Newsletter 2026-04-13
Another week another round
itm4n took a closer look at Windows’ implementation for collecting Bitlocker information. Maybe a pretty interesting topic if you want to dive into the depths of disk encryption.
Something a bit different. Unlocking features in an Audi.
Something else again. A Mastodon discussion around the latest Windows zero-day Bluehammer. The discussion goes into the functionality a bit. Plus the repo.
- https://infosec.exchange/@wdormann/116358064691025711
- https://github.com/Nightmare-Eclipse/BlueHammer/tree/main
Talos analyzes LucidRook, a Lua-based stager that provides stripped Rust elements.
Gen Threat Labs found and dissected a new 64-bit variant of the Lumma Stealer.
According to Talos, more SaaS platforms are apparently being used for so-called Platform-as-a-Proxy (PaaP) attacks where the actual notifications from GitHub and Co. are used to send messages from trusted origins.
A North Korean TA has now spread 1,700 malicious packages across various platforms (PyPI, crates.io, npm…) with Contagious Interview and primarily relies on infostealers.
Amazon provides an environment for AI agents with the AWS AgentCore Sandbox, but Unit42 immediately found a way to break out.
Classic overflow bug in macOS with interesting consequences.
Quarkslab disassembled a telematic unit from a crashed car. They read out the firmware and travel data and were able to trace the car’s journey.
- https://blog.quarkslab.com/tearing-down-a-car-telematic-unit-and-finding-an-accident-on-facebook.html
Read you next week.