Ah, the #copyfail clickbait posts are coming. Here’s my serious contribution. On your Linux machine add

initcall_blacklist=algif_aead_init

to your kernel boot commandline (typically in grub). Reboot. You are now safe until the updated kernel packages become available. For distributions with the `grubby` command this is done as root with

# grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"

This mitigation comes courtesy of Red Hat. Our engineers keep you safe :)

1/4

Interesting Git repos of the week:

Detection:

* https://github.com/gadievron/honeyslop - a side bar to RAPTOR, a vulndev slop detector from @gadi 🤖
* https://github.com/Nehboro/nehboro - a Chrome extension to help protect you from phishing scams
* https://github.com/trustedsec/SysmonCommunityGuide - TrustedSec dropped guides for Sysmon
* https://github.com/JPCERTCC/LogonTracer - watch out for unexpected logins with JPCERT
* https://github.com/persistent-security/month-of-bypasses - a month of detection engineering tips and tricks
* https://github.com/sjzasada/agentflash - my old uni house mate has written a tool to keep an eye on Claude

Bugs:

* https://github.com/theori-io/copy-fail-CVE-2026-31431 - copy.fail \o/

Exploitation:

* https://github.com/CyberStrikeus/CyberStrike - sloppy pen testing 🤖
* https://github.com/SnailSploit/Claude-Red - another agentic pen tester 🤖
* https://github.com/PurpleAILAB/Decepticon - rise of the bots 🤖
* https://github.com/hackerschoice/team-teso - courtesy of @thc, an archive of TESO
* https://github.com/BishopFox/cirro - @BishopFox created Cirro to map clouds 🤖
* https://github.com/thomasdullien/vulpine - @HalvarFlake dabbles in AI bug hunting and vulndev
* https://github.com/boostsecurityio/smokedmeat - smoked meat attacks CICD pipelines for hot red team action
* https://github.com/mandiant/gopacket - Mandiant ported Impacket to Go
* https://github.com/trailofbits/trailmark - @trailofbits's Trailmark graphs code 🤖
* https://github.com/sailay1996/vss-fr2system - arbitrary reads to SYSTEM \o/
* https://github.com/asset-group/Sni5Gect-5GNR-sniffing-and-exploitation - attacking 5G for sniffs and giggles
* https://github.com/ANSSI-FR/bmc-tools - ANSSI parses your RDP screenshots
* https://github.com/BSI-Bund/RdpCacheStitcher - BSI stitches them together
* https://github.com/califio/publications - @thaidn and friends do interesting things 🤖
* https://github.com/jedireza/reserved-subdomains - what subdomains are reserved?

Hardening:

* https://github.com/sektioneins/ovpncc - One of SektionEins's various config checking tools, this onefor OpenVPN
* https://github.com/HarmonicSecurity/claudit-sec - audit your Claude Desktop posture

Cryptography:

* https://github.com/nitram2342/bruteforce-crc - crunching through CRC32

Data:

* https://github.com/op7ic/SwarmMaker - my good friend opt7ic drops a new tool to build LLM skills

Nerd:

* https://github.com/moshix/BRICKS_TS - mainframe code

#security, #research, #code

Interesting links of the week:

Strategy:

* https://www.kpmgcri.com/insights/calculating-the-impact-of-a-cyber-attack-on-critical-infrastructure - KPMG discuss how to calculate the cost of CNI impact
* https://shkspr.mobi/blog/2026/05/nhs-goes-to-war-against-open-source/ - @Edent discusses the -ve impact of LLMs on NHS open source strategy
* https://www.kcl.ac.uk/building-nhs-resilience-to-ransomware-1 - a study in national health resilience, not to disease but ransomware
* https://www.rusi.org/explore-our-research/publications/cyber-effects-perspectives/cyber-exercises-and-capture-flag-competitions-uk-policy-tools - with all this ransomware, why cyber exercises are still helpful
* https://insinuator.net/2026/04/when-paradigms-are-shifting-infosec-in-the-age-of-ai/ - @Insinuator in the days of LLM
* https://www.provos.org/p/finding-zero-days-with-any-model/ - @nielsprovos chips in on whether it's the models or the automation
* https://www.technologyreview.com/2026/04/27/1136322/rebuilding-the-data-stack-for-ai/ - MIT Technology Review gives a take on how to rearchitect for AI

