📸 A Year in Photos

Over the break I did a bit of Tiago Forte’s Annual Review program, taken from his book to be released later this year.

One of the early exercises was to go through all of your photos from 2025 and pick out the top ~100 that give you the strongest emotional reaction.

I don’t take a ton of photos, and I’m not generally one to review them, but I did it.

And what I realized going through the photos is that there were a few newly-ish made friends, who had really been highlights of my year.

So yesterday I told one of them this (shout-out Aaron), and I plan to tell the rest soon.

This may sound corny, and it’s definitely not what I’ve done in the past as a certified neckbeard hacker™️, but it felt good to tell him about the positive impact he had on me, and that he’s important to me.

I plan to be more intentional about taking photos like this in 2026.

I wonder if there are important people in your life who may not know how much they mean to you 🤔 

Sponsor

📣 Five shifts that will shape your security team in 2026

As we settle into 2026, AI is already top of mind for security leaders - shaping workflows, and challenging teams in unprecedented ways. On January 28, join Tines and Statascale for a live webinar to get first access to insights from 1800+ practitioners and leaders, and tangible advice for turning these insights into real, practical changes for your team.

You’ll learn:

• What makes AI a true advantage for some security teams - and a burden for others

• What “good AI governance” actually looks like in practice 

• How to turn board-level attention into long-term strategic influence

👉 Register now! 👈

AppSec

39C3: Power Cycles
Recordings published from the 39th Chaos Communication Congress (2025). I’ve pulled out a selection of talks that look most interesting to me at the bottom of the web version of this issue.

WhisperPair
Researchers at KU Leuven (Sayon Duttagupta, Seppe Wyns et al) discovered WhisperPair, a vulnerability in Google Fast Pair (that enables one-tap pairing and account synchronization across supported Bluetooth accessories). The bug enables attackers to forcibly pair a vulnerable Fast Pair accessory (e.g., wireless headphones or earbuds) with an attacker-controlled device (e.g., a laptop) without user consent, allowing them to play audio at high volumes, record conversations using the microphone, or in some cases track their location. The attack succeeds within ~10 seconds and works up to 14 meters.

More from Wired: Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking.

Building Security to Unlock Engineering Velocity
Shreyas Sriram and Sujith Katakam describe how Robinhood's security and engineering teams built SERA (Secure Enhanced Remote Approval), a platform that enables engineers to approve access requests securely from any device without requiring VPN or corporate laptops, using passkeys and biometric authentication. The system maintains security through trusted enrollment (requiring initial setup via corporate device and VPN), device binding, risk-based controls, and comprehensive audit logging. SERA improved approval times by >20% and handles >25% of after-hours requests.

Sponsor

📣 What do AI agents and 3rd party scripts have in common?

Nobody's watching them and they both interact with your client-side environment (which is a black box in most security stacks). cside was born as an alternative to the CSP headache, automatically watching JavaScript & browser behavior at runtime to catch suspicious activity. Now our startup is building a tool to help you prepare for the millions of AI agents that will visit your website. We'd love for you to try it.

👉 Get Private Access 👈

Hm interesting, I hadn’t thought of the attack vector of client-side attacks → prompt injecting AI browsers or attacking agentic commerce. I could see securing agentic commerce being important.

Cloud Security

Multi-Cloud Detection at Scale: A Normalization Framework
Ved K describes how to build a Bronze-Silver data architecture for cloud security logs that eliminates the need to maintain separate detection rules for each cloud provider. The Bronze layer stores immutable raw logs while the Silver layer normalizes heterogeneous cloud logs (AWS CloudTrail, GCP Audit Logs, Azure Activity Logs) into unified schemas using standards like Elastic Common Schema (ECS) or Open Cybersecurity Schema Framework (OCSF), enabling you to write one detection rule that works across all providers instead of N×M provider-specific rules.

The post has some nice thoughts on schema-first detection engineering (design your schema so it’s easy to write important detections), a schema design checklist, service category abstraction, and production-grade implementation patterns.

