Newsletter 2026-02-19

Posted on Feb 19, 2026

Another week, another round.

Credential exfiltration through an Outlook add-in. They’re leveraging an “abandoned” project to infiltrate 4,000 systems.

https://www.koi.ai/blog/agreetosteal-the-first-malicious-outlook-add-in-leads-to-4-000-stolen-credentials

I find SpecterOps’ article about their new tool V8-forensics pretty interesting. It can help debug exploits by extracting JavaScript artifacts from Chrome’s memory after it crashes.

https://specterops.io/blog/2026/02/11/v8-heap-archaeology-finding-exploitation-artifacts-in-chromes-memory/

Apparently more and more providers are already filtering Telnet in their networks. But the sheer volume of Telnet connections running over the internet alone is pretty alarming to me.

https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

Alexandre Borges has written another very comprehensive article on exploiting minifilter drivers. I’m not through all 250 pages yet, but from my perspective it’s a solid guide.

https://exploitreversing.com/2026/02/11/exploiting-reversing-er-series-article-06/

Google and Intel teamed up to take a look at Intel Trust Domain Extensions (TDX). The result is a pretty interesting report.

https://bughunters.google.com/blog/a-joint-security-review-of-intel-tdx-15

In this article, ransomware is reversed to get the encryption key. The author uses Rust to write their own emulator with Unicorn Engine and Binary Ninja.

https://www.levelblue.com/blogs/spiderlabs-blog/pwning-malware-with-ninjas-and-unicorns

Two really nice follow-ups to the ErrFix analysis from two weeks ago. This time the algorithm used and the binary file get a closer look.

And since we’re on the topic of malware analysis, here’s an Android backdoor that hooks into the Zygote start process to steal data from the respective applications.

https://securelist.com/keenadu-android-backdoor/118913/

Read you next time.