Security Review #302

I cracked the algorithm that generates dynamic malicious domains. Using application-layer traffic from mobile devices, I recovered the full domain generation algorithm (DGA), validated it against every domain observed in the wild, and can now predict every future domain before it's registered.

SpeechRuntime is a legitimate Windows component that supports Microsoft's speech-related capabilities. However, threat actors with elevated privileges can move laterally by executing code under the context of the user that has an interactive session on the target host.

I found a mutation XSS chain in a webmail client by exploiting a mis‑configured DOMPurify and an old CKEditor 4 CDATA‑parsing flaw that lets a <style><![CDATA[…<img onerror=…]>…]]></style> payload execute after DOMPurify’s multiple sanitization rounds, giving full script execution in the victim's browser.

In this blog we discuss sleep masking in detail, the default assumptions that come with it, and how we are going to break those assumptions with a novel approach called InsomniacUnwinding.

We identified a novel attack technique used on Hugging Face, dubbed nullifAI, abusing Pickle model file serialization to execute arbitrary code while evading existing protections in the AI community for an ML model.

Before you can detect a container escape, you need to understand what's being escaped. This post covers the Linux isolation primitives that containers rely on, why they break, and how eBPF-based security tools observe those breakdowns at the kernel level.

What Tetragon, Falco, and Tracee ship with out of the box, what you have to build yourself, and every configuration pitfall we hit along the way. The practical tuning guide for container runtime security tools.

We disclose an unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we've dubbed "React2DoS". We analyze its impact and place it in the broader context of recently found Flight protocol vulnerabilities, especially CVE‑2026‑23864.

I built an automated pipeline that scans thousands of Windows kernel drivers for exploitable vulnerabilities, specifically looking for ones that can be used in BYOVD (Bring Your Own Vulnerable Driver) attacks. On its first real run on a massive driver pack, it successfully flagged a zero-day in an ASUS driver.

At the heart of Windows forensics and detection is a simple concept: every action happens in a context. That context is defined by Who, What, When, Where and How. Our logging foundation captures each of these elements across multiple event sources. The art is correlating them.

I discovered two issues in CUPS, CVE-2026-34980 and CVE-2026-34990, chainable into unauthenticated remote attacker -> unprivileged RCE -> root file (over)write.

This blog explores how computer use agents can be used to build an agentic command-and-control framework. By combining LLM reasoning with desktop interaction tools, attackers could automate endpoint control while blending into normal system behavior. Here, we break down the architecture, abuse scenarios, and detection opportunities.

When Node.js resolves modules, the runtime searches for packages in C:\node_modules as part of its default behavior. Since low-privileged Windows users can create this directory and plant malicious modules there, any Node.js application with missing or optional dependencies becomes vulnerable to privilege escalation.

The LiteLLM proxy exposes a /guardrails/test_custom_code API endpoint that allows authenticated users to submit arbitrary Python code for guardrail testing. The endpoint attempts to restrict dangerous operations using regex-based source code filtering, but this can be bypassed using bytecode rewriting techniques to achieve arbitrary code execution on the server.

We analyze how a threat actor enumerated our entire AD with Get-ADComputer, and none of our detections fired. The problem wasn't their evasion - it was an architectural blind spot in how PowerShell talks to Active Directory.

We detail CVE-2025-70951, a vulnerability in Control Web Panel (CWP) allowing an unauthenticated remote attacker to execute arbitrary commands on any exposed instance - with the prerequisite of knowing a valid username.

A real threat actor is doing exactly what our lab scenarios simulate. Mapping TeamPCP's container escape kill chain against Tetragon, Falco, and Tracee telemetry to answer: would these tools have caught it?

We identified a recurring vulnerability class across multiple AI CLI tools that allows an attacker to escape the agent's sandbox and execute code on the host system with the user's privileges. Instead of breaking the sandbox through the operating system or container runtime, the attacks abuse the agent's own configuration, startup behavior and trust boundaries.

This blog post specifically focuses on using Velociraptor’s extensive Command Line Interface mode as a single use tool. This allows users to replace a large number of scripts, and adhoc tools with varying levels of maintainance and different installation dependencies, with a single well maintained and dependable solution.

How much telemetry do Tetragon, Falco, and Tracee actually generate? Per-scenario volume breakdowns, signal-to-noise analysis, production rate estimates, the Falco rule gap, S15 stress test results, and recommendations by threat model.

We discovered a critical vulnerability (CVE-2025-64712) in Unstructured.io. The flaw enables arbitrary file write and potentially full remote code execution on the machine running the library.

Per-scenario telemetry breakdowns from 15 container escape and stress-test scenarios across Tetragon, Falco, and Tracee. The raw data behind the detection scores, and six patterns every container security deployment should monitor.

