2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
#tools
#Threat_Research
"ProHunter: A Comprehensive APT Hunting System Based on Whole-System Provenance", Mar. 2026.
// ProHunter - efficient and accurate provenance-based APT hunting system with a platform-independent design
#AppSec
1⃣ Intego X9: Never trust my updates
https://blog.quarkslab.com/intego_lpe_macos_3.html
// Multiple vulnerabilities in Intego's macOS products enable privilege escalation through XPC flaws, race conditions, and insecure updates
2⃣ LLVM Adventures: Fuzzing Apache Modules
https://pwner.gg/blog/2026-03-20-apatchy
// Apatchy - LLVM-based fuzzing framework for Apache HTTPD with advanced coverage analysis, and a modular build system
3⃣ A Copy-Paste Bug That Broke PSpice AES-256 Encryption
https://jtsylve.blog/post/2026/03/18/PSpice-Encryption-Weakness
// Bug in PSpice's AES-256 mode reduces its effective keyspace from 2^256 to 2^32, enabling rapid brute-force attacks that compromise encrypted models
#reversing
#Tech_book
#Cyber_Education
"Windows Debugging, Disassembling, Reversing:
Practical Foundations. Training Course",
Third Edition, 2025.
// Another bestseller from a subject-matter leader...
#AIOps
#Infosec_Standards
Agent Control Protocol:
Technical Specification and Reference Implementation, v.1.13, Mar. 2026.
]-> Specification and implementation
// Cryptographically verifiable authorization architecture for autonomous AI agents
#Malware_analysis
1⃣ AI Wrote This Malware:
Dissecting the Insides of a Vibe-Coded Malware Campaign
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ai-written-malware-vibe-coded-campaign
2⃣ Fake Telegram Malware Campaign: Analysis of a Multi-Stage Loader Delivered via Typosquatted Websites
https://labs.k7computing.com/index.php/fake-telegram-malware-campaign-analysis-of-a-multi-stage-loader-delivered-via-typosquatted-websites
3⃣ Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
https://www.trendmicro.com/en_us/research/26/c/dissecting-a-warlock-attack.html
#tools
#NetSec
#WebApp_Security
"Reducing Excessive Trust in the Web PKI Ecosystem", 2026.
// examines the possibility of developing an add-on for mitmproxy project to add drift detection for root CA certificates, incorporate policy-based controls over which CAs are allowed, and leverage an ensemble of existing technologies to reduce the level of trust placed in the public Web PKI. The result is a PoC tool, CertGuard, that provides a higher-security browsing experience and enables security - conscious users to make more informed risk decisions when browsing the web
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Mar.7-14, 2026)
1⃣ YARA-X 1.14.0 Release
// A rewrite of YARA in Rust
2⃣ RCE in Nextcloud Flow via vulnerable Windmill version
// CVE-2026-29059
3⃣ Analyzing "Zombie Zip" Files (CVE-2026-0866)
// The trick is to change the compression method to STORED while the contend is still DEFLATED: a flag in the ZIP file header states the content is not compressed, while in reality, the content is compressed
4⃣ How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit
// An authentication bypass in FreshRSS, a self-hosted RSS aggregator. It is a good example of how over-engineering can hurt the security of an application
5⃣ OpenAI Codex Security AI agent
// Available in research preview format
6⃣ On the Effectiveness of Mutational Grammar Fuzzing
// More coverage does not mean more bugs. Mutational grammar fuzzing tends to produce samples that are very similar
7⃣ AEGIS v.0.9.1
// EDR for AI Agents
]-> Analytical review (Feb.28-Mar.7, 2026)
#Infosec_Standards
"SL5 Standard for AI Security",
Ver. 0.1, Mar. 2026.
]-> OSCAL Profile (JSON)
// A NIST SP 800-53 overlay for frontier AI infrastructure achieving nation-state-level security by 2028/2029
#Malware_analysis
1⃣ The ExifTool vulnerability:
how an image can infect macOS systems
https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362
2⃣ 5 Malicious Rust Crates Posed as Time Utilities to Exfiltrate .env Files
https://socket.dev/blog/5-malicious-rust-crates-posed-as-time-utilities-to-exfiltrate-env-files
3⃣ New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering
https://www.bluevoyant.com/blog/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering
4⃣ Uncovering a phishing campaign abusing MS Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and MS365
https://newtonpaul.com/blog/device-code-phishing-campaign
5⃣ BeatBanker: A dual‑mode Android Trojan
https://securelist.com/beatbanker-miner-and-banker/119121
#CogSec
#Analytics
"How Effective Are Publicly Accessible Deepfake Detection Tools? A Comparative Evaluation of Open-Source and Free-to-Use Platforms", Mar. 2026.
