New in our Research-Blog: A Tale of Practical Keylogger Forensics
On a recent engagement, an interesting hardware side quest popped up.
A client had found a #keylogger and, naturally, Cass Rebellin and @jrt wanted to know what the adversary had seen and if they could gather any useful traces towards the perpetrator.
The full story 
https://research.hisolutions.com/2025/07/a-tale-of-practical-keylogger-forensics/
One of our founding directors, Mike Eftimakis, sat down with Akshaya Asokan from Information Security Media Group (ISMG) to explore how CHERI is helping tackle one of cybersecurity’s biggest challenges: memory safety.
CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-based approach to security, designed to prevent around 70% of today’s common vulnerabilities. Backed by industry leaders and the UK government, we're working to ensure global adoption across the electronics supply chain.
Watch the interview to learn more about:
How CHERI addresses memory safety issues Common hardware supply chain vulnerabilities Progress on adoption by chipmakers Scalability challenges associated with CHERI
Watch the full interview: https://www.bankinfosecurity.com/uks-cheri-alliance-expands-to-global-hardware-supply-chain-a-28942
Right to repair, but not to fix security?
Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch.
On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing passwords, Secure Boot, and more.
We flagged this to Framework. Their response?
"It's a feature..."
That’s risky. This reset might help with recovery, but it also hands an attacker physical access to critical settings.
Kieran explains the issue, what this means for security, and how to protect your device.
Read here: https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/
The @cheri_alliance has around a thousand followers on LinkedIn and just joined the Fediverse today. Let’s see how quickly we can get them to more than that here!
Hey infosec.exchange! We’re the CHERI Alliance — excited to join the community!
We’re all about CHERI (Capability Hardware Enhanced RISC Instructions) — a powerful hardware-based approach to making memory safety and software security actually enforceable, by design.
CHERI helps stop things like buffer overflows and use-after-free bugs before they cause trouble — with hardware-enforced protections built right into the architecture.
We’re here to:
- Share news about the CHERI community in general
- Talk about what our members are building with CHERI
- Connect with folks who care about deep, meaningful security improvements
Check us out cherialliance.org
Give us a follow if this sounds like your kind of thing!
Has anyone done a proper #HardwareSecurity analysis on the #Fairphone yet? I know @GrapheneOS has said, "it doesn't meet their requirements" (fair enough), but what about for the OEM-installed #Android ROM?
Always remember, when it comes to hardware security keys: Two is one, one is none.
Our latest article covers the setup process for two YubiKeys (from Yubico's YubiKey 4 or 5 series) to keep your online accounts safe and secure 
+ it goes through resetting your existing keys to a blank slate, and the reasons you might want to do so!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
I chatted with the embedded team at Raspberry Pi about the #RP2350 on The Amp Hour. It's an amazing "dual dual-core" part that is finding its way into many products. We chatted #hardwaresecurity and #lowpower, as those were key enhancements over the #RP2040.
https://theamphour.com/687-the-rp2350-with-the-raspberry-pi-team/
