Newsletter 2026-06-30
Another week with articles. Thanks to the high temperatures I wasn’t motivated to do anything else but read, which lead to some more links this week.
Quarkslab took a closer look at Xiaomi’s proprietary security chip as used in cameras. Methods used included, among others, I2C sniffing, flash dumping, and firmware analysis.
Praetorian’s setup for automated vulnerability analysis with AI was recently introduced. In the first part, the target was FreeBSD and the approach is explained in detail.
I haven’t seen WinRAR in a long time, but apparently enough unpatched versions are still in use in Ukraine that Russian APTs are using it as an entry point.
Microsoft logs too little, which Datadog Security Labs has pointed out, and covered four methods for encrypting Azure Storage Blobs. A tool for simulating ransomware is also linked.
TrustedSec’s Kevin Haubris looked at how to break down larger tasks and contexts into smaller, more manageable tasks and thus successfully work with local models with smaller context.
Abdul looks at EPA in the context of ESC8 and MSSQL and finds that certipy/certify and checkMSSQLStatus.py may report false information due to missing distinction between Channel Binding and Service Binding.
Andy Gill explains his AI harness setup for vulnerability hunting.
STOCKSTAY is a .NET backdoor that specifically targets Ukrainian targets. Google’s threat intel team examined it very thoroughly.
Bellingcat has broken down which factors they incorporated to train an AI model on content dealing with harm to people within Telegram channels.
usbliter8 is an iOS BootROM vulnerability for A12 and A13 devices (≤ iPhone11). Paradigm Shift shows how the exploit works including PoC.
There’s currently apparently an extortion wave against women’s shelters in Germany. SRLabs has compiled a report on it (in German and English), including checks and recommendations. So if anyone knows someone who knows someone…
Monish Kumar analyzed the patch diff for the Windows DNS Client and created a write-up that explains the heap overflow (CVE-2026-41096).
Read you next week.