nation-state

RCS and DNS: The NAPTR Record, (Mon, Jul 6th)
Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition to richer formatting, provides added (but

Catan and Mouse
What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.

Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.

NIST Enrichment Reductions Impact CVE Coverage, Accuracy
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.

Vulnerabilities Expose Private Data in Indian Government Systems
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.

Iran, Russia, China Target Water Systems for Sabotage
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.

Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.

Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones
Emergency alert systems work because people believe them. Every time one of these systems issues a false alert - whether through negligence or a deliberate attack - trust erodes. Read more in my article on the Hot for Security blog.

Welcoming the Philippine Government to Have I Been Pwned
Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor of

Welcoming the Bhutanese Government to Have I Been Pwned
Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against the data in HIBP. As Bhutan’

Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIB

Welcoming the Bangladesh Government to Have I Been Pwned
Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches.

Welcoming the Costa Rican Government to Have I Been Pwned
Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their nationa

A Deep Dive into the GetProcessHandleFromHwnd API
In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I though

Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was rele

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system da

Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local use

A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis ofte