Newsletter 2026-02-24

Welcome to the next week of articles I deemed interesting.

A pretty interesting phishing approach.

• https://www.levelblue.com/blogs/spiderlabs-blog/phishing-with-oauth-redirect

Talos looked into how to bypass Code Read-out Protection (RDP) by emulating a single thread to find vulnerabilities in the ModBus TCP implementation of the devices.

• https://blog.talosintelligence.com/good-enough-emulation/

Usually it’s more articles around security and red teaming topics, but containerization also plays a significant role in modern environments. Even though dependencies that are installed separately from the OS package manager need to be checked independently since many security scanners struggle with that (at least that’s my last understanding, it might have changed), higher speed when building containers is also important in many places. Andrew Nesbitt shows in his article that most package managers (Cargo, Go, and Co.) for software development allow downloading dependencies separately.

• https://nesbitt.io/2026/02/15/separating-download-from-install-in-docker-builds.html

The deep dive into LNK by Wietze Beukema gives an interesting look into the LNK format, presents four possible attack scenarios, and explains how to detect these attacks.

• https://www.wietzebeukema.nl/blog/trust-me-im-a-shortcut

A JSON deep dive by Het Mehta. The article is from March 2025 and shows possible attacks on JSON parsers.

• https://hetmehta.com/posts/json-interoperability-vulnerabilities/

Searchlight Cyber took a closer look at OpenText Directory Services (OTDS) and went really deep to find a deserialization vulnerability. Very much worth reading, in my opinion.

• https://slcyber.io/research-center/almost-impossible-java-deserialization-through-broken-crypto-in-opentext-directory-services/

Read you next time