Sponsoring a few Nullcon 2025 student passes to support InfoSec talent! (not affiliated with NULLCON ) For full time college enrolled students only. 💻 Apply: docs.google.com/forms/d/e/1FAI… (read instructions carefully) These passes are only for full time college enrolled students

Collection of resources for the OSEE certification Source: Internet Link: github.com/dhn/OSEE

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…

How To Prevent Your Smart TV From Spying On You flip.it/713p9f

Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article: medium.com/@ale18109800/c…

Trigon: developing a deterministic kernel exploit for iOS by Alfie alfiecg.uk/2025/03/01/Tri…

📊 ISO 27005 vs. NIST RMF: Which Cybersecurity Risk Framework Should You Use? Both help you manage risk - but they take different paths to get there. Here’s what security pros need to know. 🧵

I shared an example earlier for fuzzing libxslt with Jackalope's grammar mutator. But Firefox has its own XSLT implementation, how do we fuzz browser code? The following .patch demonstrates how to do that. It is the setup that resulted in CVE-2025-1932. github.com/googleprojectz…

Uncovering a 0-Click RCE in the SuperNote Nomad E-ink Tablet by Jack Maginnes 🏴‍☠️ prizmlabs.io/post/remote-ro…

ManuFuzzer update! 🎉 - Fixed all memory leaks! - Improved shadow memory management - Better instrumentation handling 🧪 NEW: Experimental dyld cache intelligence that auto-instruments frameworks sharing memory pages! Testing & feedback welcome! 🙏 github.com/ant4g0nist/Man…

I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. github.com/google/securit…

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

An iPhone has so many privacy and security features that it’s very easy to miss them. Now’s a good time to dive in and get to know them all. ssd.eff.org/module/how-to-…

The final part of j00ru//vx’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for googleprojectzero.blogspot.com/2025/05/the-wi…

Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential. horizon3.ai/attack-researc…

Router RCE via the public WLAN interface *which cannot be disabled on your own router without calling the ISP* w/ bonus fault injection via HDD vibrations 🤠 👑King showing by João Domingos and a shit show by MEO r0ny.net/FiberGateway-G…

'Blasting Past iOS 18', more like 'Getting blasted away by iOS 18' my first and last blog post on the Dataflow Security blog, where I tried to summarise my 0x41con 's talk in the form of a blog. You can find the non-fancy markdown version here: github.com/dfsec/dfsec.gi…

Fully local Manus AI. No APIs, no $200 monthly bills. An autonomous agent that thinks, browses the web, writes code, and plans. Keeps all data on your device.

I currently have 4 bugs in triage. let me tell you about them (a thread)

Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) github.com/mbanyamer/CVE-…