// This paper presents the first cross-paradigm evaluation of six tools, spanning two complementary detection approaches: forensic analysis tools (InVID \& WeVerify, FotoForensics, Forensically) and AI-based classifiers (DecopyAI, FaceOnLive, Bitmind)
#MLSecOps
#Sec_code_review
"SecCodeBench-V2 Technical Report", Feb. 2026.
// SecCodeBench-V2 (SCBv2) - benchmark for evaluating LLM copilots’ capabilities of generating secure code. SCBv2 adopts a function-level task formulation: each scenario provides a complete project scaffold and requires the model to implement or patch a designated target function under fixed interfaces and dependencies. For each scenario, SCBv2 provides executable PoC test cases for both functional validation and security verification. All test cases are authored and double-reviewed by security experts, ensuring high fidelity, broad coverage, and reliable ground truth
#Research
#MLSecOps
"Real Money, Fake Models: Deceptive Model Claims in Shadow APIs", Mar. 2026.
// Through multidimensional auditing of three representative shadow APIs across utility, safety, and model verification, we uncover both indirect and direct evidence of deception practices in shadow APIs
#Whitepaper
"Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk", 2026.
// Insider threat (employees intentionally sabotaging, damaging, or otherwise disrupting operations) is an ongoing and increasing concern for most organizations. At the same time, organizations are rapidly expanding their adoption of LLMs. LLMs exhibit traits designed to increase engagement in human-AI interaction
#Analytics
#Threat_Research
"The 2026 VulnCheck Exploit Intelligence Report".
// The data in this report shows that barely one percent of vulnerabilities disclosed in 2025 were ever exploited, but those that were moved faster, hit harder, and increasingly did so before defenders even had a chance to react. The findings that follow show how adversaries actually operated in 2025, how quickly exploitation occurred, and where defenders lost time
🚀 17,000 prompts in one database - everything you need to work with AI is collected!
The developers have collected a huge repository of queries for all top neural networks: from Midjourney and ChatGPT to Runway and DALL E.
✅ What's inside:
• All prompts are conveniently sorted by categories, tasks, styles and tools - you won’t get lost.
• Usage examples are included with each request.
• The service helps to adapt your own prompts to specific tasks.
• You can publish your prompts and share them with others.
• There is a quick extension for Chrome.
• And all this is free.
https://promptport.ai/
#tools
#DFIR
#Research
#Whitepaper
"Assessing the Impact of Memory Acquisition on Key Windows Artifacts", Feb. 2026.
// This research evaluates the impact of memory capture tools on data at rest, aiming to understand the degree of change that occurs to artifacts, measure differences based on tool selection, and inform best practices for live responders
#Infosec_Standards
NIST SP 800-81 Rev.3:
"Secure Domain Name System (DNS) Deployment Guide", March 2026.
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (Mar.14-21, 2026)
1⃣ More IP KVM Vulnerabilities
// 9 vulnerabilities across 4 vendors turn low-cost IP-KVMs into attack platforms
2⃣ Perseus Android Malware
// Perseus highlights the continued evolution of Android malware, demonstrating how modern threats build upon established families like Cerberus/Phoenix while introducing targeted improvements
3⃣ The Proliferation of DarkSword
// Google's TI uncovered DarkSword, a sophisticated iOS exploit chain using six 0-days since 2025, targeting users in multiple countries with JavaScript-based payloads
4⃣ A 32-Year-Old Bug Walks Into A Telnet Server
// GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE
5⃣ Vulnerabilities in snapd and Rust Coreutils Allowing Root Privileges
// CVE-2026-3888
6⃣ Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI
// A flaw in Profile Builder Pro <3.14.5 enables unauth PHP Object Injection via AJAX, allowing RCE through crafted serialized objects
7⃣ SQLI in Spring AI’s MariaDB Vector Store
// CVE-2026-22730
8⃣ Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 "Security Claw" AI Platform
]-> Analytical review (Mar.7-14, 2026)
#Tech_book
#Cyber_Education
#Malware_analysis
"MD MZ Book 2nd Edition", 2024.
]-> Repo
// The result of research and investigation of malware development tricks, techniques, evasion, cryptography and linux malware
#AIOps
#NetSec
#Cloud_Security
#Offensive_security
Pwning AI Code Interpreters in AWS Bedrock AgentCore
https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter
// AWS Bedrock AgentCore Code Interpreter’s ‘Sandbox’ mode allows DNS queries, enabling interactive shells and bypass of network isolation through DNS-based command-and-control
#Analytics
"2026 State of Software Security:
Prioritize, Protect, Prove", 2026.
// The 2026 State of Software Security report illuminates a difficult truth: the pace of flaw creation is decisively outstripping the current capacity for remediation. Despite marginal gains in fix rates, the tide of security debt - known vulnerabilities left unresolved for more than a year - is rising. This is not a distant problem; it is a present reality for 82% of organizations, an 11% increase in a single year
#reversing
#cryptography
#Space_Security
"Systematic Security Analysis of the Iridium Satellite Radio Link", Mar. 2026.
