Supply chain attack on eScan antivirus

https://securelist.com/escan-supply-chain-attack/118688/

A threat that many people have warned about for a long time. A bit ironic to read this on Kaspersky's site...

h/t @zh4ck

#Ghidra 12.0.2 released

Change History:

https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_12.0.2_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.md

Interesting links of the week:

Strategy:

* https://www-tokio--dr-jp.translate.goog/thinktank/acd/acd-007.html - active defense in .jp
* https://www.cambridge.org/core/books/securing-democracies/stacking-up-for-resilience/EB2072FAE9F97CF41B568B1C4AAFC190 - building digital resilience ala India
* https://www.csis.org/analysis/civil-takedowns-missing-legal-framework-cyber-disruption - avoiding disruption when performing takedowns
* https://breakmeifyoucan.com/
https://sabsa.org/w105-sabsa-enterprise-security-architecture-principles/ - constructing a security architecture using SABSA principles
* https://www.ncsc.gov.uk/collection/how-to-prepare-and-plan-your-organisations-response-to-severe-cyber-threat-a-guide-for-cni - NCSC guidance on how to not get yourself in a panic
* https://home.treasury.gov/system/files/136/G7-CEG-Quantum-Roadmap.pdf - a roadmap for quantum

Standards:

* https://www.etsi.org/deliver/etsi_en/304200_304299/304223/02.01.01_60/en_304223v020101p.pdf - ETSI standards on AI in public life

Threats:

* https://ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/before-vegas-cyberdefense-report.pdf - understanding .cn hackers in long form
* https://www.bitsight.com/blog/what-is-y2k38-problem - do you even 2038?

Detection:

* https://it4sec.substack.com/p/detect-rogue-cell-towers-for-50-who - hunting rogue radios
* https://www.detectionengineering.net/ - a nice news feed for detection engineers
* https://github.com/OpenTideHQ/.github/blob/main/profile/OpenTide%20White%20Paper.pdf - paper on OpenTIDE
* https://huggingface.co/datasets/CIRCL/vulnerability-cwe-patch - enriching bug classifications
* https://arxiv.org/abs/2402.15147 - mapping techniques
* https://www.huntress.com/blog/ldap-active-directory-detection-part-three - @huntress discuss AD's LDAP logs
* https://api.gcforum.org/api/files/public/upload/523c55f1-b24a-4824-a841-b513c2aca3bc_Practical-Threat-Detections.pdf - getting the most from your telco logs

Bugs:

* https://www.zerodayinitiative.com/advisories/ZDI-26-020/ - why are LLMs so quick to oopsie
* https://www.interruptlabs.co.uk/articles/when-nas-vendors-forget-how-tls-works - TLS is hard
* https://projectzero.google/2026/01/pixel-0-click-part-1.html - taking over the world, Pixel by Pixel
* https://projectzero.google/2026/26/windows-administrator-protection.html - @tiraniddo beats up admins
* https://whisperpair.eu/ - BTLE gets another bad report
* https://www.atredis.com/blog/2026/1/26/generals - exploiting games for fun, high scores and remote tank execution
* https://fortiguard.fortinet.com/psirt/FG-IR-26-060 - FortiCloud makes a splash

Exploitation:

* https://www.synacktiv.com/publications/pentesting-cisco-aci-lldp-mishandling - kicking Cisco's ACI tyres
* https://shazzer.co.uk/blog/distributed-fuzzing-crowdsourced-browser-testing - scaling browser fuzzing from @gaz
* https://dl.acm.org/doi/10.1145/3776743 - inferring grammar from parsing
* https://arxiv.org/abs/2601.01592 - breaking multi-model AI

Hard hacks:

* https://jyn.dev/remotely-unlocking-an-encrypted-hard-disk/ - picking the hard disk lock

#security, #research

Someone knows Bash disgustingly well, and we love it.

Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.

This research fuels our technology, enabling our clients to accurately determine their exposure.

https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340

Technology should serve you, not trap or burden you.

#Kagi #Comics

🔴 Clift: a new MLIR dialect for decompiling C

Clift is the AST-like IR that the rev.ng decompiler uses as the last stage before emitting C code.

Clift is an MLIR dialect, a sort of "meta IR" that enables you to define your own types and instructions

Good news. We just published the Firefox Security & Privacy newsletter for 2025 Q4

https://attackanddefense.dev/2026/01/30/firefox-security-privacy-newsletter-2025-q4.html

Very important post by @kagihq (feel free to ignore the AI CEO-speak at the beginnig):

Waiting for dawn in search: Search index, Google rulings and impact on Kagi

https://blog.kagi.com/waiting-dawn-search

Feels like Sun spot activity is wild today...

As developing a decent QA process for Linux distros seems to be impossible I don't get how enabling automatic updates by default seemed like a reasonable thing to do...

This is wild, there have been changes on the Cain&Able repository lately (yes that tool you used in your first IT security hands-on class 20 years ago) https://github.com/xchwarze/Cain #itsecurity #hacking

County Pays $600,000 To Pentesters It Arrested For Assessing Courthouse Security https://it.slashdot.org/story/26/01/29/2147207/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security?utm_source=rss1.0mainlinkanon

Cable modem died, yaay...

RE: https://tech.lgbt/@ShadowJonathan/115979646528496303

Give me Universal Basic Income and watch me obsessively plant fruit and nut trees in the entire city.

rustc be like

RE: https://mas.to/@pooh/115980278517566505

Hey Hey, People.

Just updated my book-in-progress - Suricata: An Operator's guide.

This update finally closes out chapter 7, a scenarios/exercises chapter to help readers grasp the concepts of threat research and data pivoting, and how the data acquired gets turned into Suricata rules.

There are three scenario exercises in total:

Scenario 1: PolarEdge Botnet
Scenario 2: Myth Stealer
Scenario 3: Oyster backdoor

As always, the book is available for free, and I'm not expecting anyone to pay for my half-finished work. Download a copy here:

https://leanpub.com/suri_operator

the exercises chapter is made much more fun for readers, if they can follow along, so I've updated the github supplementaries repo with pcaps for both the second and third exercise. You can find that repo here:

https://github.com/da667/Suricata-An-Operators-Guide-Supplementaries

Future plans:

Chapter 8 is going to be another somewhat hands-on chapter, where readers learn how to "throw" and capture pcaps of proof-of-concept exploits, and/or forge their own pcaps based on threat research write-ups. I'm not 100% sure which CVEs/vulns I'll be picking on here, but I'll be doing three of them, just for some variety.

As a former K-12 technology educator, let me break this down for you. If a "toy" comes with an app, it isn't a toy; it's a data collection mechanism, and likely a brand loyalty engine.

Kids don't need these things. In fact, they're much, much better off without them.

https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/

[RSS] How to bisect Linux Kernel build and boot failures with TuxMake and TuxRun

https://www.linaro.org/blog/how-to-bisect-linux-kernel-build-and-boot-failures-with-tuxmake-and-tuxrun/

Comodo has some newer MDM products they cannot, surprise-surprise, adequately protect from abuse.

*.itsm-us1.comodo[.]com (US)
*.cmdm.comodo[.]com (EU)
*.mdmsupport.comodo[.]com (legacy)

https://russianpanda.com/The-Abuse-of-ITarian-RMM-by-Dolphin-Loader

#rmm

"A common fallacy is to assume authors of incomprehensible code will somehow be able to express themselves lucidly and clearly in comments."
– @kevlin

"... or prompts." I would like to add.