The latest Hacklore newsletter is out. Be sure to subscribe!

Boost for reach! 🙏

https://buttondown.com/hacklore/archive/hacklore-the-valentines-day-edition/

Dear FOSS maintainers,

here’s a list of funding programs currently accepting proposals for maintenance work:

Codeberg: https://codeberg.org/mechko/awesome-maintainer-funding

GitHub: https://github.com/mechko/awesome-maintainer-funding

Thanks to everyone who helped crowdsource it! I’ll keep it updated, issues and PRs are very welcome :)

#opensource #funding #maintenance #foss

First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.

https://mkiesel.ch/posts/lenovo-vantage/

BMW’s latest “innovation” isn’t about performance or safety. It’s a logo-shaped screw designed to keep owners out of their own cars. We dug into the patent, the intent behind it, and why Adafruit is already working on a custom bit to undo BMW’s attempt to block repair. Learn more at the link below.

http://ifixit.com/News/115528/bmws-newest-innovation-is-a-logo-shaped-middle-finger-to-right-to-repair
—
#iFixit #RightoRepair #FixTheWorld

In a joint security notice BfV & BSI warn that a likely state-controlled threat actor is conducting phishing attacks via messaging services such as Signal. The targets are high-ranking individuals in politics, military & diplomacy and investigative journalists in Germany & Europe. https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2026/202602_BfV_BSI_Sicherheitshinweis.html

[RSS] Memory Integrity Enforcement (MIE) on iOS Deep Dive - Part 1 - 8kSec

https://8ksec.io/mie-deep-dive-kernel/

Me: *drinks coffee*
My brain: DRINK MORE COFFEE!!!1

Due to $reasons I came across this blogpost https://www.elttam.com/blog/env/ about turning ENV variables into code execution which is nice. But the Python vector is depending on Perl, I didn't like that :P.

Digging a bit deeper in the code often helps, so it did this time:

Looking at https://github.com/python/cpython/blob/d73634935cb9ce00a57dcacbd2e56371e4c18451/Lib/webbrowser.py#L51-L52 I could simplify the payload to:

PYTHONWARNINGS='module::antigravity.'  BROWSER='sh -c id #%s' python whatever.py

Good news!
We kept aside a few more bundles of training+conference ticket.
To secure your place, send an email to tickets@offensivecon.org or DM us on socials.
Be quick..

Good update to the MSRC leaderboards now that everything is in scope by default: https://www.microsoft.com/en-us/msrc/blog/2026/02/points-to-payouts-evolution-of-microsoft-security-researcher-leaderboard

LLMs are the anti-vax of software and engineering ;-)

In this video, I'm analyzing a really confusing dialog on macOS. Let's dig a bit deeper into what it should do and what it's actually doing. #reverseengineering

https://youtu.be/P7hYg2GpsTk

Recently I switched my music experience from SoundCloud to Bandcamp. I went through my playlists, albums and likes and bought matching tracks on Bandcamp.

At some point I want to delete my SoundCloud account. As they do not offer a data export feature (against GDPR) I created this project to make the export: https://codeberg.org/janikvonrotz/export-soundcloud-data

#SoundCloud #BandCamp #BandCampFriday #stopUsingSpotify #StopUsingSoundCloud #Data #datahoarder #archiving

On the ethical obligation to use LLMs for vulnerability research: https://addisoncrump.info/research/a-horrible-conclusion/

Interesting links of the week:

Strategy:

* https://x-c3ll.github.io/posts/Rant-Red-Team/ - @XC3LL talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card

Threats:

* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - @greynoise discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - @rapid7's excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)

Detection:

* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - @zeek discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - @jmhill describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of @huntress's excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - @da_667's survivors guide to @suricata

Bugs:

* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - @index continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw

Exploitation:

* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ - leaking Signal IDs from @sj
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
* https://secure.dev/securing_ggml_rpc.html - attack and defend on GGML

Hard hacks:

* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon

Hardening:

* https://itsfoss.com/news/amutable-linux-security/ - @pid_eins triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked

#security, #research

It's great to see #EU open tech initiatives popping up, but somehow it feels like we are just **terrible** at making ourselves visible, esp. compared to US.

Like how is anyone supposed find this (otherwise great) project - named "docs" - using a search engine?

https://github.com/suitenumerique/docs/

Even assuming I find this project, how do I search for anything related to it (e.g. install guide)?

Why is the homepage in French by default, without a clearly visible language switcher (also looking at you, @Framasoft )?

Friendly reminder that Binary Ninja aarch64 disassembler is freaking awesome! I need to finish my soft fork of it but I love this one, and it's so fast :-]

https://github.com/Vector35/binaryninja-api/tree/dev/arch/arm64/disassembler

i do not value your privacy, which is why my website does not have any trackers on it what so ever. i have positively no idea if any human being besides myself has ever actually opened my website. your privacy is worth zero dollars to me. you couldn't even pay me to take it away.

RE: https://infosec.exchange/@BleepingComputer/116024815101538859

Such a great example of how one vulnerability can lead to discovering a ton more based almost purely on visibility. I found this 2 days after the first SmarterMail vuln. Three other researchers had identified the bug and reported it, and we only discovered the research collision when they asked us to reserve a CVE.

Under analyzed software vulnerability clustering is really interesting.

[RSS] Pickling the Mailbox: A Deep Dive into CVE-2025-20393

https://starlabs.sg/blog/2026/01-pickling-the-mailbox-a-deep-dive-into-cve-2025-20393/