September 12, 2025

                September 12, 2025

            September 12, 2025

            September 12, 2025

Scattered Lapsus$ Hunters has provided the following message on breachforums[.]hn.

They have essentially retired. pic.twitter.com/eLsPxv87EM
— Dark Web Informer (@DarkWebInformer) September 12, 2025

[Research] LLVM based VMProtect Devirtualization: Part 1 (EN)https://t.co/H2M9CQtkTy

Hello, this is banda. In this post, I summarize the process of analyzing and devirtualizing VMProtect’s virtualization obfuscation using LLVM-based techniques. I also experimented with… pic.twitter.com/KWxVMpkiky
— hackyboiz (@hackyboiz) September 11, 2025

Mayor step for my friends over @synthient  today. 
New search tool for #ResidentialProxy detection released. 
Over 100Mio #proxy ips from most mayor providers listed. 
Amazing work. 
Try out for free: https://t.co/qVTuHw6gXp https://t.co/qem5CxotAc pic.twitter.com/JbRIXV2InK
— Gi7w0rm (@Gi7w0rm) September 11, 2025

Another CVE/exploit that might have worked regardless of MTE :) → https://t.co/DkWsOLXQWS
it hijacks Apple GPU firmware → GPU gains full RAM R/W. 
MTE only guards CPU loads/stores, GPU DMA is outside of its scope. https://t.co/SzI2Nb1Ly3
— Meysam (@R00tkitSMM) September 12, 2025

Fun fact this 3€ USB-C to Headphone converter has more Flash and RAM then the first moon landing.https://t.co/t2GQqD84AH

The internal RISCV Bluetrum SoC AB136D got:
128 KB Flash
60 KB RAM

Perfect USB Rubber Ducky, easy to reflash without opening via the USB DP Pin🤪 pic.twitter.com/GkVGEyyHRb
— atc1441 (@atc1441) September 11, 2025

MTE won't stop exploiting vulnerabilities/CVEs like MacDirtyCow or CVE-2022-46689. 
It’s a VM page-permission race (TOCTOU), not a spatial/temporal memory bug.https://t.co/LX8trBvQLChttps://t.co/pMpTlmVbMu https://t.co/3aWwZ1rfA4
— Meysam (@R00tkitSMM) September 12, 2025

The duality of VNC hackers on Shodan: one scrolling for  furry pr0n while another is writing a document on LibreOffice about computer (same machine, different ports) pic.twitter.com/AnVNzlQwOI
— Xylitol (@Xylit0l) September 11, 2025

Huntress tracked a threat actor who installed their Managed EDR product, sparking debate online over triage limitations and user privacy. I sat down with @_JohnHammond to separate fact from misunderstanding.

Watch the full video at the link below! pic.twitter.com/OwhCdOf0V9
— Tib3rius (@0xTib3rius) September 12, 2025

Don't miss what's next. Subscribe to the grugq's newsletter:

Start the conversation: