Have you ever wondered what is running on your Android phone? As it turns out, it's not just the apps that you install but there are also so called "trusted applications" that handle your sensitive data like passwords, fingerprints, or keys.

We have developed a high-level rehosting approach that enables security researchers to thoroughly test these applications and found 17 0-days that were responsibly disclosed and are now fixed. This work was presented at this week's IEEE Symposium on Security and Privacy, one of the top-4 security conferences.
https://nebelwelt.net/blog/2026/0521-taemu.html

Good bye San Francisco, it was a pleasure!

The last few days I spent at the IEEE Symposium on Security and Privacy (Oakland) to catch up with friends, learn about the latest research in security and to support Philipp in presenting our latest research work TÄMU --- high-level rehosting of trusted applications on the Android platform. Check out the short blog for a few more details:
https://nebelwelt.net/blog/2026/0521-oakland.html

From "What the Fuzz?" to "All The Fuzz!" (Keynote fuzzing workshop @ NDSS'26)

Reflections on the three phases of fuzzing: from origins of fuzzing to the greybox fuzzing, ending with how fuzzing will continue evolving in the future.
Comments welcome!

https://youtu.be/In3kRAVVbzQ?si=lNTX6ebFu_rvRZbf&t=548

RE: https://infosec.exchange/@aristot73/116463759957379327

LLM bug finding vs fuzzing: LLMs explore a different part of the bug space, my guess is that we'll see a similar curve as with fuzzing where new bugs get more expensive to find with the key difference that we can hit new capabilities to find different types of bug patterns resulting in a saw function than just a sigmoid. Fun times ahead, especially for researchers looking into defense!

Subscription bombing is a (re-)emerging threat vector where attackers flood your inbox with thousands of unwanted messages. This is not just nuisance but attackers often leverage subscription bombing to hide their true goals such as support scams or account takeovers. Even worse, subscription bombing has become a service. We analyzed 24 subscription bombing attack campaigns to reflect and provide insights.

Check out our CACM article for details: https://cacm.acm.org/practice/subscription-bombing-email-under-attack/

Has anyone checked out the new Frame.Work Laptop 13 Pro? I'm especially interested in power management given that I hate the most recent Lenovo X1 as the keyboard is annoying, it no longer has the trackpoint, it only support s2idle, and in general battery runtime is abysmal. [I.e., would not recommend Lenovo anymore]

https://frame.work/ch/en/laptop13pro

LLMs are automating not just coding, but vulnerability discovery and exploitation. At scale, this shifts the economics of offensive security: lower skill barriers, faster iteration, and massively increased attack surface coverage.

As exploitation becomes cheap and ubiquitous, how can we leverage this for defense?

https://nebelwelt.net/blog/2026/0420-AIpocalypse.html