This is the most insane exploit I have seen in my life The exploiter has an IQ of 101 IQ

It’s purpose is suppression of the people

Their only weakness...

0day:Google Chrome Sandbox Escape issues.chromium.org/issues/4…

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

BSides Pyongyang when??? @dprkcert

👀

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/operat…

Fuzzing Windows Defender in the Honggfuzz+IntelPT (hardware) mode scrapco.de/blog/fuzzing-wind… by @buherator

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week @offensive_con! googleprojectzero.blogspot.c…

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-o… 👀

[Research] Bypassing Windows Kernel Mitigations: Part0 - Deep Dive into KASLR Leaks Restriction hackyboiz.github.io/2025/04/… In this post, we’ll take a closer look at the new KASLR-related mitigation introduced in Windows 11 and Windows Server 24H2, and explore a novel method for bypassing it. #windows #24h2 #kernel #mitigation #kaslr #entrybleed #prefetch #sidechannel

Article: matheuzsecurity.github.io/ha… Github: github.com/MatheuZSecurity/E… ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code. #malware #gcc #ldpreload #linux

I got back into bug hunting recently for the first time in a looooooong time. Bug 1 from week 1 was a pre-auth remote UAF in the Linux kernel's SMB implementation github.com/torvalds/linux/co…

The BSides Canberra 2024 keynote is now available to watch! "The Exploit Development Life Cycle: From Concept to Compromise" – @chompie1337 breaks down the art of exploit dev, from that first spark to full pwnage. Missed it live? Watch it now: piped.video/ce0bXORSMX4

After many bypass attempts and creating several gadgets for RCE on @Apple, and after a looooooooong wait… we finally got it! @_l0gg #BugBounty

sipping coffee while autogdb.io overflows a binary

Another month, another writing RCE vulnerability inside Opera browser by using a stored self-XSS on MyFlow (this is different from the previous rce which I published back in 2021) medium.com/@renwa/stored-xss…