Interesting links of the week:

Strategy:

* https://www.ofcom.org.uk/siteassets/resources/documents/consultations/7986-cfi-security-resilience/annexes/detica-report.pdf?v=334114 - the start of OFCOM's journey to improve telecomms (from 2013)
* https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far - sometimes it's okay for NCSC to be deceptive
* https://arxiv.org/pdf/2512.03641 - modelling adversary decisions
* https://www.ncsc.gov.uk/blog-post/what-makes-a-responsible-cyber-actor - NCSC discuss responsible threat actors
* https://www.interface-eu.org/publications/cyber-red-flags - just what makes an irresponsible threat actor
* https://www.csis.org/analysis/criteria-cyber-situational-awareness - what does situational awareness mean in cyber
* https://www.redteammaturity.com/ - a maturity model for red teams
* https://redteam.guide/ - a handy guide to red team capability
* https://engage.mitre.org/ - if ATT&CK is operational, where do you start with forward planning your operational capability

Standards:

* https://www.rfc-editor.org/rfc/rfc6918.html - deprecating the fun bits of ICMP

Threats:

* https://medium.com/@meeswicky1100/unmasking-a-new-dprk-front-company-dredsoftlabs-bf9ed544d690 - beware of DredSoftLabs, a North Korean enterprise
* https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/ - CrowdStrikes latest missive on naughty pandas

Detection:

* https://api.gcforum.org/api/files/public/upload/c77233d5-139d-4fbd-a1a4-793a6f29916b_STC-report.pdf - spotting spoofed callers

Exploitation:

* https://scrapco.de/ - fun projects from @buherator
* https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/ - spoofing the printer
* https://zplin.me/papers/GREBE.pdf - deep dive on Linux kernel bugs and exploitability
* https://faith2dxy.xyz/2025-11-28/extending_race_window_fallocate/ - winning races with the Linux kernel

Hard hacks:

* https://ioninja.com/ - manipulating protocols at the bits and bytes
* https://blog.byteray.co.uk/critical-vulnerabilities-in-rut22gw-industrial-lte-cellular-routers-f4eb8768feb7 - LTE modems go brrrrrrr
* https://mp.weixin.qq.com/s/mfXBJmTuDsE5Y5ufbffkjw?poc_token=HL9bPGmjQcx4HjY2q6nc3pvfsIFWuwnJf-vGJx33 - attacking the Globalstar uplink

Nerd:

* https://oswatcher.github.io/frontend/ - how Windows has changed over time
* https://social.coop/@eb/115646613032814668 - @eb's prompt for F/OSS projects

#security, #research

[RSS] ActivID administrator account takeover : the story behind HID-PSA-2025-002

https://www.synacktiv.com/publications/activid-administrator-account-takeover-the-story-behind-hid-psa-2025-002.html

When seven German journalist students do a better job of tracking down the sources of the drone flights over Europe than the security services...

https://www.digitaldigging.org/p/they-droned-back

...on the topic of argv[0] being mutable https://social.treehouse.systems/@grawity/114910244850655560

Day 12 of Advent of Compiler Optimisations!

Your loop checks the same condition every iteration, even though it never changes. Seems wasteful, right? The compiler thinks so too—and its solution is something that sounds completely backwards. Making your code bigger to make it faster? What's the trick?

Read more: https://xania.org/202512/12-loop-unswitching
Watch: https://youtu.be/-VCrYshE7iQ

#AoCO2025

@VoltPaperScissors The DMV sloth with a painfully slow stamping hand from Zootopia? :D

@algernon On what ground?

@VoltPaperScissors Slowloris!

Free Micropatches for Windows Remote Access Connection Manager DoS (0day)
https://blog.0patch.com/2025/12/free-micropatches-for-windows-remote.html

@uint8_t @karotte @gsuberland

@dey "flying in airplanes used
to be fun, but now it resembles a dystopian bin-packing problem in which
humans, carry-on luggage, and five dollar peanut bags compete for real estate while crying children materialize from the ether and make obscure demands in unintelligible, Wookie-like languages while you fantasize about who you won’t be helping when the oxygen masks descend."

Hope this cheers you up :) https://www.usenix.org/system/files/1309_14-17_mickens.pdf

"Base Score: 9.8 (Critical)"

https://hackerone.com/reports/3462525

If you just updated React / NextJS for #react2shell , you now get to update again. Two additional vulnerabilities identified in follow-up work were just published: CVE-2025-55183 (DoS), CVE-2025-55184 (Source Code Exposure)

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

https://nextjs.org/blog/security-update-2025-12-11

[RSS] The FreePBX Rabbit Hole: CVE-2025-66039 and others

https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/

[RSS] exploits.club Weekly(ish) Newsletter 93 - Old QEMU Bugs, Android Auto Bluetooth PoCs, BeeStation P20, and More

https://blog.exploits.club/exploits-club-weekly-ish-newsletter-92-s23-n-day-pocs-printer-overflows-dng-oob-writes-and-more-2/

@Viss you don't really talk about it because 1) NDA 2) you look at the damn code all the time?

@mttaggart I thought the "can't be bothered" needs a bit more nuance, that's all

Finally pushed an update to my #DecemberAdventure

tl;dr life is distracting and having a young kid makes this harder to keep-up with

https://git.sr.ht/~louismerlin/december-adventure

@mttaggart Hiring is hard though, esp for SMBs. And at that level you are proper f'd if the guy says bye after a year for whatever reason. SaaS/cloud is more reliable than that.

Exim 4.99: Remote heap corruption https://www.openwall.com/lists/oss-security/2025/12/10/1
In vulnerable configurations, a remote, unauthenticated attacker can achieve heap corruption. No exploit for remote code execution yet, but it may be possible. No further details published yet, until the fix goes public.