Archive • the grugq's newsletter

November 25, 2025

November 25, 2025 A ton of great info here about what Apple does for their secure boot chain: “A Reverse Engineer’s Anatomy of the macOS Boot Chain &...

November 24, 2025

November 24, 2025 🚀 open-sourced santamon — a lightweight macOS detection sidecar that reads Santa's ES telemetry, runs CEL detection rules locally, and only...

November 23, 2025

November 23, 2025 CVE-2025-49752 is a critical authentication bypass vulnerability in Azure Bastion that could allow remote privilege escalation, directly...

November 22, 2025

November 22, 2025 Random Friday news: CrowdStrike says it caught an insider sharing screenshots with ShinyHunters and fired them last month. Allegedly,...

November 21, 2025

November 21, 2025 Today I sent the first daily digest of https://t.co/Rat6IbxJtD :) I hyperfocused for a few days and got it 80% working. I feel like one of...

November 20, 2025

November 20, 2025 https://risky.biz/BTN145/ The https://t.co/OpFfwtJCLm post by @xoreipeip shows how prepared statements can be exploited in NodeJS using...

November 19, 2025

November 19, 2025 This new 0day found by Google Big Sleep if not via fuzzing harness but purely by reasoning would be super cool! Coincidence with the Gemini...

November 18, 2025

November 18, 2025 The @ThinkstCanary ThinkstScapes Q3 report is out. A great quarterly overview of interesting research shared in the security community. It...

November 17, 2025

November 17, 2025 https://djnn.sh/posts/anthropic-s-paper-smells-like-bullshit/ Some in cybersec were debating how much VPNs protect your privacy while on...

November 16, 2025

November 16, 2025 #SpyNews - week 46 (November 9-15):A summary of 66 espionage-related stories from week 46 coming from...

November 15, 2025

November 15, 2025 On Monday, I’ll present a case that goes beyond the Anthropic espionage report, which in my view is far from comprehensive, showcasing one...

November 14, 2025

November 14, 2025 WSJ just dropped another strong investigation on how China is exploiting loopholes in U.S. export controls. To summarize what is happening...

November 13, 2025

November 13, 2025 A repo is for learning various heap exploitation techniques by @shellphishhttps://t.co/MDbkqR41jq pic.twitter.com/IhGrIoeIEQ— Alex Plaskett...

November 12, 20255

November 12, 2025

November 12, 20255 It’s been a year since I wrote this guide for @gijn on security best practices for investigative journalists, all of which is still very...

November 11, 2025

November 11, 2025 Kimi K2 thinking is truly impressive for an oss model, with it's assistant we developed fully firefox rce given 0x41414141 primitive in...

November 10, 2025

November 10, 2025 ...and check out this bonkers pipeline of upcoming vulns from Google Project Zero's transparency report! Perhaps the DNG fun is just...

November 9, 2025

November 9, 2025 Our assembly lessons are trending on @github !We have nearly 10k stars. https://t.co/fZyFRyTKWP pic.twitter.com/qZ7JpxsBZe— FFmpeg (@FFmpeg)...

November 8, 2025

November 8, 2025 What felony piracy taught me about B2C sales https://prison.josh.mn/lessons https://fly.io/blog/everyone-write-an-agent/...

November 7, 2025

November 7, 2025 #Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):https://t.co/aYK8gTJVXY— Sam Stepanyan (@securestep9) November 6,...

November 5, 2025

November 5, 2025 Read our latest crazy story on the spy who was so successful at pretending he's someone else that the GRU "killed off" his real persona and...

November 4, 2025

November 4, 2025 We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long...

November 3, 2025

November 3, 2025 VulnIndex — the fastest way to find real security researchhttps://t.co/q8G2JJ5lAW— Swissky (@pentest_swissky) November 2, 2025 Great VSquare...

November 2, 2025

November 2, 2025 Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds and have spawned a philosophical conversation on the...

November 1, 2025

November 1, 2025 Really cool story about the developer of ZeroAccess -The ZeroAccess Developer and His Windows Kernel-Mode...

October 31, 2025

October 31, 2025 Happy Halloween A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited.The attack chain:-...

October 30, 2025

October 30, 2025 NEW: exec at zero-day supplier pleads guilty to selling to buyer in Russia.FBI had warned elite supplier Trenchant about a potential leak in...

