the grugq's newsletter

Subscribe
Archives
March 23, 2025

March 23, 2025

March 23, 2025

Landrun

Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel.

GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel.

Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun


“How nixOS could’ve detected the xz backdoor”

To quote the most relevant hacker news comment:

Note that NixOS and reproducible builds did notdetect the xz backdoor, and in fact NixOS shipped the malicious builds of xz (though they didn't do anything because the malware didn't target NixOS):

https://news.ycombinator.com/item?id=43448745

https://luj.fr/blog/how-nixos-could-have-detected-xz.html


I keep telling people to stop using the hydraulic analogy but noooo pic.twitter.com/7qXSyimr6J

— lcamtuf (@lcamtuf) March 22, 2025


Authorization Bypass in Next.js Middleware - CVE-2025-29927

research paper soon! https://t.co/WyFYAxIKsc pic.twitter.com/N04JdAL7ER

— zhero; (@zhero___) March 22, 2025

Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true`. Over 300k hits in Shodan, find more at:https://t.co/ewMXHIWyzA

— HD Moore (@hdmoore) March 23, 2025

the research paper is out:

Next.js and the corrupt middleware: the authorizing artifact

result of a collaboration with @inzo____ that led to CVE-2025-29927 (9.1-critical)https://t.co/GZkbnr6o9H

enjoy the read! pic.twitter.com/KyfY8a3suR

— zhero; (@zhero___) March 22, 2025

Link:

Next.js and the corrupt middleware: the authorizing artifact - zhero_web_security

CVE-2025-29927


lolol

FYI russians have already shot down the first F-47 in Sumy region
What's next? F-69?
Their military genius is undeniable pic.twitter.com/I8ud0G6c2U

— Karina Vinnikova (@KarinaVinnikova) March 21, 2025


#SpyNews - week 12 (March 16-22):
A summary of 68 espionage-related stories from week 12 coming from 🇮🇳🇵🇰🇬🇧🇦🇫🇮🇷🇰🇷🇺🇸🇸🇾🇺🇦🇷🇺🇯🇵🇧🇾🇹🇼🇨🇳🇽🇰🇷🇸🇩🇿🇫🇷🇹🇷🇮🇱🇨🇺🇱🇹🇵🇱🇩🇰🇭🇺🇩🇪🇱🇾🇲🇱🇹🇩🇷🇴🇨🇦🇮🇹🇿🇦🇳🇱🇻🇳🇵🇭🇰🇭🇦🇿🇦🇲🇨🇱🇲🇽 https://t.co/77HSyX9OIX#OSINT #HUMINT #SIGINT #espionage #spy

— Spy Collection (@SpyCollection1) March 23, 2025


Found Writing a Tiny x86 Bootloader! This gorgeous little site teaches you how to build a bootloader in Assembly! You will learn a lot of low-level system design, OS stuff, and Assembly going through this! Have fun! pic.twitter.com/LiqGaoaXop

— Roy Carrilho (@RuiCarrilho5) March 21, 2025

Link:

https://www.joe-bergeron.com/posts/Writing%20a%20Tiny%20x86%20Bootloader/


Attending and speaking at the inaugural edition of @REverseConf was fantastic. Great crowd, great organization by @vector35 folks, great discussions and great vibes! Slides of my talk on firmware analysis is available here: https://t.co/IpKA6fDQd1 pic.twitter.com/7MSj4wa6tE

— Robin David (@RobinDavid1) March 22, 2025


https://afine.com/history-of-null-pointer-dereferences-on-macos/


Typhoons in Cyberspace

A good read.

Typhoons in Cyberspace | Royal United Services Institute

The transformation of China’s digital attack capabilities is the most important change in the cyber threat to the West in more than a decade, writes Ciaran Martin.


Awesome!

I so wish this is true.. pic.twitter.com/SL4k2OBvYs

— haroon meer (@haroonmeer) March 23, 2025


Claude reversing a binary using Binary Ninja via MCP while I get a snack@bl4sty@ziyadedher@vector35 https://t.co/tQU8CVpPCH pic.twitter.com/6KV9htSUnD

— itszn (@itszn13) March 21, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
X