(Slightly delayed) interesting links of the week:
Strategy:
* https://zenodo.org/records/18067959 - who and what should and shouldn't be authorising the machine?
Threats:
* https://media.ccc.de/v/39c3-apt-down-and-the-mystery-of-the-burning-data-centers - exploring the lifestyle of a nation state threat actor
Bugs
* https://gpg.fail/ - encryption's hard, doing it safely is harder still
* https://phoenix.security/mongobleed-vulnerability-cve-2025-14847 - whilst we were all unwrapping our Christmas presents, Mongo bled...
Exploitation:
* https://securitylabs.datadoghq.com/articles/introducing-pathfinding.cloud/ - navigating you through the clouds of Amazon
* https://media.ccc.de/v/39c3-demystifying-fuzzer-behaviour - exploring the mythology of fuzzing
* https://media.ccc.de/v/39c3-escaping-containment-a-security-analysis-of-freebsd-jails - breaking out of the daemon's domain
* https://steve-s.gitbook.io/0xtriboulet/artificial-intelligence/hiding-in-the-trees - avoiding classification
Hard hacks:
* https://static.ernw.de/whitepaper/ERNW_White_Paper_74_1.0.pdf - getting inside of your head
* https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html - breaking wifi chips, one threat model at a time
Hardening:
* https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields - modern anti-CSRF
Development:
* https://dharmik.life/blog/klish-tutorial/ - building Cisco-like shells
Nerd:
* https://devblog.qnx.com/qnx-self-hosted-developer-desktop-initial-release/ - self hosted QNX