By scanning Certificate Transparency logs for ROSA console domains, querying the unauthenticated /settings/cluster endpoint to extract cluster UUIDs and owner emails, and guessing usernames, attackers could initiate transfers and gain cluster-admin privileges within 24 hours. The post then walks through going from cluster admin to AWS admin within the victim’s underlying AWS account.

Apple / MacOS

Reverse Engineering iOS Shortcuts Deeplinks
Alex Beals describes his investigation into seeing if you can import or programmatically create automations—through deeplinking (TL;DR: you can’t). Alex used tools like strings, lldb, and Hopper to reverse engineer the Shortcuts app and WorkflowKit framework and discovered the full list of supported actions by examining ICManager's requestHandlers.

iOS Research Docker Environment
Chen Shalev Sokolovsky shares iosEnv, a Docker-based iOS research environment for portable and reproducible mobile security testing. The setup automates tasks like port forwarding, SSH key management, and launching debuggers/instrumentation tools (lldb, frida), and solves challenges around USB device access, password prompts, iOS symbol loading, and rootless jailbreaks.

The Mac Malware of 2025
I love Patrick Wardle’s round-ups. The post is a technical deep dive of all new macOS malware discovered in 2025, organized by malware type, covering its infection vector, persistence mechanism, features and goals. He also includes sample links 👍️ Info stealers dominated the threat landscape, targeting browser data, cryptocurrency wallets, and credentials via fake applications, malvertising, and ClickFix social engineering. Many employed AppleScript/JXA for execution and avoided persistence since they exfiltrate data and exit.

Notable backdoors included ChillyHell (a modular implant with password cracking capabilities), FlexibleFerret (DPRK-linked Go backdoor delivered via fake job assessments), and a sophisticated BlueNoroff campaign deploying multiple components including a Nim-based persistent loader, Go backdoor, process injector, keylogger, and cryptocurrency stealer. The year saw increased sophistication through multi-stage infection chains, dead drop resolvers for C2 discovery, hardware-based anti-VM checks (like ARM CPU feature validation), and abuse of signed/notarized binaries.

Apple's Endpoint Security API provides some event visibility to EDRs, but there are still blind spots: third-party tools cannot read process memory (blocking detection of in-memory payloads), cannot access unified logging without private entitlements, and are limited to file-system and behavior-centric detection. Many EDRs rely heavily on enforcing Apple's native mechanisms (Gatekeeper, XProtect, TCC) rather than implementing novel detection logic.

Blue Team

tracebit-com/awesome-deception
By Tracebit: An awesome collection of articles, papers, conferences, guides, and tools relating to deception in cybersecurity.

DetectionStream: Introducing the Sigma Training Platform
Kostas Tsialemis introduces the Sigma Playground's new Training Platform, a gamified environment for learning detection engineering through hands-on practice with over 20 real-world challenges using event logs from EVTX-ATTACK-SAMPLES. The platform features interactive challenges, real-time rule evaluation, a progressive hint system, difficulty levels, and a community leaderboard, all while keeping user data private by running client-side. Users can also create and share their own challenges through the Challenge Builder.

How to Get Scammed (by DPRK Hackers)
OZ describes their experience with a DPRK-linked malware campaign (DEV#POPPER/XCTDH/Contagious Interview) that uses fake job interviews to target developers. OZ describes the interactions with the “recruiter,” along with sketchy signs like the person deleting messages, GitHub repos, etc.

The campaign used a novel blockchain-based dead drop architecture where Tron and Aptos wallets serve as pointers to XOR-encrypted payloads hosted on Binance Smart Chain transactions. Using Docker and pspy for dynamic analysis, OZ traced the infection chain from obfuscated JavaScript through LCG-based deobfuscation to final payloads that inject persistence into VS Code/Cursor IDEs and establish Socket.IO C2 connections. The malware includes a ReDoS-based debugger detection trick (if someone’s stepping through code with a debugger, the regex catastrophically backtraces and hangs), and deploys sandbox evasion techniques that detect AWS/Azure/Docker/Kali environments before executing.

