After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to Billy, Ramdhan, [email protected] & rainbowpigeon CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…

After almost 8 months of coordinated disclosure, vulnerabilities in Trend Micro Apex Central discovered by our former colleague Jia Hao have been resolved! ZDI advisories: ZDI-25-295, ZDI-25-296, ZDI-25-297, ZDI-25-236, ZDI-25-237

Finally! After almost 8 months, critical vulnerabilities in Trend Micro Apex Central found by our former colleague Jia Hao are resolved. Grateful for it has finally concluded but this timeline 🙄.

[#POC2025 NOTICE] 20 Years. Reborn. The brand evolved - The mission remains. Welcome to a new era of POC. ⏰ Date: November 13–14, 2025 📍 Venue: Four Seasons Hotel, Seoul, South Korea 🇰🇷 🎤 CFP: June 5 – September 30 🧑‍💻 Training: June 5 – September 30 🎟️ Registration:

When life gives you tangerines🍊 Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro Problem: One bug "doesn't work" Solution: Make it work with 1 bug Sometimes the best research comes from working with what you think you have starlabs.sg/blog/2025/06-s…

Sometimes the best mentorship is giving space to explore. [email protected] guided Zewei to not just solve the problem, but understand it deeply. Now i want to drink tangerine juice too :D

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

SQL Injection despite using prepared statements? 🧐 Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries: sonarsource.com/blog/double-da… #appsec #security #vulnerability

To everyone who pre-ordered "From Day Zero to Zero Day" – thank you for your patience. The wait is almost over. We're in the final countdown to start shipping in early July from No Starch Press (and 12 Aug officially everywhere else)! Your support has been incredible. It’s time to

For everyone who's pre-ordered: which were your favourite chapters? 1) Automated Variant Analysis 🤖 2) Hybrid Binary Analysis 🔎 C) Coverage-Guided Fuzzing 💥 D) Any other chapter? nostarch.com/zero-day 🤝 Let me know!

Off-By-One Conference 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/gi5jQBi4

Off-By-One Conference 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/geDcTSsr

Exciting match so far between Samsung Lions 🦁 vs Doosan Bears 🐻 🥳🥳🥳

Our researchers, Kaligula Armblessed & chiefpie were credited for 4 vulnerabilities in Microsoft this month. Huge congratulations to both of them for their exceptional work. 👏 msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v…

Awesome work by Kaligula Armblessed & chiefpie . First time Kaligula Armblessed got credited with CVEs 🥳

One of our current intern, vincent shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! starlabs.sg/blog/2025/07-f…

Refreshing to see the whole research journey documented by vincent Awesome work

CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: starlabs.sg/blog/2025/07-m… Done by our intern, Ong How Chong

🔥 FIRST BLOOD! 🔥 Wow, less than 24 hours and jro drew first blood! 🩸 He just became the first student to solve our Summer Pwnables challenge and claim that $50 SGD + signed book! 📚💰 C-Shell level: CONFIRMED 🥷 We got a few more books+$ available for this challenge

Wow. jro you are amazingly fast. 👍🏼👏🏼