RFC 9839: Unicode Character Repertoire Subsets

This document discusses subsets of the Unicode character repertoire for use in protocols and data formats and specifies three subsets recommended for use in IETF specifications.

Security Advisory: Airoha-based Bluetooth Headphones and Earbuds – Insinuator.net

CVE-2024-11035: Minor Security Issues in VMWare Carbon Black Cloud

We recently conducted a security assessment of VMWare Carbon Black Cloud, a unified SaaS solution that integrates endpoint detection and response (EDR), anti-virus, and vulnerability management capabilities. As part of our evaluation, we tested the solution's ability to detect and prevent malicious activity on Windows and Linux systems. Our analysis focused on the Carbon Black agents for the ...

CVE-2025-20908: Use of insufficiently random values in Samsung’s Auracast implementation

As part of our research into the Auracast feature set in Bluetooth, we also started looking into vendor implementations. At the time we started with our research, there weren’t a lot of products on the market yet. But new products are coming out pretty frequently now. One of the vendors that had Auracast implemented pretty early was Samsung. At the time the Samsung Galaxy S23 and S24 phones w ...

When Your Edge Browser Syncs Private Data to Your Employer

Recently, one of our customers contacted us to investigate the extent of some unwanted and unexpected behavior regarding browsing data of employees. Employees started contacting IT support because private browser bookmarks, private login credentials etc. showed up on their work machines. All affected employees stated that they never created these bookmarks on work systems. And interestingly ...

Jigsaw RDPuzzle: Piecing Attacker Actions Together

In a recent incident response project, we had the chance to virtually look over the attackers' shoulder and observe their activities. The attackers used the Remote Desktop Protocol (RDP) for lateral movement within the compromized environment and beyond (MITRE techniques T1570, T1021). As a matter of fact, RDP creates cache files that contain tiles of the transferred screen recording data. Whi ...

Part I: Bluetooth Auracast from a Security Researcher’s Perspective

Auracast, the new Bluetooth LE Broadcast Audio feature has gained some publicity in the past months. The Bluetooth SIG has introduced the LE Audio feature-set to the Bluetooth 5.2 Specification in 2019 and vendors are only now starting to implement it. Auracast facilitates broadcasting audio over Bluetooth LE to a potentially unlimited number of devices. It does not require pairing or interact ...

Vulnerability Disclosure: Command Injection in Kemp LoadMaster Load Balancer (CVE-2024-7591)

While conducting security research, I identified a critical vulnerability in Kemp’s LoadMaster Load Balancer. This vulnerability is a Command Injection and allows full system compromise. It requires no authentication and can be exploited remotely by having access to the Web User Interface (WUI). Kemp LoadMaster is a widely used Load Balancing Application that can commonly bee seen in custom ...

TROOPERS25

TROOPERS is more than just an infoSec con. Hands-on, high-end knowledge sharing leaves you motivated and charged to