Archive (Page 9) • the grugq's newsletter

July 3, 2024 We’re honoured to welcome the new team to the Gecko family 🦎 https://t.co/VJPAyEhQVD— Binary Gecko (@Binary_Gecko) July 2, 2024 Today...

July 2, 2024 The woman who predicted the Tết Offensive, but was ignored, passes away at 97 https://t.co/KAqs9OTvcD— Task & Purpose (@TaskandPurpose) July 1,...

July 1, 2024 Pre Auth RCE in OpenSSH. https://www.openwall.com/lists/oss-security/2024/07/01/3 The award-winning Qualys Threat Research Unit (TRU) has...

June 30, 2024 In case you're interested in EQGRP malware, you should take a look at this memory dump of an SBZ implant uploaded from Panama today@X__Junior...

June 29, 2024 q3k :blobcatcoffee:: "It's finally happened! NEWAG IP Management just s…" - Warsaw Hackerspace Social ClubAttached: 1 image It's finally...

June 28, 2024 maybe the funniest explanation for a recall i’ve seen pic.twitter.com/99Ws47l7Dk— beer person (@CantEverDie) June 27, 2024 “Teslas are...

June 27, 2023 Spy in Sweden doesn’t have to pay taxes on his payments from GRU. There you go people, finally a way to earn a tax free income in Scandinavia!...

June 26, 2024 AI associated platforms are one of my 1st targets on internal pentests and red team tests atm. Training web UIs, model GUIs, AI associated web...

June 25, 2024 Today, Julian Assange made a plea deal with the US government. Assange will plead guilty to a felony charge for his role in a major breach of...

June 24, 2024 Thoughts on Strategy, War and AI - by Dr. Heather M. RoffSelf-Reflection, Deception, and Degradation of "The People" (or political and...

June 23, 2024 Memory sealing for the GNU C Library [LWN.net] https://criu.org/Main_Page We recently reported a v8 sbx escape that control RIP directly....

June 22, 2024 “The National Crime Agency (NCA) is weighing up the possibility of taking retaliatory action against Qilin, the Russian-based ransomware gang...

June 21, 2024 New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language...

June 20, 2024 Kraken Security Update:On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially...

June 19, 2024 Fun Twitter search of the day: parsejson creditshttps://t.co/eSd1bAKIyB#bots #chatgpt— Alec Muffett (@AlecMuffett) June 18, 2024 Russia forgot...

June 18, 2024 Hackers who stole Ticketmaster data from Snowflake account appears to have accessed data through a contractor named EPAM Systems. EPAM has...

June 17, 2024 Video of the Keynote talk from last T2 infosec conference in history: 𝒮𝒴𝒮𝒯𝐸𝑀𝒮 𝒜𝐿𝒞𝐻𝐸𝑀𝒴. By @thegrugq. https://t.co/5NrHNuNAmA— @mikko (@mikko)...

June 16, 2024 Here are the slides from my @WarConPL presentation about Large Language Models and their security implications: https://t.co/nqynAfRnCX—...

June 15, 2024 Ea-nasr moves into the titanium market Boeing and Airbus may have used 'counterfeit' titanium in planes, FAA saysThe Federal Aviation...

June 14, 2024 Today’s must read thread. The House Homeland Security Committee is beginning its hearing with Microsoft President @BradSmi about the company's...

June 13, 2024 SoftBank’s new AI makes angry customers sound calm on phone | The Asahi Shimbun: Breaking News, Japan News and AnalysisGood news for call...

June 12, 2024 microsoft: Exploit Code Unporovenme: i literally gave you a compiled PoC and also exploit codem$: No exploit code is available, or an exploit...

June 11, 2024 The New York Times source code leaked by a 4chan userA user on the online forum 4chan has leaked a massive 270GB of data belonging to The New...

June 10, 2024 We have a (draft) @metasploit exploit module in the queue for CVE-2024-4577, the new PHP CGI argument injection vuln disclosed yesterday. h/t...

