Newsletter 2026-06-09

Posted on Jun 9, 2026

Another week and another round of articles.


LevelBlue investigated a malware campaign in Brazil where Havoc was being used. Nine different stager variants were observed and they were distributed via .zip files. But that seems quite common, especially in May to receive invoices as ZIP archives. So good preparation.


Ruby Gems can now also be installed with a cooldown to reduce supply chain attacks. You can define the number of days a gem must exist before it’s listed for update.


Compared to x86_64, ARM64 doesn’t seem to have a clear ABI and differs in use depending on the platform. That definitely makes platform-independent assembler programming harder.


Paul Newton moves directly to the next device code phishing system. GraphSpy as a platform wasn’t known to me before.


Another interesting vulnerability in a driver for AI accelerators. The author Lukas Maar only simulated basic components. Enough to pass as a real device to the driver.


Nviso writes about an incident where a VM was spun up by the attacker, this time using Qemu, to evade endpoint protection.


Praetorian recently published an article where they used skills to modify tool-go-code to automatically reduce their signature detection. Now they’re taking it a step further.


Nico Dekens wrote an interesting article that can help verify whether a photo of an area is real or generated, or what to watch out for when trying to geolocation images with the help of AI.


As with all other tools, verification before deployment is important for skills as well.


There was a government audit of NIST’s NVD. One paragraph really says it all. “NIST management informed us, however, that they did not have a strategic plan for the NVD,” OIG wrote. “The lack of a strategic plan likely contributed to NIST’s slow and inadequate response to the challenge posed by the backlog. That response included an unrealistic goal, a lack of prioritization given to the processing of critical vulnerabilities, and a delay in the use of alternative resources.”


That’s all for this week. Read you next week.