Interesting links of the week:
Strategy:
* https://www.ofcom.org.uk/siteassets/resources/documents/consultations/7986-cfi-security-resilience/annexes/detica-report.pdf?v=334114 - the start of OFCOM's journey to improve telecomms (from 2013)
* https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far - sometimes it's okay for NCSC to be deceptive
* https://arxiv.org/pdf/2512.03641 - modelling adversary decisions
* https://www.ncsc.gov.uk/blog-post/what-makes-a-responsible-cyber-actor - NCSC discuss responsible threat actors
* https://www.interface-eu.org/publications/cyber-red-flags - just what makes an irresponsible threat actor
* https://www.csis.org/analysis/criteria-cyber-situational-awareness - what does situational awareness mean in cyber
* https://www.redteammaturity.com/ - a maturity model for red teams
* https://redteam.guide/ - a handy guide to red team capability
* https://engage.mitre.org/ - if ATT&CK is operational, where do you start with forward planning your operational capability
Standards:
* https://www.rfc-editor.org/rfc/rfc6918.html - deprecating the fun bits of ICMP
Threats:
* https://medium.com/@meeswicky1100/unmasking-a-new-dprk-front-company-dredsoftlabs-bf9ed544d690 - beware of DredSoftLabs, a North Korean enterprise
* https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/ - CrowdStrikes latest missive on naughty pandas
Detection:
* https://api.gcforum.org/api/files/public/upload/c77233d5-139d-4fbd-a1a4-793a6f29916b_STC-report.pdf - spotting spoofed callers
Exploitation:
* https://scrapco.de/ - fun projects from @buherator
* https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/ - spoofing the printer
* https://zplin.me/papers/GREBE.pdf - deep dive on Linux kernel bugs and exploitability
* https://faith2dxy.xyz/2025-11-28/extending_race_window_fallocate/ - winning races with the Linux kernel
Hard hacks:
* https://ioninja.com/ - manipulating protocols at the bits and bytes
* https://blog.byteray.co.uk/critical-vulnerabilities-in-rut22gw-industrial-lte-cellular-routers-f4eb8768feb7 - LTE modems go brrrrrrr
* https://mp.weixin.qq.com/s/mfXBJmTuDsE5Y5ufbffkjw?poc_token=HL9bPGmjQcx4HjY2q6nc3pvfsIFWuwnJf-vGJx33 - attacking the Globalstar uplink
Nerd:
* https://oswatcher.github.io/frontend/ - how Windows has changed over time
* https://social.coop/@eb/115646613032814668 - @eb's prompt for F/OSS projects
When seven German journalist students do a better job of tracking down the sources of the drone flights over Europe than the security services...
...on the topic of argv[0] being mutable https://social.treehouse.systems/@grawity/114910244850655560
Day 12 of Advent of Compiler Optimisations!
Your loop checks the same condition every iteration, even though it never changes. Seems wasteful, right? The compiler thinks so too—and its solution is something that sounds completely backwards. Making your code bigger to make it faster? What's the trick?
Read more: https://xania.org/202512/12-loop-unswitching
Watch: https://youtu.be/-VCrYshE7iQ
Free Micropatches for Windows Remote Access Connection Manager DoS (0day)
https://blog.0patch.com/2025/12/free-micropatches-for-windows-remote.html
If you just updated React / NextJS for #react2shell , you now get to update again. Two additional vulnerabilities identified in follow-up work were just published: CVE-2025-55183 (DoS), CVE-2025-55184 (Source Code Exposure)
Finally pushed an update to my #DecemberAdventure
tl;dr life is distracting and having a young kid makes this harder to keep-up with
Exim 4.99: Remote heap corruption https://www.openwall.com/lists/oss-security/2025/12/10/1
In vulnerable configurations, a remote, unauthenticated attacker can achieve heap corruption. No exploit for remote code execution yet, but it may be possible. No further details published yet, until the fix goes public.