Interesting links of the week:

timb_machine@infosec.exchange

Interesting links of the week:

Strategy:

* https://www.isc.org/blogs/2026-04-16-How-to-report-a-vulnerability/ - @iscdotorg makes some useful suggestions on reporting vulnerabilities
* https://sushegaad.github.io/Claude-Skills-Governance-Risk-and-Compliance/ - building a GRC framework with Claude
* https://jericho.blog/2026/04/17/nvd-gives-up/ - Jericho from @attritionorg gives us the skinny on the NVD updates
* https://www.usenix.org/system/files/login/articles/login_apr15_12_geer.pdf - Dan Geer predicts...
* https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html - remembering Sec-Gemini v1 hype
* https://init6.com/papers/Day-Zero-Normal-CISO-Brief.pdf - @mubix comes with another take on AI and LLM
* https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready-20260413.pdf - the Cloud Security Aliance chip in
* https://cje.io/2026/04/08/offense-scales-with-compute-defense-scales-with-committees/ - as does @cje

Detection:

* https://pub.expmon.com/ - Haifei Li's EXPMON
* https://obdev.at/blog/little-snitch-for-linux/ - @littlesnitch comes to Linux

Bugs:

* https://x.com/Gi7w0rm/status/2042370775546482815 - more on that spike in Adobe Reader bugs chain
* https://rhisac.org/threat-intelligence/bluehammer-windows-local-privilege-escalation-zero-day-publicly-released/ - moar on Blue Hammer #1
* https://www.cyderes.com/howler-cell/windows-zero-day-bluehammer - moar on Blue Hammer #2
* https://www.coresecurity.com/blog/analysis-bluehammer-lpe-exploiting-windows-defender-updates - moar on Blue Hammer #3

Exploitation:

* https://www.slideshare.net/slideshow/how-i-use-ai-for-penetration-testing-teri-radichel-2nd-sight-lab-3fb8/286987132 - @teriradichel

Hard hacks:

* https://hackers-arise.com/scada-ics-hacking-and-security-attacking-the-modbus-protocol-with-rofuzz/ - attacking ICS and other OT with rofuzz
* https://medium.com/@theopenshelf/amazon-is-cutting-kindle-store-access-on-pre-2013-kindles-a7b495cb51ee - Amazon has a Kindle problem and how you can help...

Development:

* https://appsec.guide/docs/languages/c-cpp/lang-c-cpp-bug-classes/ - @trailofbits's security coding guidance with bits'n'pieces from @gsuberland
* https://blog.trailofbits.com/2026/04/09/master-c-and-c-with-our-new-testing-handbook-chapter/ - @gsuberland's accompanying blog post
* https://arxiv.org/html/2603.21852v2 - all elementary functions from a single operator

Data:

* https://cardcatalogforlife.substack.com/p/google-has-a-secret-reference-desk - getting more out of GOOG

It's notable how many of the talking heads on AI and LLM are US based or funded *and* how many of them come from a cloud centric generation of businesses...

#security, #research