# Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada. In December, we were alerted to a […]

Eight years ago today, I started STAR Labs by hiring several fresh grads with no working experiences. Today, I stand here with a different group of faces. Some of you were there from the beginning. Some of you joined along the way. Some of you just started last month. And […]

GoBruteforcer is a botnet that turns compromised Linux servers into scanning and password brute-force nodes. It targets internet-exposed services such as phpMyAdmin web panels, MySQL and PostgreSQL databases, and FTP servers. Infected hosts are incorporated into the botnet and accept remote operator commands. Newly discovered weak credentials are used to […]

# Never Trust the Output: Data Pollution in AI Agents and MCP > **Disclaimer:** This article is intended for educational purposes and security specialists conducting authorized testing. The author assumes no responsibility for any misuse of the information provided. Distribution of malicious software, system disruption, and privacy violations are punishable […]

– **Published:** 06 January 2026 at 15:31 UTC – **Updated:** 06 January 2026 at 15:31 UTC Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable techniques can get […]

**security-research** Public # TrustZone Break-in Vulnerabilities in Ampere UEFI MM Drivers (Arbitrary Out-of-Bounds Write) ## Package ## Affected versions ## Patched versions ## Description #### Summary Multiple arbitrary Out-of-Bounds (OOB) `”` byte write vulnerabilities affecting the ARM Ampere Management Mode (MM) PCIe driver were discovered. This code is bundled into […]

**security-research** Public # TrustZone Break-in Vulnerabilities in Ampere UEFI MM Drivers (Buffer Overflow and Stack Information Leak) ## Package ## Affected versions ## Patched versions ## Description ### Summary A buffer overflow and stack information leak affecting the ARM Ampere Management Mode (MM) Boot Error Record Table (BERT) driver. This […]

# Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM ## Introduction Recently, I posted a blog which introduced some building blocks related to Windows on ARM (WoA) systems. I have always “known” that interrupts are fairly architecture-specific, and that the implementation of an “interrupt schema” can differ […]

# Agentic ProbLLMs: Exploiting AI Computer-Use And Coding Agents (39C3 Video + Slides) It was great to attend the `39C3 – Power Cycles` in Hamburg this year. The Chaos Communication Congress was once again packed with great talks, amazing people, awesome events and side quests – and I even got […]

**Want to learn how to start fuzzing?** Check out our Fuzzing 101 course at gh.io/fuzzing101 > # Bugs that survive the heat of continuous fuzzing Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them. Even when a project has been intensively fuzzed for years, […]