I found out that *two* PoC's I submitted were incomplete because I forgot to include some key files in the ZIP files. A bit embarrassing, lol.

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

Today, we found another one of these homebrew lookalikes: homebrewfaq[.]us Also, shoutout to Mikhail Kasimov for sharing their findings related to these.

A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023- 20869) exploit by Alex Zaviyalov has just been published!

Virtual Machines render fonts. It’s kind of insane. TrueType has its own instruction set, memory stack, and function calls. You can debug it like assembly. It’s also exploitable:

📢"Crash One - A StarBucks Story (CVE-2025-24277)" by Csaba Fitzl and Gergely Kalman

🚩 Google Project Zero Details ASLR Bypass on Apple Devices cybersecuritynews.com/aslr-bypass-on… A researcher from Project Zero has unveiled a clever serialization attack that leaks memory addresses on macOS and iOS, undermining Apple’s ASLR. The exploit leverages how NSDictionary

The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) labs.watchtowr.com/well-well-well…

BREAKING: Microsoft says it'll block you from setting up Windows 11 with a local account. A Microsoft account is now a requirement during OOBE (out of the box experience). Microsoft says a local account does not allow Windows 11 to set up properly, and users skip "critical

github.com/JGoyd/iOS-Atta…

While it still has some good points (especially in soft skills), some update is needed especially in AI age. So I am planning to make a blog post about it within my updated experiences, up-to-date technologic developments and my my predictions for the future. Stay tuned!

Jaron Bradley’s macOS threat hunting talk yesterday was awesome🔥 Cartoon slides were so dope😍

A personal update... after nearly 20 years at Google, today is my last day! I'm going to be working on independent research for the foreseeable future, then who knows! I've worked with so many talented people, made so many friends and seen incredible research over the years 🫡

Not true

Hey everyone! 👋 Just dropped a new YouTube video! about "My Bug bounty methodology" Check it out 🤔: #BugBounty #bugbountytips #CyberSec #cybersecurityjourney #Hacking #cybersecurity #linux youtube.com/watch?v=OIP-kf…

High level diff of iOS 26.1 beta2 vs. iOS 26.1 beta3 🎉 github.com/blacktop/ipsw-…

Here is the video showing the sb escape (from screensaver) with root LPE

High level diff of iOS 26.1 beta3 vs. iOS 26.1 beta4 🎉 github.com/blacktop/ipsw-…

A zero day I found last year has been patched on October (CVE-2025-55680) :(, it was a nice and easy patch bypass. Here the write-up blog.exodusintel.com/2025/10/20/mic…