The anatomy of a bug: 6 Months at STAR Labs Gerrard Tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions gerrardtai.com/anatomy-of-a-b…

OMG.. whatsapp 0c in pwn2own

pwn2own whatsapp 🧐🧐

We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#comm… for a PoC exploit. Also affected other browsers

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. googleprojectzero.blogspot.com/2025/11/defeat…

I posted a short blog about how a Samsung GPU vulnerability (CVE-2025-21479) can be leveraged for an LPE on affected devices xploitbengineer.github.io/CVE-2025-21479

Frida JDWP Loader This tool dynamically attaches #Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access. Perfect for quick dynamic app analysis github.com/frankheat/frid…

Exploiting NVIDIA's GPU Linux drivers blog.quarkslab.com/nvidia_gpu_ker… Excellent blog post by Robin Bastide (quarkslab) #infosec

POC 2025 😎😎

Exploiting LPE vulnerabilities in NVIDIA Linux Open GPU Kernel Modules by Robin Bastide (quarkslab) blog.quarkslab.com/nvidia_gpu_ker… #infosec

V8 in-the-wild exploit analysis by [email protected] retr0.zip/blog/cve-2025-… #infosec

📢 CyKor CTF (CyKor CTF) Announcement CyKor is pleased to host the upcoming CyKor CTF with great prizes! • 1st Place: $ 3,000 • 2nd Place: $ 1,500 • 3rd Place: $ 500 The event will be held for 24 hours, from 2025.12.06 01:00 (UTC+0) ! 🔗 CTF Link: ctf.cykor.kr

Exploiting CVE-2025-21479 on a Samsung S23 by Ben xploitbengineer.github.io/CVE-2025-21479

''ROX: Vulnerability Research - how to approach a black box without wasting time'' #infosec #pentest #redteam #blueteam numb3rs.re/posts/approach…

Introduction to virtual memory for beginners nghiant3223.github.io/2025/05/29/fun… #cybersecurity

My very first blog post is live: kiddo-pwn.github.io/blog/2025-11-3… During research, I've run into and documented a simple universal SQLite Injection RCE trick. Enjoy! N-day Analysis about Synology Beestation RCE (CVE-2024-50629~50631) by legendary DEVCORE 🎃 🍊 Thanks to Pumpkin 🎃

I wrote a blog post on CVE-2025-48593, an issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars. I examined the patch and wrote a proof-of-concept: worthdoingbadly.com/bluetooth/

Analysis and exploitation of an integer underflow in the Bluetooth GATT protocol (CVE-2023-40129) synacktiv.com/en/publication… Credits Mehdi Talbi and Etienne Helluy-Lafont (Synacktiv) #infosec #Android

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

Cloudflare again?