the grugq's newsletter

Subscribe
Archives
September 30, 2025

September 30, 2025

September 30, 2025

Just uploaded my RomHack slides about attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy!https://t.co/LRYsCCm3nw pic.twitter.com/v8YkIRAAh7

— diversenok (@diversenok_zero) September 28, 2025


I absolutely love this paper, so much reverse engineering alpha

the researchers who won the rpi hacking challenge came together to describe in detail how they overcame the defenses of a secure-by-design chip, incl. custom laser fault injection and single instruction skips pic.twitter.com/O7tAoIIVCD

— lukas seidel (@pr0me) September 28, 2025

this is a comprehensive follow-up to a challenge released at last year's DEFCON, to pwn the new raspberry pi RP2350

amazing paper by @ghidraninja @nSinusR @azonenberg Kévin Courdesses and Aedan Cullen: https://t.co/R83mdTHjRA pic.twitter.com/uS0ySHOEvE

— lukas seidel (@pr0me) September 28, 2025

https://www.usenix.org/system/files/woot25-muench.pdf


Something you may not know about Sonnet 4.5: it’s a special model for cybersecurity.

For the past few months, the Frontier Red Team has been researching how to make models more useful for defenders.

We now think we’re at an inflection point. New post on Red: pic.twitter.com/ECOkVfeDKV

— Logan Graham (@logangraham) September 29, 2025


https://x.com/mez0/status/1972688783574184272


The "Linux kernel: eBPF vulnerabilities" summarized in August are now believed to have been made up https://t.co/Xmd7NlUZR8
"none of the reported problems constitute security issues" and may not "be problems at all, or made sense at all"https://t.co/X88UMLtNJJ

— Open Source Security mailing list (@oss_security) September 30, 2025


The constantly changing threat landscape requires eternal vigilance and fast reactions. Why, some of these vulnerabilities have only been public for as little as two years! https://t.co/yiXwG6gEQy

— thaddeus e. grugq (@thegrugq) September 29, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
Start the conversation:
X