2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#info
#Events
#MLSecOps
[un]prompted 2026:
The AI Security Practitioner Conference,
March 3-4, The Hibernia, San Francisco.
https://github.com/ethanolivertroy/unpromptedcon-2026-slides
// 49 slide decks from talks across both days and both stages, covering AI agents, offensive AI, LLM security, governance, and the agentic future
#Whitepaper
#Offensive_security
"Leveraging Generative AI for Password Cracking Efficiency Under Resource Constraints", Jan. 2026.
// The purpose of this research is to investigate whether GenAI can alleviate the hardware and financial burdens of password cracking/recovery while maintaining or even improving cracking success rates...
#tools
#Threat_Research
"ProHunter: A Comprehensive APT Hunting System Based on Whole-System Provenance", Mar. 2026.
// ProHunter - efficient and accurate provenance-based APT hunting system with a platform-independent design
#AppSec
1⃣ Intego X9: Never trust my updates
https://blog.quarkslab.com/intego_lpe_macos_3.html
// Multiple vulnerabilities in Intego's macOS products enable privilege escalation through XPC flaws, race conditions, and insecure updates
2⃣ LLVM Adventures: Fuzzing Apache Modules
https://pwner.gg/blog/2026-03-20-apatchy
// Apatchy - LLVM-based fuzzing framework for Apache HTTPD with advanced coverage analysis, and a modular build system
3⃣ A Copy-Paste Bug That Broke PSpice AES-256 Encryption
https://jtsylve.blog/post/2026/03/18/PSpice-Encryption-Weakness
// Bug in PSpice's AES-256 mode reduces its effective keyspace from 2^256 to 2^32, enabling rapid brute-force attacks that compromise encrypted models
#reversing
#Tech_book
#Cyber_Education
"Windows Debugging, Disassembling, Reversing:
Practical Foundations. Training Course",
Third Edition, 2025.
// Another bestseller from a subject-matter leader...
#AIOps
#Infosec_Standards
Agent Control Protocol:
Technical Specification and Reference Implementation, v.1.13, Mar. 2026.
]-> Specification and implementation
// Cryptographically verifiable authorization architecture for autonomous AI agents
#Malware_analysis
1⃣ AI Wrote This Malware:
Dissecting the Insides of a Vibe-Coded Malware Campaign
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ai-written-malware-vibe-coded-campaign
2⃣ Fake Telegram Malware Campaign: Analysis of a Multi-Stage Loader Delivered via Typosquatted Websites
https://labs.k7computing.com/index.php/fake-telegram-malware-campaign-analysis-of-a-multi-stage-loader-delivered-via-typosquatted-websites
3⃣ Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
https://www.trendmicro.com/en_us/research/26/c/dissecting-a-warlock-attack.html
#tools
#NetSec
#WebApp_Security
"Reducing Excessive Trust in the Web PKI Ecosystem", 2026.
// examines the possibility of developing an add-on for mitmproxy project to add drift detection for root CA certificates, incorporate policy-based controls over which CAs are allowed, and leverage an ensemble of existing technologies to reduce the level of trust placed in the public Web PKI. The result is a PoC tool, CertGuard, that provides a higher-security browsing experience and enables security - conscious users to make more informed risk decisions when browsing the web
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Mar.7-14, 2026)
1⃣ YARA-X 1.14.0 Release
// A rewrite of YARA in Rust
2⃣ RCE in Nextcloud Flow via vulnerable Windmill version
// CVE-2026-29059
3⃣ Analyzing "Zombie Zip" Files (CVE-2026-0866)
// The trick is to change the compression method to STORED while the contend is still DEFLATED: a flag in the ZIP file header states the content is not compressed, while in reality, the content is compressed
4⃣ How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit
// An authentication bypass in FreshRSS, a self-hosted RSS aggregator. It is a good example of how over-engineering can hurt the security of an application
5⃣ OpenAI Codex Security AI agent
// Available in research preview format
6⃣ On the Effectiveness of Mutational Grammar Fuzzing
// More coverage does not mean more bugs. Mutational grammar fuzzing tends to produce samples that are very similar
7⃣ AEGIS v.0.9.1
// EDR for AI Agents
]-> Analytical review (Feb.28-Mar.7, 2026)
#Infosec_Standards
"SL5 Standard for AI Security",
Ver. 0.1, Mar. 2026.
