Former Trenchant exec who stole exploits from his employer and sold them to a Russian broker says he was suffering depression & money troubles when he decided to sell the exploits. Also, new info reveals the nature of the work he did for an Australian intel agency before joining Trenchant. My story is linked below. Please consider becoming a paid subscriber if you like my work on this piece. It's 4,000 words and I'm making it available for free to everyone. But I can only do that because some subscribers have generously become paid subscribers.

https://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/?ref=zero-day-newsletter

I came across a reference to #Wazuh in another thread. It looks interesting: an open-source thing that can manage a bunch of compliance requirements.

So I went looking for information about their agent's security. Things I did find:

• Installing it requires root and it appears to run as root.

Things I did not find:

• Any security audit of the agent.
• Any documentation on how they do privilege separation in the agent.
• Any design docs for the agent.
• Any threat model docs for the agent.

Are these things somewhere I missed? Anyone familiar with the project know how they avoid their network-connected-and-highly-privileged thing being an attack vector for client devices? Is it possible to run it sandboxed with read-only access to the system (for reporting violations but not automatically trying to fix them)?

Little Snitch Comes To Linux To Expose What Your Software Is Really Doing https://linux.slashdot.org/story/26/04/09/0617212/little-snitch-comes-to-linux-to-expose-what-your-software-is-really-doing?utm_source=rss1.0mainlinkanon

New, by me at TechCrunch: The developer of the widely popular Wireguard VPN says he is also unable to ship software updates to Windows users after Microsoft locked his account, marking the second high-profile app developer (VeraCrypt) in the past few weeks to face this issue.

https://techcrunch.com/2026/04/08/wireguard-vpn-developer-cant-ship-software-updates-after-microsoft-locks-account/

"Intelligence agencies of Viktor Orbán’s government have been secretly using Webloc — a mass surveillance tool that tracks hundreds of millions of people via smartphone advertising data — making Hungary the first confirmed EU country to deploy it"

https://vsquare.org/orban-spying-toolkit-cobwebs-webloc-hungary-spyware-citizen-lab/

RE: https://infosec.exchange/@josephcox/116374994792773696

To stop leaking your Signal messages:

Signal > Settings > Notifications > Notification Content > Show > “Name only” or “No name or content”

iOS and Android notifications all go through Apple and Google’s servers respectively and are not end to end encrypted. The feds have known and used this for years now.

Edit: That last bit doesn’t affect Signal, my bad. The settings change does still protect from the on-device notification DB storing message preview. See this reply for more info

https://tech.lgbt/@becomethewaifu/116375432389206118

#privacy #PrivacyMatters #cybersecurity

Adobe Reader Zero-Day Exploited for Months: Researcher

https://www.securityweek.com/adobe-reader-zero-day-exploited-for-months-researcher/

rocket propulsion engineers per newton

You can absolutely have an RSS dependent website in 2026 https://matduggan.com/you-can-absolutely-have-an-rss-dependent-website-in-2026/

C and C++ run your OS, your browser, your database, and your critical infrastructure. They're also the easiest languages to get catastrophically wrong.

We wrote down everything a security auditor should check: language-level bug classes, stdlib pitfalls, Linux and Windows issues from usermode to kernel, seccomp sandbox escapes, and ptrace handler race conditions.

One checklist, hundreds of checks. https://appsec.guide/docs/languages/c-cpp/

The RCE I've found in LiteLLM (https://x41-dsec.de/lab/advisories/x41-2026-001-litellm/) is a nice example of how AI agents can speed up security research. The issue was found during a project with strict time constraints by me manually. So I had a Nemesis backed AI agent do auto-triage and find a sandbox escape fully automated. After 20 minutes the job was done including a fully working exploit.

Linus Torvalds, the legend 🔥

#linux

Getting serious ADHD and building software nobody asked.

checksec for Mach-O
https://github.com/ChiChou/macchk

@da_667 just jailbroke my paper white 3 last weekend. Was relatively simple. Great for older models with no Android running on it. Breathed new life into it.

https://kindlemodding.org/jailbreaking/index.html

i released an Atari 2600 demo with some friends at revision this year and managed to win 1st place in the oldskool demo compo! it's been in development for about a year now so was really cool to see it finally out :3
https://demozoo.org/productions/389801/
https://www.youtube.com/watch?v=aEJ0A8Wvdxs

Inherent flaws in node.js remain unpatched. Bobby Gould and Michael DePlante detail the problem and how the burden of security silently falls on app developers. https://www.zerodayinitiative.com/blog/2026/4/8/nodejs-trust-falls-dangerous-module-resolution-on-windows