🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Recordings of the #HEXACON2024 talks have been uploaded to our YouTube channel 🎬 youtube.com/playlist?list=… See you next year!

89 new CVEs from Microsoft and 45 from Adobe. 2 Microsoft bugs are under attack. I'll have my full thoughts about the release - and the real number of public bugs - out soon.

Penultimate is a fantastic word. I use it whenever possible.

What I learned about MSRC and the bugbounty process a thread 🧵 First what I call the #MSRC paradox. /1

Biden Asked Microsoft to “Raise the Bar on Cybersecurity.” He May Have Helped Create an Illegal Monopoly. propublica.org/article/micros…

New whitepaper from Stephen Fewer on a five-bug chain he used to get unauthenticated RCE on the Lorex 2K Indoor Wi-Fi Security Camera 📸🐚 rapid7.com/globalassets/_…

Yes, his name is really Thanos. No, he will not snap for you. Yes, I see the irony of a guy named Thanos hacking an MCU - but it's not _that_ MCU. Just go watch the talk. It's cool stuff.

Microsoft released 71 new CVEs (including one 0-day ITW), but Adobe hasn't released their patches yet. Once they do, I'll have my thoughts out about the final Patch Tuesday of 2024.

Wow #Adobe. 16 patches and 167 CVEs for December? Merry christmahanakwanzika to you too.

The #Tesla wall charger is a new target for this year's #Pwn2Own Automotive. ZDI researcher Dmitry Janushkevich breaks down the device to expose the attack surface in his latest blog. Read the details (and check out the pictures) at zerodayinitiative.com/blog/2024/12/1…

Stickers are in for the upcoming #Pwn2Own Automotive! Be there at Tokyo Big Sight for Automotive World and pick up a few. We'll also have some unique lapel pins in limited quantities. I can't believe we're just a month away.

Got in Security Response's Q4 Leaderboard & swags but what I really want is a faster process on resolving cases & complaints. #knowWhatResearchersReallyWant

Great googly moogly. It looks like this is the largest monthly release from #Microsoft ever - including 3 bugs under active attack. Welcome to 2025. I'll have my full thoughts out soon.

It's a small release from #Adobe but a monster 159 CVEs getting fixed by #Microsoft. 3 are under active attack. It's the largest release in Microsoft's history. The Dustin Childs breaks down the full release and shows you what to look out for at zerodayinitiative.com/blog/2025/1/14…

The schedule for #Pwn2Own Automotive is live! We have 50 entries from 21 teams across three categories. EV Chargers and IVI systems turned out to be popular choices. See the full schedule at zerodayinitiative.com/blog/2025/1/21… #P2OAuto

Zed is living the dream #Pwn2Own

The ZDI researcher who found this (Peter Girnus) discovered this vulnerability was used to target both the Ukrainian government and other Ukrainian organizations in a SmokeLoader campaign that was likely deployed by Russian cybercrime groups. Details & IOCs are in the blog.

Hey AdobeSecurity - you got any patches for us today???

Hey WolfBox - hard-coded creds in 2025?

Hey WolfBox -- heap-based buffer overflow in 2025?