This second part focuses on reconstructing the complete kill-chain of the BuddyBoss Attack .

A review of common misconfigurations of Microsoft Entra ID Privileged Identity Management, such as not using PIM, leaving high‑privilege roles permanently assigned, relying only on built‑in MFA, allowing long activation windows, and lacking approvals/notifications - that can let attackers hijack privileged access.

Diving in depth into Identity and Access Management (IAM) within Microsoft Azure, I show how IAM permissions can be abused within an Azure environment.

"LucidRook" is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and execute staged Lua bytecode payloads. The dropper "LucidPawn" uses region-specific anti-analysis checks and executes only in Traditional Chinese language environments associated with Taiwan.

CVE-2026-34197 is an ActiveMQ RCE flaw exploiting Jolokia to execute remote commands. The vulnerability requires credentials, but default credentials (admin:admin) are common in many environments.

Technical analysis of a ClickFix macOS stealer sample, probably related to AMOS Stealer.

We describe how we leveraged AI to quickly uncovered a complex client‑side vulnerability - a DOM‑XSS chain that exploits a malformed cookie‑parsing regex and a TikTok‑analytics cookie injection - to achieve full site takeover.

An overview of GDDRHammer and GeForge, two attacks that demonstrate a full privilege escalation chain: GPU memory corruption to GPU page table hijacking to CPU memory read/write to root shell.

A path traversal vulnerability in context7allowed any connected AI agent to read arbitrary files from the host machine - including SSH keys, .env secrets, and database credentials.

In this article we're going to walk through the complete process of creating a Guest-to-Host exploit in VMware. The exploitation process will chain a memory leak for bypassing ASLR and obtaining the base address of vmware_vmx and an RCE triggered with a stack-based buffer overflow in the Service Discovery Protocol (SDP).

This blog explains the technical mechanics behind homoglyh attacks (Unicode, IDNs, Punycode) and how attackers operationalize these attacks. We also review detection and hunting approaches, real-world usage patterns, MITRE mapping, and practical defences.

We identified Remus, a new 64-bit infostealer from the Lumma Stealer family. We detail the compelling evidence tying Remus to Lumma across multiple dimensions and describe a previously undocumented Application-Bound Encryption bypass employed specifically by Remus and Lumma.

We detail how Telnyx was infected with a malicious payload via a supply chain attack campaign, delve into the malicious payload, and provide mitigation recommendations against this type of attack.

This post explores the evolving threats facing virtualized environments such as the BRICKSTORM backdoor, and provides a detailed guide for hardening vSphere Virtual Center and mitigating controls necessary to secure these critical assets.

In this first part we analyze a recovered Claude Code session log that captured a threat actor directing Claude through the final stage of a supply chain attack: bypassing Cloudflare, uploading backdoored BuddyBoss plugins to the production licensing server, and exploiting victim WordPress sites in real time.

This article focuses exclusively on the Shells used by TeamPCP in various campaigns that resulted in the massive Supply Chain Attacks.

The lab setup, scenario matrix, and tool comparison framework behind the container escape telemetry research. Three eBPF tools, 15 scenarios, one tool per VM, and a PowerShell harness that ties it all together.

This blog provides an in-depth analysis of the malicious "msimg32.dll" used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. We present multiple techniques used by the malware to evade and ultimately disable EDR solutions, including SEH/VEH-based obfuscation, kernel object manipulation, and various API and system call bypass methods.

We analyze VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence.

We detail how to intercept, analyze and reverse engineer the BLE protocol used by the FT100 BLE Fitness Bracelet.

We found three critical primitives – unauthenticated file read, unauthenticated file deletion, and SQL injection leading to arbitrary database read – across five widely deployed Joomla! extensions. Chained together, these flaws enable reliable remote code execution (RCE) and administrator account takeover on unpatched Joomla! instance.

We explore advanced code analysis techniques such as taint analysis, CodeQL queries and dynamic validation, demonstrated against a real target.

From an unprivileged CodeBuild job using CodeConnections you can hit an undocumented API to retrieve the raw GitHub App token or BitBucket JWT App token CodeConnections uses. These tokens can be used directly against GitHub/BitBucket APIs and have the full permissions of the CodeConnection App you installed into your GitHub/BitBucket.

We provide a primer on AWS CodeConnections and the Apps that are installed into the source code providers. We will focus on what permissions AWS CodeConnection gets and the limitations on restricting these permissions.

We introduce SDFlags (Security Descriptor Flags) - a hidden LDAP parameter that changes how Domain Controllers process and log queries, allowing attackers to enumerate permissions while evading signature-based detection.

SOAPHound's LDAP query (!soaphound=*) never appears in Event 1644 logs, but it transforms into (! (FALSE)) through LDAP optimization. Understanding this transformation reveals a unique detection signature that most defenders have never seen.