Day: April 24, 2026

This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse

April 24, 2026 by 13 Comments

The author of the BlueHammer exploit, which was released earlier this month and addressed in the last Patch Tuesday, continues to be annoyed with the responses from the Microsoft security research and vulnerability response team, and has released another Windows zero-day attack against Windows Defender.

The RedSun exploit targets a logic and timing error in Windows Defender, convincing it to install the target file in the system, instead of quarantining the file and protecting the system. Not, generally, what you would hope would happen.

Since the RedSun attack requires local access in the first place, it seems unlikely Microsoft will release an out-of-sequence patch for it, however with public code available, we can probably expect to see malware leveraging it to establish higher permissions on an infected system.

Releasing exploits out of spite feels like a return to the late 1990s, and I almost don’t hate it.

University Domains Hijacked

Reported in Bleeping Computer, a group tracked as “Hazy Hawk” has been hijacking unmaintained DNS records of universities and government institutions to serve ad click spam.

The attack seems simple and doesn’t even require compromising the actual institution, using dangling DNS “CNAME” records. A “CNAME” entry in DNS acts essentially as an alias, pointing one domain name at another, which can be used to provide content from an official domain that is hosted on a cloud service where the IP address of the service might change.

A DNS “A” (or “AAAA” if you speak IPv6) record points a hostname – like “foo.example.com” – to an IP address – like “1.1.1.1”. A “CNAME” record points a hostname to another hostname, like “foo.some_cloud_host.com”. Scanning “high value” domains (like Ivy League universities) for “CNAME” records which point to expired domains (or domains on cloud hosted providers which no longer exist) lets anyone able to register that domain (or create an account with the proper naming scheme on the cloud host) to post any content they wish, and still appear to be the original name.

At least 30 educational institutions have been impacted, along with several government agencies including the CDC.

Continue reading “This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse”

How Anthropic’s Model Context Protocol Allows For Easy Remote Execution

April 24, 2026 by 32 Comments

As part of the effort to push Large Language Model (LLM) ‘AI’ into more and more places, Anthropic’s Model Context Protocol (MCP) has been adopted as the standard to connect LLMs with various external tools and systems in a client-server model. A light oversight with the architecture of this protocol is that remote command execution (RCE) of arbitrary commands is effectively an essential part of its design, as covered in a recent article by [OX Security].

The details of this flaw are found in a detailed breakdown article, which applies to all implementations regardless of the programming language. Essentially the StdioServerParameters that are passed to the remote server to create a new local instance on said server can contain any command and arguments, which are executed in a server-side shell.

Continue reading “How Anthropic’s Model Context Protocol Allows For Easy Remote Execution”

Reviving Nintendo’s Early Arcade Game, Wild Gunman

April 24, 2026 by 13 Comments

There’s retrogaming, and then there’s retro gaming. This next project falls into the second category, as [Callan] of 74XX Arcade Repair digs into the original Wild Gunman, first released by Nintendo way, way back in 1974 — on 16 mm film. Yes, it was a film-based arcade machine, but how else were you going to get realistic graphics just two years after PONG?

The game had two 16 mm projectors, with four different sets of film reels available, each depicting five gunmen. Unfortunately for [Callan], the film is all he has, so he’s not so much repairing as re-creating the historic game. Luckily, he had the manuals, so at least he knew how it was supposed to come together.

One projector did most of the work, showing the gunmen and a hidden timing signal for the game to know when the user could shoot; the other only activated if the user pulled the trigger at the correct time. Interestingly the ‘gun’ has an IR illuminator that bounced infrared light off the screen to a detector in the cabinet — much like later TV remotes. That makes for a rather large circular hitbox around the enemy gunslinger, which is perhaps not a bad thing for a game likely to be found in a bar.

Continue reading “Reviving Nintendo’s Early Arcade Game, Wild Gunman