Interesting Git repos of the week:

Detection:

* https://github.com/hasamba/DFIR-Companion - incident support 🤖
* https://github.com/GyulyVGC/sniffnet - that packer smells kinda funny 👃

Bugs:

* https://github.com/0xHossam/UnCanny - the bullying of NTLM must stop!
* https://github.com/prdgmshift/usbliter8 - A12/A14 SecureROM exploit
* https://github.com/rub-softsec/onelogon - stealing AD creds via Netlogon
* https://github.com/bikini/exploitarium - fresh bugs today

Exploitation:

* https://github.com/MazX0p/LACUNA-Chain - build your own stack and profit
* https://github.com/Shac0x/Wonka - like picking LSASS's wallet for tickets
* https://github.com/netinvent/windows_tools - there's a snake coming through the window
* https://github.com/mitre/grid-watch - MITRE's CTID lab for OT 🤖

Hard hacks:

* https://github.com/datalocaltmp/Peepo - @datalocaltmp's primitive attacks on watchOS 🤖
* https://github.com/hacefresko/forticrack_v8 - unpack that Fortinet firmware

Data:

* https://github.com/idaholab/raven - tools for risk modeling

Development:

* https://github.com/uellenberg/Insert - you wanna write self modifying code? how about a language where it's a first class feature?

Nerd:

* https://github.com/maestro-os/maestro - a Linux-like kernel in Rust

#security, #research, #code

Are we there yet?
Version 1 - 27 June 2026

"The question: has AI-assisted vulnerability discovery become a genuinely new kind of offensive capability — or is it the same work as before, now automated and far cheaper?

The distinction decides the right policy response: a new capability class would justify containing it (export controls, deployment gates), while mere automation calls for absorbing it (defensive tooling, faster patching, hardening)."

https://tzafaar.codeberg.page/other/are-we-there-yet.html

What do you think?

Secret Panel HERE 🫂 https://patreon.com/mrlovenstein/posts/keeping-it-real-26175234

TIL a 9-year-old girl researched the decibel levels of public hand dryers after noticing her ears were ringing after using one. Nearly 4 years later, her research was accepted into the Canadian journal Paediatrics & Child Health, and Dyson planned to have her meet with an acoustic engineer.

https://abcnews.com/GMA/Wellness/13-year-girls-research-showing-hand-dryers-harm/story?id=64237013
#til #todayilearned
https://www.reddit.com/r/todayilearned/comments/1ufpr3g/til_a_9yearold_girl_researched_the_decibel_levels/

[RSS] What does it mean when the bottom bit of my HMODULE is set?

https://devblogs.microsoft.com/oldnewthing/20260619-00/?p=112447

New vulnerability report from Talos:

vtk vtk-dicom vtkDICOMItem::FindDataElementOrInsert heap-based buffer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2366

CVE-2026-22879

IDA 9.4 teasers continue with two new navigation features:
1️⃣ Jump Anywhere is now the default G dialog — search functions, names, types, and segments in one box with live previews.
2️⃣ Pathfinder, a new tool for asking "can this code reach that?" directly from the xref graph.

Read the blog for the full breakdown.
👉 https://hex-rays.com/blog/ida-9.4-smarter-navigation-and-quality-of-life-improvements

[RSS] Coverage bitmap [Build simple #fuzzer series]

https://carstein.github.io/rust/2026/06/07/coverage-bitmap.html

Just stop using LastPass already, folks.

https://blog.lastpass.com/posts/klue-supply-chain-incident-and-lastpass-response

When EPA isn't EPA'ing: What Tools Like Certify, Certipy and checkMSSQLStatus.py miss https://www.abdulmhsblog.com/posts/pitfallswithepa/

Note to self: if you think extensions will be sufficient to distinguish between files in a directory, start reorganizing into subdirectories

Slides from my #Troopers26 talk "Get in Loser, We're Upgrading the Internet -- Lessons from Deploying Post-Quantum Cryptography across Akamai's global Content Delivery Network"

https://www.netmeister.org/misc/troopers26.pdf

This malware is pretty cool, it took me a while to get to the 4th obfuscation layer myself in IDA even when using a deobfuscation plugin myself, mixes its own obfuscated code deep in legitimate "goodware" code, uses lots of MBAs, has anti-VM tricks. High quality malware.

https://www.elastic.co/security-labs/oxloader-malware-loader-infostealer

#malware #ida #reversing #reverseengineering

https://www.twitch.tv/curlhacker is live, the presentation starts in a few minutes

all the hackerone reports for the curl 8.21.0 vulnerabilities are now public

Keeping the Web Open and Private in the Bot Era

In which an AI peddler suggests that to solve the bot problem we should perhaps enact some funky workaround that involves such reputable companies and projects like Cloudflare, Mozilla Firefox, Google Chrome, and Microsoft Edge (all of them ran by companies staunchly resisting the root cause of the Crawler problem: AI).

If we'd all just use PACT, we would be able to efficiently block the bots! Except, of course, if you're running an unsupported browser, and have not sent enough signals back home that you're a human.

But sure, sure. Lets use a klunky workaround that doesn't exist, wouldn't work, instead of addressing the problem in the first place.

How utterly predictable, how utterly disappointing nevertheless.

#algernonReviewsHackerNews

Common PKCS#7 / CMS parsing issues in OpenSSL, WolfSSL, Bouncy Castle, & GnuPG

https://blog.calif.io/p/how-to-format-a-ciphertext

From this oss-sec thread:
https://seclists.org/oss-sec/2026/q2/1000

CVE-2026-34182 CVE-2026-5500

This is a fun one :)

[CVE-2026-50160] Hoppscotch: Unauthenticated JWT Secret Overwrite

https://seclists.org/oss-sec/2026/q2/1007

"The POST /v1/onboarding/config endpoint allows an unauthenticated attacker to inject arbitrary InfraConfig keys including JWT_SECRET and SESSION_SECRET"

RE: https://rivals.space/@fedilucie/116795256258407496

I heard Joe Armstrong give a talk for forty minutes once and I walked out permanently converted to this way of thinking. Use queues. Queues only. NULL was not a billion-dollar mistake, NULL can be made sanitary. Memory-sharing multithreading was the billion dollar mistake.

New vulnerability report from Talos:

GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411

CVE-2026-12488