]-> OSCAL Profile (JSON)
// A NIST SP 800-53 overlay for frontier AI infrastructure achieving nation-state-level security by 2028/2029
#Malware_analysis
1⃣ The ExifTool vulnerability:
how an image can infect macOS systems
https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362
2⃣ 5 Malicious Rust Crates Posed as Time Utilities to Exfiltrate .env Files
https://socket.dev/blog/5-malicious-rust-crates-posed-as-time-utilities-to-exfiltrate-env-files
3⃣ New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering
https://www.bluevoyant.com/blog/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering
4⃣ Uncovering a phishing campaign abusing MS Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and MS365
https://newtonpaul.com/blog/device-code-phishing-campaign
5⃣ BeatBanker: A dual‑mode Android Trojan
https://securelist.com/beatbanker-miner-and-banker/119121
#CogSec
#Analytics
"How Effective Are Publicly Accessible Deepfake Detection Tools? A Comparative Evaluation of Open-Source and Free-to-Use Platforms", Mar. 2026.
// This paper presents the first cross-paradigm evaluation of six tools, spanning two complementary detection approaches: forensic analysis tools (InVID \& WeVerify, FotoForensics, Forensically) and AI-based classifiers (DecopyAI, FaceOnLive, Bitmind)
#MLSecOps
#Sec_code_review
"SecCodeBench-V2 Technical Report", Feb. 2026.
// SecCodeBench-V2 (SCBv2) - benchmark for evaluating LLM copilots’ capabilities of generating secure code. SCBv2 adopts a function-level task formulation: each scenario provides a complete project scaffold and requires the model to implement or patch a designated target function under fixed interfaces and dependencies. For each scenario, SCBv2 provides executable PoC test cases for both functional validation and security verification. All test cases are authored and double-reviewed by security experts, ensuring high fidelity, broad coverage, and reliable ground truth
#Research
#MLSecOps
"Real Money, Fake Models: Deceptive Model Claims in Shadow APIs", Mar. 2026.
// Through multidimensional auditing of three representative shadow APIs across utility, safety, and model verification, we uncover both indirect and direct evidence of deception practices in shadow APIs
#Whitepaper
"Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk", 2026.
// Insider threat (employees intentionally sabotaging, damaging, or otherwise disrupting operations) is an ongoing and increasing concern for most organizations. At the same time, organizations are rapidly expanding their adoption of LLMs. LLMs exhibit traits designed to increase engagement in human-AI interaction
#tools
#AIOps
#MLSecOps
"Auditing MCP Servers for Over-Privileged Tool Capabilities", Mar. 2026.
// MCP Tools Detection provides a comprehensive, multi-layered defense mechanism combining static code analysis (AST-based) with dynamic runtime monitoring (eBPF-based) to identify malicious or vulnerable MCP servers before they can compromise an agentic workflow
#Whitepaper
#Blue_Team_Techniques
"Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs", Mar. 2026.
// Linux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known APTs such as Sandworm. This research evaluates the effectiveness of Sysmon for Linux in detecting Sandworm TTPs compared to the more established Linux auditd
See also:
]-> The Sysmon Community Guide, v.2.0, Dec.2025
#tools
#DFIR
#Research
#Whitepaper
"Assessing the Impact of Memory Acquisition on Key Windows Artifacts", Feb. 2026.
// This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders
#Infosec_Standards
NIST SP 800-81 Rev.3:
"Secure Domain Name System (DNS) Deployment Guide", March 2026.
