On the ethical obligation to use LLMs for vulnerability research: https://addisoncrump.info/research/a-horrible-conclusion/

Interesting links of the week:

Strategy:

* https://x-c3ll.github.io/posts/Rant-Red-Team/ - @XC3LL talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card

Threats:

* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - @greynoise discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - @rapid7's excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)

Detection:

* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - @zeek discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - @jmhill describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of @huntress's excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - @da_667's survivors guide to @suricata

Bugs:

* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - @index continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw

Exploitation:

* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ - leaking Signal IDs from @sj
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
* https://secure.dev/securing_ggml_rpc.html - attack and defend on GGML

Hard hacks:

* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon

Hardening:

* https://itsfoss.com/news/amutable-linux-security/ - @pid_eins triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked

#security, #research

It's great to see #EU open tech initiatives popping up, but somehow it feels like we are just **terrible** at making ourselves visible, esp. compared to US.

Like how is anyone supposed find this (otherwise great) project - named "docs" - using a search engine?

https://github.com/suitenumerique/docs/

Even assuming I find this project, how do I search for anything related to it (e.g. install guide)?

Why is the homepage in French by default, without a clearly visible language switcher (also looking at you, @Framasoft )?

Friendly reminder that Binary Ninja aarch64 disassembler is freaking awesome! I need to finish my soft fork of it but I love this one, and it's so fast :-]

https://github.com/Vector35/binaryninja-api/tree/dev/arch/arm64/disassembler

i do not value your privacy, which is why my website does not have any trackers on it what so ever. i have positively no idea if any human being besides myself has ever actually opened my website. your privacy is worth zero dollars to me. you couldn't even pay me to take it away.

RE: https://infosec.exchange/@BleepingComputer/116024815101538859

Such a great example of how one vulnerability can lead to discovering a ton more based almost purely on visibility. I found this 2 days after the first SmarterMail vuln. Three other researchers had identified the bug and reported it, and we only discovered the research collision when they asked us to reserve a CVE.

Under analyzed software vulnerability clustering is really interesting.

[RSS] Pickling the Mailbox: A Deep Dive into CVE-2025-20393

https://starlabs.sg/blog/2026/01-pickling-the-mailbox-a-deep-dive-into-cve-2025-20393/

I could go into history here, but suffice it to say: if someone tries to explain Class A, Class B, or Class C addresses to you, plug your ears and scream at them not to contaminate your brain with information obsoleted more than two decades ago.

[RSS] TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244

https://www.oobs.io/posts/er605-1day-exploit/

Another alleged stalkerware software maker got compromised and someone leaked all their customers on a cybercrime forum.

AMD updates installed without signature checking (from an HTTP link, no less)? /via @drwhax

https://mrbruh.com/amd/

Recent report about a nation-state implant that would be useful to exploit this:

https://blog.talosintelligence.com/knife-cutting-the-edge/

Oooooh SNAP!!! 💥

Prime Minister Pedro Sanchez of Spain:

“First, we will change the law in Spain to hold platform executives legally accountable for many infringements taking place on their sites. This means that CEOs of these tech platforms will face criminal liability […]
Second, we will turn algorithmic manipulation and amplification of illegal content into a new criminal offense. […]
spreading hate must come at a cost.”

Have a great weekend, Elon! 😘

https://www.youtube.com/live/NElqgJ1aXFA?si=M52qiZYBt55KRamm

Here is a sad (and somewhat pathetic, I guess) fact: The new Firefox "smart window" (which is an LLM-based browser), doesn't even use a local or open model, it's literally just Google's models run via their API

Full-Blown Cross-Assembler…in a Bash Script

https://hackaday.com/2026/02/06/full-blown-cross-assembler-in-a-bash-script/

PSA: Did you know that it’s **unsafe** to put code diffs into your commit messages?

Like https://github.com/i3/i3/pull/6564 for example

Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!

This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.

[RSS] Django SQL Injection in RasterField lookup (CVE-2026-1207)

https://vulnerabletarget.com/VT-2026-1207

New Project Zero issue:

Samsung: QuramDng Warp opcodes out-of-bounds read

https://project-zero.issues.chromium.org/issues/462544562

CVE-2026-20973

[RSS] CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall

https://www.thezdi.com/blog/2026/2/4/cve-2025-6978-arbitrary-code-execution-in-the-arista-ng-firewall

When a piece of type gets damaged, it's like a fingerprint that can be used to tie all the work of a printer together, whether or not their name appears on the title page. The Catalog of Distinctive Type is building a database of these fingerprints for Restoration England. https://cdt.library.cmu.edu/