Boom! Windows Hello fingerprint authentication bypassed on top three devices: - Dell Inspiron - Lenovo ThinkPad - Microsoft Surface Pro Still waiting for recordings from our BlueHat talk to drop, but here's our writeup: blackwinghq.com/blog/posts/a-t… #infosec #security #vulnresearch

ICYMI, here’s little a post I wrote at the beginning of the year: Playing with Libmalloc in 2024. blackwinghq.com/blog/posts/pla…

Research Blog Announcement! 📢 After finding a media parsing bug in a little-known binary, our own Franco Belman (Franco Belman) goes hunting for variants across the internet. In this post he details his process for "Finding Vulnerability Variants at Scale" blackwinghq.com/blog/posts/fin…

Yay! This was fun. Blackwing Intelligence Researcher Franco Belman found a vulnerable pattern of libjpeg API misuse that turned out to be super common — resulting in 40+ advisories including popular projects like Chromium, Electron, etc. Read about the process for finding variants at scale:

CVE-2024-46993: Heap Buffer Overflows in Electron’s API: github.com/electron/elect… An advisory for the heap overflows I found in Electron is now live. For details on how I found them see my write-up at: blackwinghq.com/blog/posts/fin… #CVE-2024-46993 #electron