PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026 outflank.nl/blog/2026/01/0…

THE CHINESE GOVERNMENT USED MICROSOFT WARBIRD APIS FOR OBFUSCATION > proof-of-concept by Michael B. in 2023 > 30 stars on GitHub > 62 likes on Xitter This is fucking FIRE research. Insanely slept on research. I am FLABBERGASTED.

I'm happy to introduce the official YARA language server for Visual Studio Code. virustotal.github.io/yara-x/blog/in… Many thanks to Albert Tikaiev for putting the first stone in this initative (github.com/prosperritty)

China just released a desktop automation agent that runs 100% locally. It can run any desktop app, open files, browse websites, and automate tasks without needing an internet connection. 100% Open-Source.

‘People don't realise how hard it is to speak the truth to a world full of people who don't realise they're living a lie’ - Edward Snowden

Meet GLM-4.7-Flash-Claude-Opus-4.5-High-Reasoning-Distill: a distilled reasoning powerhouse. This GGUF model combines GLM architecture with Claude-level reasoning, distilled for efficiency. It's like getting premium reasoning in a lightweight package. Perfect for local

GUI for fine-tuning LLMs without code github.com/h2oai/h2o-llms…

Vulnerability research is the loneliest job in the world.

hacktron.ai/blog/hacking-g…

New Distribution Methods of ROKRAT Malware #APT37 Unlike previous attack chains that progressed from LNK-dropped BAT scripts to shellcode, this case confirms the use of newly developed Dropper and Downloader malware to deliver shellcode and the ROKRAT payload.

Ladies and gentlemen - here is a Notepad* RCE you've always wondered whether it was possible. msrc.microsoft.com/update-guide/v… *Well, the modern, AI-powered one.. Who could have thought that with more features you bring more bugs.

Released ClickOnceBlobber - ClickOnce + AppDomain Manager Injection + ProxyBlob for initial access. Signed host exe (no MoTW), trusted process loading, all traffic over HTTPS to Azure Blob Storage. Detailed blog post dropping in the coming weeks. github.com/dazzyddos/Clic…

Anthropic reveals its cybersecurity domination strategy. Claude and Gemini scored equally on cybersecurity tasks, but Claude Code scaffold showed its superiority. wiz.io/cyber-model-ar… Wiz just launched the AI Cyber Model Arena. 257 real-world challenges across five offensive

''The Ultimate Guide to Windows Coercion Techniques in 2025'' #infosec #pentest #redteam #blueteam blog.redteam-pentesting.de/2025/windows-c…

After a long time, Nidhogg v2.0 is finally released. The project is already 4 years old and has evolved drastically over the years, which led to inconsistencies and lots of bugs. See the full changes and reasoning here: github.com/Idov31/Nidhogg 1/6

If you're interested in Windows kernel exploitation, there is a new technical post live on our blog exploitpack.com/blogs/news/byp… #WindowsInternals #KernelExploitation #CyberSecurity #VBS #HVCI #ReverseEngineering #ExploitDevelopment #MalwareAnalysis #RedTeam #WindowsKernel #InfoSec

Endpoint Evasion Techniques (2020–2025): The Evolution of Attacks Bypassing EDR windshock.github.io/en/post/2025-0…

It's more OpenClown than OpenClaw to me. 🤡

Microsoft Defender researchers have identified a technique called AI recommendation poisoning, a type of AI memory poisoning attack where hidden instructions are embedded in “Summarize with AI buttons”. msft.it/6018QV9Sj These instructions, injected using URL prompt

Yo , a new blog post about persistence techniques Windows:Registry, Scheduled Tasks, WMI, DLL Hijacking Linux:cron, SSH Keys, LKM macOS: LaunchAgents, Dylib Hijacking Cloud: IAM Abuse, Kubernetes Inspired by Volt Typhoon, Lazarus Group, APT29. 0xdbgman.github.io/posts/persiste…