Elastic Security Labs MCP tool research shows how tool-poisoning, orchestration injection, and rug-pulls lead to data exfil & RCE. Includes actionable detections + hardening. Read it if you run agents: go.es.io/3VofX5m

Hacking the Xbox 360 Hypervisor by Ryan M Part 1: System Overview icode4.coffee/?p=1047 Part 2: The Bad Update Exploit icode4.coffee/?p=1081

Hey all, here's my latest blog post: g3tsyst3m.com/fileless%20tec… We'll get to have some fun coding a custom PE loader that downloads and executes our PE in-memory. We'll also take a stab at sneaking past Defender XDR and Sophos XDR. 😸

Had a blast attending and presenting at LABScon 2025 for the second year in a row! If you are curious about BYOVD in UEFI, and how we at BINARLY🔬 uncovered an incomplete patch for a Supermicro BMC bug, check out our talk slides below👇

Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign | unit42.paloaltonetworks.com/operation-rewr… Unit 42

Bypassing TLS Verification on Nintendo Switch by Yannik Marchand reversing.live/sslbypass.html

#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews.  welivesecurity.com/en/eset-resear… 1/6

#Malcat tip #10: analysing backdoored clean software can be hard. A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):

Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat | Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations | dti.domaintools.com/inside-salt-ty… DomainTools

FortiGuard Labs recently observed a phishing campaign designed to impersonate Ukrainian government agencies and deliver additional malware to targeted systems | fortinet.com/blog/threat-re… Fortinet

I absolutely love this paper, so much reverse engineering alpha the researchers who won the rpi hacking challenge came together to describe in detail how they overcame the defenses of a secure-by-design chip, incl. custom laser fault injection and single instruction skips

#EDRFreeze github.com/TwoSevenOneT/E… How does it work? and detection opportunities⤵️ 1⃣"SeDebugPrivege" via administrative access with any members of the Administrators group for example.

VM Protect 3.x — Part 1: Unpacking. whereisr0da.github.io/blog/posts/202… #VMProtect #ReverseEngineering

Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite September 30, 2025, Unit 42 | Palo Alto unit42.paloaltonetworks.com/phantom-taurus/ Unit 42

Research & PoC: FlipSwitch Rootkit A syscall-table hooking technique that works on modern Linux (6.9+), researched for and presented at Virus Bulletin by RemcoS and me. Revives syscall hooking by patching x64_sys_call call sites instead of table entries. elastic.co/security-labs/…

Finally! IDA Python support coming to the Free editions! Huge in the era of getting LLMs to analyze binaries and perform initial RE tasks.

My recent writeup on updates in #Rhadamanthys stealer, along with some scripts that may be helpful in analysis. Check it out!

Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days William Liu Crusaders of Rust posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE willsroot.io/2025/09/ksmbd-…

Blog post is out! Come learn about how I analyzed the latest kernelCTF 1-day submission. This was a vulnerability in the Kernel TLS subsystem. I didn't write a full exploit yet, but Pumpkin 🎃 already gave me some ideas that I will try to implement soon😅 faith2dxy.xyz/2025-10-02/kCT…

A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023- 20869) exploit by Alex Zaviyalov has just been published!