I am releasing a reconstructed version of the cassowary CVE (CVE-2024-23222) that was disclosed as part of the Coruna leak. I also did some research with my AI assistants 😄 to reproduce a crash for the bug on x86_64 Linux github.com/FuzzySecurity/…

RIP FX We collected some texts from the community in memory of FX of Phenoelit . You can find them here phenoelit.de/fx.html

ZeroDayBench: Evaluating LLM Agents on Unseen Zero-Day Vulnerabilities for Cyberdefense arxiv.org/pdf/2603.02297

Looks like iOS remote kernel debugging is working well with Binary Ninja and a virtual iPhone running iOS 26.3

Just released DriverExplorer — a Rust utility for exploring Windows kernel drivers. • Enumerate loaded drivers • Easily Load / Unload drivers • Built for Windows kernel devs & security researchers: github.com/orinimron123/D…

Very impressive independent research into modern software obfuscation used by Anti-Cheats, conducted by belabs_engineer and James youtube.com/watch?v=3LtwqJ…

The recording of my talk "Challenges in Decompilation and Reverse Engineering of CUDA-based Kernels" at RE//verse is now online! Recording: youtube.com/watch?v=ns5jFu… Slides: nicolo.dev/files/pdf/reve… Binary Ninja plugin: github.com/seekbytes/ptxN…

My talk at RE//verse is online, pure geek entertainment youtube.com/watch?v=UKGH_Y… Slides docs.google.com/presentation/d… CosmicHammer project - send us your bitflips github.com/fuzzsociety/Co… Please give it some RT love, this is the ultimate twist of rowhammer Halvar Flake Brendan Dolan-Gavitt

openai.com/index/why-code… a Monday morning blogpost for your perusal and enjoyment !

Dave Aitel Nice blog! This hits a real pain point with current SAST tooling. Most of it just runs a bunch of generic checks without understanding the actual threat model or where the real security boundaries are. That lack of semantic context is exactly the issue, I’ve been arguing for a

We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled. Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓

An analysis of CVE-2026-21236 - A heap based buffer overflow in the Microsoft Windows Kernel afd.sys - was just published by Emily L a recent secondment with my team EDG! Nice work for her first triage of a kernel memory corruption bug! nccgroup.com/research/vulne…

Reverse engineered Apple’s Background Security Improvement (BSI) update for iOS 26.3.1. Found potential WebKit SOP bypass it patches — NavigateEvent.canIntercept=true on cross-port navigations that should be non-interceptable. Impact: redirect hijack github.com/zeroxjf/WebKit…

The Xbox One was hacked for the first time in over a decade at RE//verse! Watch the full talk here: youtu.be/FTFn4UZsA5U?si…

Get insights into your software supply chain, now free and open source. SBOMs are a powerful type of report. If you generate them, make sure you’re collecting and monitoring them at scale.

#ESETresearch analyzed more than 80 EDR killers, seen across real-world intrusions, and used ESET telemetry to document how these tools operate, who uses them, and how they evolve beyond simple driver abuse. welivesecurity.com/en/eset-resear… 1/6

CVE-2025-24257 — IOGPUFamily kernel heap OOB write on iOS 18.3 .. First public PoC — built entirely github.com/crazymind90/CV…

Catch Christopher Domas’ keynote from RE//verse 2026! fail: jmp fail (everything I got wrong in RE and security research) gets into the dead ends, bad ideas, and wasted hours behind real progress in RE and security work. Watch now: youtu.be/iOq8O_phwbA?si…