🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Congrats to #Mozilla for being the first vendor to provide patches for bugs disclosed during #Pwn2Own Vancouver. bleepingcomputer.com/news/security/…

Happy to have my write-up on Trend Zero Day Initiative's blog again - after so many fights with some kind of range analysis, a bug that just directly gives every type confusion you want felt quite fun

Good news: vote on chatcontrol postponed. But this monster keeps raising its head: efforts to stop it need to be continued.

This years Google CTF Qualification is over. Congratulations to Kalmarunionen, kijitora and Zer0RocketWrecks! The top 8 teams qualified for Hackceler8 2024 in Málaga. More details at goo.gle/ctf. ¡Vamos!

chrisrohlf Michael Coppola Keeping open a bug to support a government operation is isomorphic to opening a backdoor to support a government. I'm pretty sure you wouldn't want Google to keep a bug open for the benefit of China, Chris. alecmuffett.com/article/109963

theguardian.com/world/2022/feb… Is this the "counterterrorism operation" by a U.S.-allied Western government that's being referenced? If saying the country and "terrorist" group involved paints a flattering picture of these exploit tools, why aren't they saying which ones are involved?

think i found a bug. which means it’s time to take a break and enjoy the possibility before looking more closely and finding out there’s a check in an upstream code path I missed

Exploit for Pwn2Own CVE-2024-29943, an Integer Range Inconsistency caused OOB access! Analysis will be updated later. Shoutout to Manfred Paul for finding this bug. And shoutout to maxpl0it for his integer range inconsistent PoC. github.com/bjrjk/CVE-2024…

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

ECSC2024 MITAmalta MITAmalta, this is not how you build up a cybersecurity community in your country. It was great to see a lot of ECSC players show their support people like Michael Debono who faced both disqualification and legal action. As the vulnerability research community, we should do the same.

More important than ever!!

If you're a security researcher and in Germany, consider signing cysec-reform.jetzt . Decriminalizing research might not be the top political priority right now, but it's still important!