They fired the pcode programmer... Who will fix the bugs now?

Here are the details about the AMD Signature verification vulnerability we worked on, Enjoy! bughunters.google.com/blog/542484235…

Our critical analysis of Intel CSME security architecture

Mark Ermolov found a new way to fully exploit patched Intel flaws (CVE-2017-5705, etc.), enabling stealthy spyware implants via supply chain attacks. Affected: Intel Pentium, Celeron, and Atom (Denverton, Apollo/Gemini Lake). Intel dismissed the issue: global.ptsecurity.com/about/news/pt-…

So, what is Intel CSME full hack (without any recovery possibility) - it is manual calculation of Chipset Key

Runtime analysis of HW FSMs (Finite State Machines) by Intel VISA technology is a reliable feedback for use in hardware attacks on Intel IPs

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

Looks like this Timesys is now Lynx! Corporation did an amazing job [SARCASM] selling their Timesys Kernel Hardening Analysis Tool that simply provides the recommendations from my open source project kernel-hardening-checker. They don't even mention kernel-hardening-checker. Shame on them👎

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

The hidden JTAG in your Qualcomm/Snapdragon device’s USB port linaro.org/blog/hidden-jt…