Newsletter 2026-05-26

Posted on May 26, 2026

Another week and a new round of links


Mathieu Farrell describes for Quarkslab which vulnerabilities he found in Optical Line Terminals in great detail. Including an explanation of what the whole thing actually is.


Massive attack on GitHub repositories. I couldn’t figure out which ones are directly affected. On 2026/05/21 it have been 5000 repositories and rising.


Elliot Belt/Felix Billières has extensively worked with AI in security research and provides his research along with recommendations on how to reproduce.


Talos has found a BadIIS variant that’s predominantly traded among Chinese cybercrime organizations and is also mainly active in the Asia-Pacific region. It also deviates from the representatives in the Western sphere claims Talos.


As a follow-up to last time, there’s now also a tool to estimate the seeds of Mullvad’s VPN.


Interesting sandbox escape under macOS using Archive Utility and a brief background on how things actually works under macOS.


SpecterOps took a closer look at Shai-Hulud and broke it down. Recommendations on how to block the C2 traffic are also included.


The article is from 2024, but gives a very good insight into the functionality of io_uring, an important kernel/userspace interface under Linux. Additionally, a few more interesting articles on other vulnerabilities are linked in the article.


And to stay on the topic of virtual memory, I stumbled across a good introduction to the subject (from 2025). Paging, layout, allocation, and mapping are (in my view) very well explained.


Read you next week