🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE :

Found the little book about OS development! This book walks you through the process of making your own OS, all in C! You can learn a lot of both the language and OS's from this. Enjoy!

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

Another month, another writing RCE vulnerability inside Opera browser by using a stored self-XSS on MyFlow (this is different from the previous rce which I published back in 2021) medium.com/@renwa/stored-…

sipping coffee while autogdb.io overflows a binary

The BSides Canberra 2024 keynote is now available to watch! "The Exploit Development Life Cycle: From Concept to Compromise" – chompie breaks down the art of exploit dev, from that first spark to full pwnage. Missed it live? Watch it now: youtu.be/ce0bXORSMX4

After many bypass attempts and creating several gadgets for RCE on Apple, and after a looooooooong wait… we finally got it! Khoa Dinh #BugBounty

I got back into bug hunting recently for the first time in a looooooong time. Bug 1 from week 1 was a pre-auth remote UAF in the Linux kernel's SMB implementation github.com/torvalds/linux…

[Research] Bypassing Windows Kernel Mitigations: Part0 - Deep Dive into KASLR Leaks Restriction hackyboiz.github.io/2025/04/13/l0c… In this post, we’ll take a closer look at the new KASLR-related mitigation introduced in Windows 11 and Windows Server 24H2, and explore a novel method for

Article: matheuzsecurity.github.io/hacking/gcc/ Github: github.com/MatheuZSecurit… ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code. #malware #gcc #ldpreload #linux

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week offensivecon! googleprojectzero.blogspot.com/2025/05/breaki…

Fuzzing Windows Defender in the Honggfuzz+IntelPT (hardware) mode scrapco.de/blog/fuzzing-w… by @[email protected]

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

👀

BSides Pyongyang when??? The North Korean Computer Emergency Response Team

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

0day:Google Chrome Sandbox Escape issues.chromium.org/issues/4051430…

Their only weakness...

It’s purpose is suppression of the people