AI + Security

Coding Agents. The Insider Threat You Installed Yourself
Thomas Roccia describes how to build visibility and security monitoring for AI coding agents like Claude Code using hooks and his new open-source tool NOVA Protector. Claude Code's hook system (PreToolUse, PostToolUse, UserPromptSubmit, etc.) allows intercepting agent actions before/after execution, which NOVA Protector leverages to trace all file reads, command executions, MCP server calls, and agent skill invocations into JSONL session logs. NOVA Protector automatically generates HTML reports for each session showing metrics like files accessed, commands run, prompt injection detection results, tool usage statistics, and complete execution timelines.

The tool integrates with the NOVA Framework's adversarial prompt detection capabilities, scanning agent inputs/outputs against configurable rules for instruction override, roleplay jailbreak, encoding obfuscation, and context manipulation attacks.

On the Coming Industrialisation of Exploit Generation with LLMs
Sean Heelan built agents using Opus 4.5 and GPT-5.2 that successfully wrote over 40 distinct exploits for a zero-day QuickJS vulnerability across 6 scenarios with modern mitigations enabled (ASLR, NX, full RELRO, fine-grained CFI, shadow-stack, seccomp), with GPT-5.2 solving all challenges including a particularly difficult one requiring a 7-function-call chain through glibc's exit handler mechanism. Most exploits were generated in under an hour for around $30-50. The key: the LLM needs to be able to search the solution space automatically with no human intervention, and have some way to verify its solution. Tons of great additional technical details, results, and more in this GitHub repo.

“We should start assuming that in the near future the limiting factor on a state or group’s ability to develop exploits, break into networks, escalate privileges and remain in those networks, is going to be their token throughput over time, and not the number of hackers they employ.”

AI and the Software Vulnerability Lifecycle
Chris Rohlf discusses how AI is transforming the software vulnerability lifecycle across three key phases: discovery, patching, and exploitation. He explains how LLMs integrated with traditional security tools like fuzzers and static analyzers can automate vulnerability discovery, the challenges in generating fixes that address root causes rather than just specific exploit vectors, and how models can offer uplift and efficiency gains in exploitation by identifying which existing program components to leverage or by generating testing infrastructure to incrementally refine an exploit.

💡 This post is a great overview of these spaces, and does a good job covering some of the nuances and challenges. Great resource to share with leadership/executives.

AI, Cyber and National Security
Presentation by Chris Rohlf discussing: how AI could potentially disrupt the current attacker-defender asymmetry by helping defenders with scale, efficiency, and automation, and an overview of applying AI to security, AI code generation, program analysis, and securing AI/AI compute/AI agents. Future predictions: AI will give defenders an advantage (→ cyber as SIGINT capability for nation states is significantly reduced), great powers fight for AI supremacy, and accelerated feedback loops put all nations but the top few in a distant AI third place.

39C3 (CCC 2025)

Some talks that look especially interesting to me:

Politics / Privacy

• Cory Doctorow - A post-American, enshittification-resistant internet

• Katika Kühnreich - All Sorted by Machines of Loving Grace? "AI", Cybernetics, and Fascism and how to Intervene

• Jade Sheffey - A Tale of Two Leaks: How Hackers Breached the Great Firewall of China

• Svea Windwehr and Chloé Berthélémy - The Last of Us - Fighting the EU Surveillance Law Apocalypse

• Helena Nikonole - Coding Dissent: Art, Technology, and Tactical Media

• mixy1, Luke Bjorn Scerri and girogio - There is NO WAY we ended up getting arrested for this (Malta edition)

Fuzzing

• Addison - Demystifying Fuzzer Behaviour

• Romain Malmain - Build a Fake Phone, Find Real Bugs Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU

AI

• Johann Rehberger - Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents

• Udbhav Tiwari and Meredith Whittaker - AI Agent, AI Spy

• Mathias Schindler - AI-generated content in Wikipedia - a tale of caution

• Leo Meyerovich and Sindre Breda - Breaking BOTS: Cheating at Blue Team CTFs with AI Speed-Runs

