We feel really honourable to have Carl Smith from Google v8 to present in #VXCON Talk Title: Fuzzing for complex bugs across languages in JavaScript Engines   Abstract: The fuzzing of Wasm is not a new concept. Since Wasm is a binary format, it's relatively easy to employ a

Remember CVE-2024-4577, the PHP-CGI RCE bypass? Actually, the Best-Fit 'feature' also impacts non-CJK codepages such as locales in the Americas, Western Europe, Oceania, and more! splitline 👁️🐈‍⬛ and I will share these cool findings at Black Hat! 🔥 Let's make argument

Wow, I appreciate ACM CCS 2024 being frank about review ethics! #CCS

multipart/x-mixed-replace again. The description explains it all mozilla.org/en-US/security…

#HKCERT CTF starts tomorrow! I wrote some challenges this year - and they are guaranteed unoriginal! Register here: platform.ctf.hkcert.org

Hello Security Response, is there any legitimate process inside MSRC to escalate an issue if I beleive it's not assessed properly and fairly by current engineering team?

HKCERT CTF 2024 (Qualifying Round) writeup - st98 の日記帳 - コピー nanimokangaeteinai.hateblo.jp/entry/2024/11/… 書きました 木木木木

Alisa Esage Шевченко on stage gives the keynote for us.

Thank you so much to everyone including our speakers, crew, sponsors, and guest. It is second dinner time, let’s go.

My keynote slides from VXCON 2024 zerodayengineering.com/research/slide…

Quick writeup for my unintended sol for SECCON self-ssrf github.com/aplhk/ctf-writ…

Found a DOMPurify 3.2.3 Bypass on Chinese New Year! Works when `SAFE_FOR_TEMPLATES` is set to true. ensy.zip/posts/dompurif…

BREAKING: Someone just burnt 500 ETH (~$1,400,000) by sending it to 0x000... and wrote the following message 👇 "The bosses of Kuande Investment: Feng Xin and Xu Yuzhi used brain-computer weapons to persecute all company employees and former employees, and even they themselves

Found 3 XSS vulnerabilities in SolidJS, with 2 of them having CVEs and 1 no fix. Thanks to the team for fixing the bugs swiftly! CVE-2025-27108, CVE-2025-27109 ensy.zip/posts/3-xss-so…

According to UK politicians, if you enjoy encryption you're probably a pedophile

⚠️A critical vulnerability (GHSA-vjh7-7g9h-fjfh) has been discovered in the widely-used elliptic encryption library. 😈Attackers can exploit this flaw by crafting specific inputs to extract private keys with just a single signature, potentially compromising digital assets or

CVE-2025-30466: Safari <18.4 UXSS to bypass Same-Origin Policy with CVSS of Critical 9.8 🔴 ;) support.apple.com/en-us/122379#:…

lol I guess it is about this ? cybernews.com/security/billi…

"in 2025 we will have flying cars" 😂😂😂