A BadUSB-ETH device can silently create a rogue network interface on locked PCs, capture NetNTLM hashes, expose real-time logs over Wi-Fi, and enable remote access, showing why USB whitelisting and strict physical security controls matter.
CVE-2021-21735: From Unauthenticated Information Leak to Full Admin Compromise on ZTE ZXHN H168N
A deep dive into CVE-2021-21735 on the ZTE ZXHN H168N home gateway, where two unauthenticated wizard endpoints (wizard_pppoe_lua.lua and wizard_wlan_config_lua.lua) leaked PPPoE identifiers, SSID data, and Wi-Fi passphrases — converting a “low-severity” information disclosure into a full administrative and WLAN takeover path. Includes the root-cause analysis, request/response patterns, the disclosure timeline, and the ZTE vs. NVD severity split.
OpenTrafficMap’s €20 ESP32-C5 Board Turns 802.11p V2X Into a Public Map of Traffic Lights and Buses
CNX Software write-up on the OpenTrafficMap project — a €20 open-source ESP32-C5 receiver board that taps the 5.9 GHz 802.11p ITS-G5 V2X stack used by European traffic lights, buses, trams, trucks and connected vehicles, decodes CAM/DENM/SPATEM/MAPEM messages, and publishes them to a public map via NATS. Twenty units already deployed; group-buy of 450 boards shipping. Includes the original board photos, the deployment shot with a Mikrotik 4G uplink, the pole-mount enclosure, and the Graz Linux Days 2026 talk video.
z386: An Open-Source FPGA 80386 Driven by the Original Intel Microcode
Open-source FPGA recreation of Intel’s 80386 that runs the original recovered Intel microcode rather than re-implementing instruction behaviour from scratch. The result is an 8 K-line, 18 K-ALUT, 85 MHz core that boots DOS, runs DOS/4GW and DOS/32A extenders, and plays Doom and Doom II — with detailed comparison against 486 and a clear silicon-archaeology angle relevant to reverse engineers and hardware security researchers.
Microphones Leak EM Signals Carrying Audio: A 93%-Accurate Side-Channel Attack on MEMS Mics
An English rewrite of Denis Laskov’s “Eye on Cyber” pointer to a USENIX Security 2025 paper by Onishi et al. The research shows that MEMS microphones, because of their PDM (Pulse Density Modulation) digital interface, radiate unintended EM signals that still carry the original audio. With nothing more than copper-foil-tape antennas, the authors recovered enough signal through a 25 cm concrete wall at 2 m to hit 93% speaker-recognition accuracy — a TEMPEST-class result for cheap consumer mics.
V2X2MAP: A $10 ESP32-C5 Board Plus an Android App Turns Live 802.11p V2X Traffic Into a Map
An English rewrite of Jean-Luc Aufranc’s May 25, 2026 CNX Software piece on V2X2MAP — an MIT-licensed Android app by Peter Holzhauser (Pit711) that pairs with a cheap Waveshare ESP32-C5 dual-band Wi-Fi board to receive the European ITS-G5 / 802.11p V2X stack and plot CAM, DENM, SPATEM and MAPEM messages on a live map. Includes the legal disclaimer carried inside the app and a defenders’ view of the privacy and detection implications.
TREVEX: Black-Box CPU Fuzzing Finds FP-DSS, New FPVI Variants, and Zero-at-ret
TREVEX is a post-silicon black-box CPU fuzzer from CISPA designed to discover data-flow transient execution vulnerabilities without needing RTL access, an ISA emulator, or a leakage contract. The framework runs across 20 microarchitectures from Intel, AMD, and Zhaoxin and uncovers a new TEA — Floating Point Divider State Sampling (FP-DSS, CVE-2025-54505) — on AMD Zen and Zen+, a new FPVI variant on AMD that does not need denormal inputs, three instances of Zero-at-ret on Intel, and FPVI on Zhaoxin. The authors weaponise FP-DSS from native code, the Linux kernel, and a Chrome JavaScript exploit.
{“_yoast_wpseo_title”: “TREVEX: Black-Box CPU Fuzzer Finds FP-DSS (CVE-2025-54505)”, “_yoast_wpseo_metadesc”: “TREVEX black-box CPU fuzzer (CISPA, S&P 2026) finds FP-DSS (CVE-2025-54505), new FPVI variants, and Zero-at-ret across 20 Intel, AMD, Zhaoxin microarchitectures.”, “rank_math_title”: “TREVEX: Black-Box CPU Fuzzer Finds FP-DSS (CVE-2025-54505)”, “rank_math_description”: “TREVEX black-box CPU fuzzer (CISPA, S&P 2026) finds FP-DSS (CVE-2025-54505), new FPVI variants, and Zero-at-ret across 20 Intel, AMD, Zhaoxin microarchitectures.”}
About PCIe DMA Cheats: Protocol, IOMMU, Hardware, and Detection
External PCIe DMA cheats are hard because the cheat code runs on another PC. Detection must move to PCIe fingerprints, IOMMU faults, ACS topology, TPM attestation, VBS/HVCI, and layered trust checks.
Plug me If you can : Exploiting USB Printer Drivers in Windows
ENKI analyzes CVE-2026-32223, a heap overflow in Windows usbprint.sys triggered by malformed USB printer descriptors, leading to SYSTEM privilege escalation via crafted USB device.
Now You See mi: Hacking the Xiaomi C400 Camera
Researchers exploited weaknesses in Xiaomi’s miIO protocol to bypass authentication, predict cryptographic values, and trigger memory corruption, ultimately achieving remote code execution and a cloud-independent jailbreak on a Xiaomi C400 camera.