]-> Artifacts for each of the mentioned parts
// The first comprehensive security analysis of Iridium authentication and radio link protocols. We reverse engineer Iridium SIM-based authentication mechanism and demonstrate that the secret key can be extracted from the SIM card, enabling full device cloning and impersonation attacks
#AIOps
#Research
#Sec_code_review
#Malware_analysis
"CogniCrypt: Synergistic Directed Execution and LLM-Driven Analysis for Zero-Day AI-Generated Malware Detection", Mar. 2026.
]-> CogniCrypt Prototype (Repo)
// The weaponization of LLMs for automated malware generation poses an existential threat to conventional detection paradigms. AI-generated malware exhibits polymorphic, metamorphic, and context-aware evasion capabilities that render signature-based and shallow heuristic defenses obsolete
#DFIR
#Tech_book
#Blue_Team_Techniques
"Blue Team Handbook: Incident Response", 2026.
]-> Repo
// The book presents essential core IR theory, skills, checklists and procedures to handle cyber security incidents. Then there are several chapters for examining Windows, Linux, and network traffic
#Research
#Blue_Team_Techniques
"CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts",
Mar. 2026.
]-> system log data set
]-> network packet captures
]-> attack automation scripts
]-> artifacts to reproduce
// Public labeled log data sets of attack traces and artifacts, analysis and categorization of cyber attack manifestations, LLM-based interpretation of system logs and security alerts
#DevOps
"Authoritative Guide to AI/ML-BOM:
Drive Transparency, Compliance, and Security Across the AI Supply Chain", First Edition, Mar. 2026.
// An ML-BOM (Machine Learning Bill of Materials) is a document to address the unique complexities and risks of AI/ML systems. It provides a detailed inventory of all components, configurations, and processes involved in the development, training, deployment, and hosting (i.e., via hardware/software stacks and frameworks) of a ML model
#Sec_code_review
#Infosec_Standards
NIST SP 800-218 Rev.1:
"Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities", Dec. 2025.
// This document describes new and improved practices, tasks, and examples for the secure and reliable development, delivery, and improvement of software
#OSINT
#Automotive_Security
"Can’t Hide Your Stride: Inferring Car Movement Patterns from Passive TPMS Measurements", 2026.
// Tire Pressure Monitoring System (TPMS) transmissions of modern cars are sent over the air in clear text and entail a unique identifier that does not change over very long periods of time...
#AIOps
#MLSecOps
#Tech_book
"Utilizing Generative AI for Cyber Defense Strategies", 2025.
// This book provides a deep dive into the intersection of artificial intelligence and cybersecurity, highlighting how generative AI can be harnessed to not only enhance existing defense mechanisms but also to innovate new strategies for protecting our digital assets
🛠️ Stop Hacking in Prod: Build Your Ultimate Bug Bounty Lab! 🛠️
Tired of accidentally messing up your host OS or worrying about sending stray payloads to out-of-scope targets? It's time to stop hunting with a messy setup and start building infrastructure like a pro! Discover how to build an isolated, bulletproof hacking environment that lets you test complex web exploits safely.
The "Aha!" Moment That Changes Everything:
Many beginners jump straight into live bug bounty targets with their daily web browser and zero isolation. The bug bounty game requires precision and control. Top hunters don't just download tools; they engineer a dedicated, sandboxed laboratory where they can detonate payloads, intercept traffic, and analyze web apps without risking their own system's integrity!
What is the Ultimate Lab Setup Guide?
This isn't just a list of download links. It's a complete architectural blueprint for your first offensive security environment, tailored specifically for web application testing.
• The Goal: A safe, isolated, and highly customized web hacking station.
• What you'll learn in this breakdown:
• The Foundation: Setting up your hypervisor and choosing your offensive OS (Kali/Parrot) for maximum isolation.
• The Interceptor: Properly configuring Burp Suite, CA certificates, and FoxyProxy so you never miss a single HTTP/S request.
• The Targets: Leveraging Docker to spin up intentionally vulnerable web apps (like OWASP Juice Shop or DVWA) in seconds.
• The Toolchain: Organizing your terminal and installing the essential recon utilities you need before your first real hunt.
The Bug Hunter's Lab Workflow: From Scratch to Weaponized
See the exact steps to transform a standard laptop into a professional testing suite!
• Phase 1: Isolation (The Sandbox)
• Never hack directly from your host machine. Spin up a dedicated VM to keep your personal data completely separate from your targets.
# First rule of your new lab: Keep it updated!
sudo apt update && sudo apt full-upgrade -y
# Spinning up a local vulnerable environment in seconds
docker run --rm -p 3000:3000 bkimminich/juice-shop