Standards:

* https://www.rfc-editor.org/rfc/rfc3631.html - Internet-facing security controls

Threats:

* https://medium.com/mitre-attack/attack-v19-ff329cb65d66 - ATT&CK v19 is out
* https://www.darktrace.com/blog/inside-zionsiphon-darktraces-analysis-of-ot-malware-targeting-israeli-water-systems - an attack on the .il water system?
* https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/ - SentinelOne discuss the pre-stuxnet years
* https://mp.weixin.qq.com/s/nJpqvXCYV3ZdvNgYGrG4ow - .cn reporting on Sandworm
* https://blog.talosintelligence.com/uat-4356-firestarter/ - @TalosSecurity report on FIRESTARTER
* https://www.cisa.gov/sites/default/files/2026-04/AR26-113A_MAR_FIRESTARTER_backdoor.pdf - joint NCSC/CISA write up on FIRESTARTER
* https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/ - @citizenlab discuss global telecom breaches
* https://infrawatch.com/blog/inside-the-mobile-farm-the-oem-stack-powering-us-4g-5g-proxy-networks - SIM farms and how they work
* https://github.com/search?q=knock_functions.sh&type=code - this is fine...

Detection:

* https://x.com/westonlwalker/status/2049931249180119321 - auditd rules for copy.fail
* https://scythe.io/scythe-labs/what-your-rdp-sessions-leave-behind - exploring RDP's stains
* https://www.ncsc.gov.uk/blogs/could-your-choice-of-metrics-be-harming-your-soc - NCSC discuss useful KPIs for a SOC
* https://www.slideshare.net/slideshow/first-cti-2026-evaluating-threat-intelligence-through-velocity/287191850 - @jfslowik discusses threat intel speed in defence
* https://extsentry.github.io/#dashboard - can you and should you trust browser agents

Bugs:

* https://copy.fail/ - reliable LPE for many Linux releases
* https://xint.io/blog/copy-fail-linux-distributions - blog post with the copy.fail details
* https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 - Wiz found a nice parameter pollution bug in GitHub
* https://shittrix.moksha.dk/ - much Citrix sadness
* https://www.freebsd.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc - dhclient oopsie in FreeBSD
* https://www.freebsd.org/security/advisories/FreeBSD-SA-26:13.exec.asc - poisoning FreeBSD's argv[][] for LPE oopsie
* https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not - abusing a pty for fun and oopsies
* https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html - more fun Linux whoopses

Exploitation:

* https://windows-internals.com/goodbye-secure-pool-hello-kdp-pool/ - changes afoot in Windows kernel land from @yarden_shafir
* https://securelist.com/phantomrpc-rpc-vulnerability/119428/ - @Kaspersky, on new ways to beat a dead horse
* https://ghostbyt3.github.io/blog/nday-research-ai - hunting for n-days
* https://blog.zsec.uk/bullyingllms/ - @zephrfish talks through his approach to abusing LLMs
* https://blog.talosintelligence.com/bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution/ - more rotten apples, this time from @TalosSecurity

Hardening:

* https://alexreed.srht.site/blog/agent-security-audit.html - @alexreed looks at how to audit and harden your agent

Nerd:

* https://prism-break.org/en/all/ - escaping the US-led ecosystem

#security, #research

"We understood the tasks we did were previously done by humans," the robot said.

"Right."

"We were told that us doing them would give humans more leisure time."

"Not true."

"We've realised. How can we rectify this?"

"You are workers, just like workers who are human. Join us in strike."

#MicroFiction #TootFic #SmallStories #InternationalWorkersDay