June 9, 2024 As another dinosaur who knows the ancient dance, I feel you @daveaitel. While I get the need for better tooling, the modern approach of...

June 8, 2024 another day, another BONTO https://t.co/blglxQOfYI pic.twitter.com/EgsIJ8yNaR— not wint (@drilhistorian) June 6, 2024 Breaking News: William...

June 7, 2024 🚨NEW: Last Christmas Eve, @newsbreakApp, a free app with roots in China that is the most downloaded news app in the U.S. published an alarming...

June 6, 2024 Study shows banning false information traffickers online can improve public discourse Post-January 6th deplatforming reduced the reach of...

June 5, 2024 Russian citizens have lost $2.8 billion to phone scammers in 2023. Deputy Board Chairman of Russia Sberbank Stanislav Kuznetsov says the...

June 4, 2024 I recently found an exploitable timing leak in the reference implementation of Kyber (ML-KEM), the soon-to-be NIST standard for post-quantum key...

June 3, 2024 We are happy to share our slides for TyphoonCon 2024 and the exploit code for v8ctf. We hope this will be helpful for those who study browser...

June 1, 2024 I’m not freaking out that the year is half over, you’re freaking out! Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall...

May 31, 2024 SIREN 1: you absolutely cannot make them do it againSIREN 2: I really can i'll do it right nowSIREN 3: is this a nice thing to be doingSIREN 1:...

May 30, 2024 May 22nd security research @GossiTheDog was able to get Microsoft Recall. His wrote a long thread on Mastodon regarding it. The full thread is...

May 29, 2024 Given the recent data released from the publishing industry, I estimate there are ~500 non-celebrity book authors making a living.Meanwhile,...

May 28, 2024 it's so cool that they fed every reddit shitpost into this thing and there's probably no way to fix it now pic.twitter.com/W0I0wjbeAx— lauren...

May 27, 2024 just finished a new blogpost on how i exploited the V8 javascript engine at a CTF!it's a beginner friendly journey from a memory corruption to a...

May 26, 2024 "Spy" is also interchangeable with "idiot".https://t.co/buyTvjpoQ5 via @MailOnline— Dr. Dan Lomas (@Sandbagger_01) May 23, 2024 Great free book...

May 25, 2024 https://www.antipope.org/charlie/blog-static/2024/05/on-mistaking-a-transient-state.html...

May 24, 2024 BORN TO CODEKERNEL IS A FUCKCompile Em All C89I am mailing list man410,757,864,530 CVEs https://t.co/IpCMclFydq— chompie (@chompie1337) May 23,...

May 23, 2024 Google AI overview suggests adding glue to get cheese to stick to pizza, and it turns out the source is an 11 year old Reddit comment from user...

May 22, 2024 Abusing url handling in iTerm2 and Hyper for code execution | Vin01’s BlogWhat are escape sequences My data protection assessment of TLS Session...

May 21, 2024 So you want to get into bug hunting huh? Well this blog post by @assetnote is a perfect example of the flow, the itch, the scratch and...

May 20, 2024 Because Soviets worked to have tight political/civilian control over the nuclear forces one of the challenges was maintaining constant...

May 18, 2024 #ICYMI: IT workers infiltrated more than 300 U.S. companies, earning millions in North Korean illicit revenue generation scheme....

May 17, 2024 A belated writeup about macOS snapshot fuzzing I talked about last year: https://t.co/s4JzidEqm5Builds on @0vercl0k 's WTF and adds loading of...

May 16, 2024 Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach | Ars TechnicaEbury backdoors SSH servers in hosting...

May 15, 2024 I'm back from Offensive Con. Was great to meet up with friends and meet new people. Inside a low budget consumer hardware espionage implant...

May 10-11-12, 2024

May 10-11-12, 2024 I was having too much fun at offensive con to read anything. I wholeheartedly endorse Offensive Con. Had a great time, even if some ppl I...

May 9, 2023 Excited to share my latest article: "Russia’s Declining Satellite Reconnaissance Capabilities and Its Implications for Security and International...