I recently tested an application designed to provide health advice via LLM. You might think this is a bad idea from a security perspective. It is. It’s also a bad idea from a medical perspective. I don’t typically share anything related to prompt injection scenarios simply because I don’t care (except in the funniest scenarios). You can always make an LLM do something unexpected or unintended because intent is not aligned with the reality of how LLMs operate. Of course, our duty as security testers is to demonstrate what can be done in implementations, but I am more glad than ever I am not responsible for finding ways to “fix” these systems.
General Application Security
rm -rf / Roulette
Interesting.
The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.
Also
The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.
More here.
Microsoft
Microsoft is upset about researchers publishing vulnerability details without going through their disclosure process. It seems pretty clear from commentators in the community that Microsoft has made this a challenging and often unfruitful process, so what other options are there?
“Microsoft should be concentrating on making better, more secure products that one person can’t run rings around,” [Kevin Beaumont] added.
Check out this archive of legal threats made against security researchers. There are, of course, several other occasions of Microsoft' threatening security people that are not in the scope of the list. It’s worth keeping in mind that many of Microsoft’s innovations are legal rather than purely technological.
Host Header Injection
Here is a good one.
GET /foo HTTP/1.1
Host: example.com/abc?bar=
would result in the URL http://example.com/abc?bar=/foo, which has a path of /abc while /foo was requested.
UUIDs: Not So Random
Here is an interesting thread on a UUID collision.
importantAWStokens
I hope no one finds my CISA passwords, which are all in the form CISA2026 and stored in files like ImportantPasswordsDoNotOpen.cvs in my public GitHub repo called Private-CISA.
“What I suspect happened is [the CISA contractor] was using this GitHub to synchronize files between a work laptop and a home computer, because he has regularly committed to this repo since November 2025,” Caturegli said. “This would be an embarrassing leak for any company, but it’s even more so in this case because it’s CISA.”
I think the most interesting part of this is the type of person who is technical enough to use GitHub as a file store/sync while explicitly disabling secret scanning, but has no concern about, well, anything else.
Verizon’s 2026 DBIR
Exploitation is back.
Exploitation of vulnerabilities is now the most common initial access vector
for breaches. It has risen to 31% in this year’s reporting dataset, while credential
abuse—the previous leader—is down to 13%.
SQLi Is Still With Us
Here is an interesting recent case impacting Drupal (CVE-2026-9082).
Google API Keys Want to Live
Google API keys continue to live for a surprising length of time following deletion.
Your Supply Chain Has a Supply Chain
A vulnerable GitHub workflow resulted in the compromise of TanStack. The compromise of TanStack resulted in a compromise of the VS Code extension Nx Console. The compromise of Nx Console resulted in a compromise of GitHub. Here is a decent guide on leveraging VS Code extensions, if you’re into that.
Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored).
You really need to just assume your favourite package is going to be compromised at some point. This rule also holds for DeFi platforms. And LLM integrations.
Android Intrusion Logging
The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices. This is the first time a major device vendor has release a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.
Agents of Chaos
Experiments with LLMs in red team environments with broad capabilities reveals what everyone should already know: they are unpredictable.
Observed behaviors include unauthorized compliance with non-owners, disclosure of sensitive information, execution of destructive system-level actions, denial-of-service conditions, uncontrolled resource consumption, identity spoofing vulnerabilities, cross-agent propagation of unsafe practices, and partial system takeover.
Analytics and Configuration Management
Third-party analytics, configuration management, and similar services are consistent sources of information leaks (and other issues). Here is a somewhat recent example. Mobile applications tend to be expose the greatest surface area just from the sheer number of services. From my own experience consistently finding issues, they are probably overlooked by application and security teams. I have been working on a Burp Extension to identify (and easily TLS pass through when needed) various analytics services.
Science and Security
I Highly Doubt That An Infrared Sauna Removes Plastic From Your Balls
One of the most well known scientific thinking flaws is mistaking a correlation for causation. Just because two things are related in some way does not mean that one influences the other. This simple mistake is made often in cyber and can be challenging to identify when there exists a conceivable explanation for causation occurring, but it’s important to be mindful that good explanations (those that can convince a reasonably informed audience) can be derived for almost anything.
Experimental science is an effort to identify true causation by creating environments that are so strictly controlled that you narrow the possible explanations for relationships between two variables. Ideally, you want the number of plausible explanations to be one, allowing you to confidently declare a causative relationship (just how confidently is answered statistically, of course).
If you aren’t familiar with Bryan Johnson, well you are: Bryan is a billionaire (approximately) who very publicly documents his obsessive experiments in anti-aging. In a recent post, Bryan outlines his protocol to reduce the presence of microplastics from his semen. Bryan makes the following scientific errors:
The post is premised on the notion that microplastics harm sperm and therefore male fertility, but the existing evidence is weak and relies primarily on correlational data. A recent systematic review classified microplastics as “suspect”, indicating that - while plausible - the available evidence does not support the claim.
Bryan participates in multiple interventions simultaneously, making it impossible to attribute an outcome to any specific intervention.
Bryan is the only participant in the study. He does note that he “cannot prove cause”, but he nevertheless continues to attribute his results to his listed interventions. Importantly, humans are complex systems existing in complex environments. Large sample sizes are important to control for all other factors that could influence results.
The experimental protocol has ultimately left room for alternative explanations:
Perhaps Bryan had a significant microplastic exposure event prior to his experiment and we are largely observing the natural course of his body clearing microplastics.
Perhaps one of Bryan’s many other regular interventions is responsible for the results.
Perhaps there is an unknown factor unique to Bryan and his environment that is responsible.
You could go on, of course. I don’t think it’s a coincidence that Bryan is popular in tech circles where the appearance of technological progress is an acceptable stand-in for meaningful, measurable improvements to society. Naturally, the same scientific errors are being repeated in infosec in attempts to examine (or perhaps attempt to prove) the efficacy of various tools and practices, but just like Bryan Johnson, the security industry needs to first reckon with the most fundamental scientific principles and practices.
In dealing with complex systems involving numerous variables (often unknown and even unobservable), clinical science has set the standard for these practices. If this is a topic that interests you, check out R. Barker Bausell’s Snake Oil Science for an interesting introduction to clinical science through the examination of methodological failures.
Connect
Respond to this email to reach me directly.
Connect with me on LinkedIn.
Follow my YouTube.
RSS feed here.