• Shipei Qu, Zikai Xu and Xuangan Xiao - Skynet Starter Kit From Embodied AI Jailbreak to Remote Takeover of Humanoid Robots

• Chiao-Lin Yu (Steven Meow) - When Vibe Scammers Met Vibe Hackers: Pwning PhaaS with Their Own Weapons

• Ting-Chun Liu and Leon-Etienne Kühr - 51 Ways to Spell the Image Giraffe: The Hidden Politics of Token Languages in Generative AI

• jiawen uffline - a media-almost-archaeology on data that is too dirty for "AI"

• Dennis Özcelik - Developing New Medicines in the Age of AI and Personalized Medicine

Security

• ilja and Michael Smith - Escaping Containment: A Security Analysis of FreeBSD Jails

• breakingbread - Prometheus: Reverse-Engineering Overwatch

Misc

AI

• Scaling long-running autonomous coding - Cursor did an experiment where their coding agents built a web browser from scratch by running autonomously for a week and generating 1M+ lines of code across 1,000 files.

• Cursor's latest "browser experiment" implied success without evidence - Someone looked into the browser’s code and found many GitHub Actions runs failed, few commits compiled cleanly. This GitHub issue has more discussion and shows the browser partially rendering Wikipedia. Also Simon Willison weighs in.

• Agent Craft by Ido Salomon - Manage your agents and subagents using an RTS (like Warcraft) interface. I don’t know if this is actually useful it looks awesome 😂 H/T my friend Rob Ragan who is always sharing great stuff.

• Vibecraft - a 3D app to watch and manage Claude Code instances (GitHub).

• claude-code-transcripts by Simon Willison - A new Python CLI tool for converting Claude Code (and web) transcripts to HTML pages for understanding what Claude has done.

• Caleb Sima’s Coding Agent Stack - Claude Code, Claude Superpowers, Episodic Memory, Context7 MCP.

  • Tier 2: SuperClaude, Firecrawl, Browserbase, Playwright, Typescript-lsp, Hookify.

• X has released the x-algorithm on GitHub that powers the For You feed. It combines in-network content (from accounts you follow) with out-of-network content (discovered through ML-based retrieval) and ranks everything using a Grok-based transformer model.

Privacy

• Just the Browser - Helps you remove AI features, telemetry data reporting, sponsored content, product integrations, and other annoyances from desktop web browsers.

• Punkt MC03, a privacy-focused smart phone.

• iOS-Hardening-Guide - A comprehensive guide for enhancing security and privacy on iOS and iPadOS devices, by Sooraj Sathyanarayanan.

• Practical Defenses Against Technofascism - Blog post version of Micah Lee’s BSidesPDX keynote.

  • Always apply updates, use Lockdown Mode, enable Advanced Data Protection in your iCloud account, and advice on device searches.

  • Enable disk encryption and consider powering off devices before going through security checkpoints or if you’re in a situation where someone may examine your phone.

  • Rayhunter is open-source custom firmware for cheap mobile hotspots that can detect cell-site simulators.

Politics

• FBI executes search warrant at Washington Post reporter’s home as a part of an investigation into classified leaks. In April, Bondi rescinded a Biden-era policy that prevented officials from searching reporters’ phone records when trying to identify government personnel who have provided sensitive information to news organizations.

• In Trump’s first term, the administration tried to obtain phone and email records to identify sources.

• Jerome Powell served under President Bush Sr., Obama, Biden, and Trump. In an unprecedented statement: “The threat of criminal charges is a consequence of the Federal Reserve setting interest rates based on our best assessment of what will serve the public, rather than following the preferences of the President. This is about whether the Fed will be able to continue to set interest rates based on evidence and economic conditions—or whether instead monetary policy will be directed by political pressure or intimidation.“

• Senator Thom Tillis (R-NC), a member of the Senate Banking Committee, statement: “If there were any remaining doubt whether advisers within the Trump Administration are actively pushing to end the independence of the Federal Reserve, there should now be none. It is now the independence and credibility of the Department of Justice that are in question.”

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint

P.S. Feel free to connect with me on LinkedIn 👋