October 29, 2025

October 29, 2025 More interposer fun, this time with DDR5 memory. Breaking TDX, SGX, SEV and even Nvidia TEEs. Checkout our work at https://t.co/Jl1dpGnM6J,...

October 28, 2025

October 28, 2025 📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we...

October 27, 2025

October 27, 2025 Spent some time on an old iOS WebKit bug to learn about browser exploitation https://t.co/CDySlTzGM6 pic.twitter.com/0a7maHBU8b— Billy Ellis...

October 26, 2025

October 27, 2025

October 26, 2025 This week I had the pleasure of guest lecturing at both Georgetown University and Johns Hopkins SAIS on the intersection of AI, cyber and...

October 24-25, 2025

October 25, 2025

October 24-25, 2025 This significantly changes the context of the “iOS Vuln dev hacked!” story. It is a clear national security issue, with exploits sold to...

October 23, 2025

October 23, 2025 1/ Who wins in the Information Security AI arms race: Defenders? Attackers? or the new AI tools just cancel each other?Our answer...👇...

October 23, 2025

October 22, 2025

October 23, 2025 1/ Who wins in the Information Security AI arms race: Defenders? Attackers? or the new AI tools just cancel each other?Our answer...👇...

October 22, 2025

October 21, 2025

October 22, 2025 bed overheated because AWS-east was down. but um....... its good because it alerted them to the outage? i dont even know what to do with...

October 20, 2025

October 20, 2025 We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we...

October 18-19, 2025

October 19, 2025

October 18-19, 2025 https://www.antipope.org/charlie/blog-static/2025/10/the-pivot-1.html 1/ UPDATE: South Korea's spy agency has finally broken its silence...

October 16, 2025

October 16, 2025 We learn of a F5 Networks breach by "a highly sophisticated nation-state" from an SEC filing:https://t.co/WwPFNPDjgM— Ryan Naraine...

October 15, 2025

October 15, 2025 My DEFCON talk about cryptomoney laundering techniques is out! At minute 20:30, I demonstrate how I use an AI agent to assist my...

October 14, 2025

October 14, 2025 The plan? At dusk, 50 people went to San Francisco's longest dead-end street and all ordered a Waymo at the same time.The world's first:...

October 12, 2025

October 12, 2025 Christopher Berry, one of the suspects in the China spy case, allegedly had secure communication apps used only by Beijing agents installed...

October 11, 2025

October 11, 2025 Apple's Real World CTF : you get the flag, you get the bountyhttps://t.co/gY6mayzpLy pic.twitter.com/i299t0U6P6— matteyeux (@matteyeux)...

October 9-10, 2025

October 10, 2025

October 9-10, 2025 https://understandingwar.org/research/cognitive-warfare/a-primer-on-russian-cognitive-warfare/ The Discord breach is another example of...

October 8, 2025

October 8, 2025 https://t.co/VswrXw9ZjZ pic.twitter.com/mukGkzNca6— Damin Toell (@damintoell) October 7, 2025 POChttps://t.co/6VziQNQ76p...

October 7, 2025

October 7, 2025 This was an interesting read, but to their credit, I was expecting a bit wider coverage. The coverage of IO in sync with kinetic strikes is...

October 5-6, 2025

October 6, 2025

October 5-6, 2025 GitHub - b1n4r1b01/n-daysContribute to b1n4r1b01/n-days development by creating an account on GitHub. GitHub - stealth/crash: crypted admin...

October 3-4, 2025

October 4, 2025

October 3-4, 2025 There is someone exposing IRGC (Islamic Revolutionary Guard Corps) stuff on GitHub.I'm not a IRGC geopolitical nerd, so I can't assess the...

October 2, 2025

October 2, 2025 Most #CyberSecurity classes focus on Western technology stacks, fueling #APT groups with TTPs to ravage our own networks. We are flipping the...

October 1, 2025

October 1, 2025 Pre-pandemic, the calculus was what the likelihood was of an employee being bribed to insert a USB stick into their work computer at the...

September 30, 2025

September 30, 2025 Just uploaded my RomHack slides about attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it....

September 29, 2025

September 29, 2025 Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year https://t.co/XopOVNmfnc— binaryboy (@b1n4r1b01)...