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Mar.14-21, 2026)
1⃣ More IP KVM Vulnerabilities
// 9 vulnerabilities across 4 vendors turn low-cost IP-KVMs into attack platforms
2⃣ Perseus Android Malware
// Perseus highlights the continued evolution of Android malware, demonstrating how modern threats build upon established families like Cerberus/Phoenix while introducing targeted improvements
3⃣ The Proliferation of DarkSword
// Google's TI uncovered DarkSword, a sophisticated iOS exploit chain using six 0-days since 2025, targeting users in multiple countries with JavaScript-based payloads
4⃣ A 32-Year-Old Bug Walks Into A Telnet Server
// GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE
5⃣ Vulnerabilities in snapd and Rust Coreutils Allowing Root Privileges
// CVE-2026-3888
6⃣ Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI
// A flaw in Profile Builder Pro <3.14.5 enables unauth PHP Object Injection via AJAX, allowing RCE through crafted serialized objects
7⃣ SQLI in Spring AI’s MariaDB Vector Store
// CVE-2026-22730
8⃣ Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 "Security Claw" AI Platform
]-> Analytical review (Mar.7-14, 2026)
#Tech_book
#Cyber_Education
#Malware_analysis
"MD MZ Book 2nd Edition", 2024.
]-> Repo
// The result of research and investigation of malware development tricks, techniques, evasion, cryptography and linux malware
#AIOps
#NetSec
#Cloud_Security
#Offensive_security
Pwning AI Code Interpreters in AWS Bedrock AgentCore
https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter
// AWS Bedrock AgentCore Code Interpreter’s ‘Sandbox’ mode allows DNS queries, enabling interactive shells and bypass of network isolation through DNS-based command-and-control
#Analytics
"2026 State of Software Security:
Prioritize, Protect, Prove", 2026.
// The 2026 State of Software Security report illuminates a difficult truth: the pace of flaw creation is decisively outstripping the current capacity for remediation. Despite marginal gains in fix rates, the tide of security debt - known vulnerabilities left unresolved for more than a year - is rising. This is not a distant problem; it is a present reality for 82% of organizations, an 11% increase in a single year
#reversing
#cryptography
#Space_Security
"Systematic Security Analysis of the Iridium Satellite Radio Link", Mar. 2026.
]-> Artifacts for each of the mentioned parts
// The first comprehensive security analysis of Iridium authentication and radio link protocols. We reverse engineer Iridium SIM-based authentication mechanism and demonstrate that the secret key can be extracted from the SIM card, enabling full device cloning and impersonation attacks
#AIOps
#Research
#Sec_code_review
#Malware_analysis
"CogniCrypt: Synergistic Directed Execution and LLM-Driven Analysis for Zero-Day AI-Generated Malware Detection", Mar. 2026.
]-> CogniCrypt Prototype (Repo)
// The weaponization of LLMs for automated malware generation poses an existential threat to conventional detection paradigms. AI-generated malware exhibits polymorphic, metamorphic, and context-aware evasion capabilities that render signature-based and shallow heuristic defenses obsolete
#DFIR
#Tech_book
#Blue_Team_Techniques
"Blue Team Handbook: Incident Response", 2026.
]-> Repo
// The book presents essential core IR theory, skills, checklists and procedures to handle cyber security incidents. Then there are several chapters for examining Windows, Linux, and network traffic
#Research
#Blue_Team_Techniques
"CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts",
Mar. 2026.
]-> system log data set
]-> network packet captures
]-> attack automation scripts
]-> artifacts to reproduce
// Public labeled log data sets of attack traces and artifacts, analysis and categorization of cyber attack manifestations, LLM-based interpretation of system logs and security alerts
#DevOps
"Authoritative Guide to AI/ML-BOM:
Drive Transparency, Compliance, and Security Across the AI Supply Chain", First Edition, Mar. 2026.
// An ML-BOM (Machine Learning Bill of Materials) is a document to address the unique complexities and risks of AI/ML systems. It provides a detailed inventory of all components, configurations, and processes involved in the development, training, deployment, and hosting (i.e., via hardware/software stacks and frameworks) of a ML model
#Sec_code_review
#Infosec_Standards
NIST SP 800-218 Rev.1:
"Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities", Dec. 2025.
// This document describes new and improved practices, tasks, and examples for the secure and reliable development, delivery, and improvement of software
#OSINT
#Automotive_Security
"Can’t Hide Your Stride: Inferring Car Movement Patterns from Passive TPMS Measurements", 2026.
// Tire Pressure Monitoring System (TPMS) transmissions of modern cars are sent over the air in clear text and entail a unique identifier that does not change over very long periods of time...