pakistani guy. Says… https://t.co/2tpmW6ts4d
— AnglofuturistParty (@FuturistPartyGB) March 19, 2026

people misunderstand the icarus story. the problem was not that he flew too high. it's that the wings were made of beeswax, which offered very little resistance to heating. with modern materials he would have had no problems. we can fly as close to the sun as we want now
— sigfig (@sigfig) March 18, 2026

Wonder what I mean? Well, for one, even with seamless tool integration, the frontier models are still pretty poor at debugging for xdev purposes. It makes sense — the public training data for that is inexistent… https://t.co/NyLO2kQPgz
— chompie (@chompie1337) March 20, 2026

Using CC/Codex in interactive sessions has given me more empathy for scepticism about their use in hard exploit dev scenarios.
You are working with a fundamentally diff category of system when you treat agents as a primitive for building search algorithms versus interactive tools
— Sean Heelan (@seanhn) March 19, 2026

Anyone know how to beat this level? pic.twitter.com/MPlvHV2pn9
— Matt Griswold (@griswold) March 20, 2026

Did YOU want to watch CCTV's AI Martial Arts cartoon about the Straits of Hormuz crisis? Complete with fighting Persian Cats? Well I subtitled it for you so you can enjoy it in all its trope-laden glory! Remember kids, the mountains will stay standing while the green water flows,… https://t.co/EOLyhCWjyS pic.twitter.com/sp8WTbI68Z
— Angelica 🌐⚛️🇹🇼🇨🇳🇺🇸 (@AngelicaOung) March 19, 2026

🚨🇫🇷 NEW: The location of the French aircraft carrier, FS Charles de Gaulle, has been given away by a sailor using Strava whilst jogging on the ship deck

[@lemondefr] pic.twitter.com/FuoKMAs06w
— Politics Global (@PolitlcsGlobal) March 19, 2026

This article really feels like @Tenzai_Labs paid for it, it doesnt describe/note the CTFs, has "elite, nation-grade offensive capabilities", no stats on anything, not even a link to the research that makes them have to justify these claims? https://t.co/KsRN6VasH3
— AndrewMohawk⁽ⁿᵘˡˡ⁾ (@AndrewMohawk) March 18, 2026

Two full iOS exploit kits in one month, deployed via watering holes on public websites, potentially affecting hundreds of millions of devices. Will Apple acknowledge that this no longer fits the "very small number of highly targeted individuals" narrative? pic.twitter.com/5HNdsZjoXj
— Ryan Naraine (@ryanaraine) March 18, 2026

Source docs:

- Google https://t.co/xmRunDiXyT 
- iVerify https://t.co/AQDgtHyuN4 
- Lookout https://t.co/TCMfZqz4Kr
— Ryan Naraine (@ryanaraine) March 18, 2026

                                        The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog
                                    DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.

                                        Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
                                    Shortly after our publication on the Coruna exploit kit, a collaborating researcher at Lookout flagged a suspicious-looking URL possibly related to the threat actor from Russia linked with Coruna. 

                                        Attackers Wielding DarkSword Threaten iOS Users | Threat Intel

                            Don't miss what's next. Subscribe to the grugq's newsletter:

            Email address (required)

          Add a comment:

                Share this email:

                                Share on Twitter

                                Share on Hacker News

                                Share via email

                                Share on Mastodon

                                Share on Bluesky