Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). github.com/xairy/kernel-e…

We have an exciting piece of vulnerability research 🕵️‍♂️ to share, conducted in collaboration with external researchers from VU Amsterdam. Find out more about the L1TF vulnerability, a CPU vulnerability on some Intel CPUs (Skylake and older). goo.gle/3I69VDv

Pizlix: the world's first memory safe Linux distro. I'm writing the primordial README for it now and doing a final test that `./build.sh` actually works. The I'll commit it to the Fil-C repo

Interested in practical tips for using agentic LLMs for vulnerability detection? Check out this tech report from the Fuzzing Brain team, who reached the finals of AIxCC. It was a pleasure to be involved in this effort! arxiv.org/pdf/2509.07225

Software vulnerabilities can be notoriously time-consuming for developers to find and fix. Today, we’re sharing details about CodeMender: our new AI agent that uses Gemini Deep Think to automatically patch critical software vulnerabilities. 🧵

faith2dxy.xyz/2025-10-07/vir…

Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution. zerodayinitiative.com/blog/2025/10/6…

RIP ...

A crash feels like being stranded on Mars. No rescue. No signals. Just you… and the logs. Meet Martian — our AI patch agent that fixes the unfixable. Exploring the unknown, one bug at a time. 🔗 team-atlanta.github.io/blog/post-crs-… #AIxCC #AICyberChallenge #LLM #GenAI #AIForSecurity

Today I am releasing a new blog on Windows on ARM! It comes from the perspective of one, like myself, who comes from an x86 background and is new, but, interested in Windows on ARM! ELs, OS & hypervisor behavior (with VBS), virtual memory, paging, & more! connormcgarr.github.io/arm64-windows-…

Remember HackingTeam? They're back as Memento Labs. Their tools were used vs media, universities, government, financial institutions in Russia. Phishing + Chrome 0-day exploit. Just clicking a link was enough for full infection. Quite a disclosure. securelist.com/forumtroll-apt…

made an IDA plugin that tracks the time you spend in IDA and displays a leaderboard github.com/idkhidden/touc… int3.club/touchgrass/

It’s time to publish the blog post about the bug that won at P2O Berlin 2025. Enjoy! With this post, I mark my last moment as a researcher at Out of Bounds. I’m moving on to a new place for a fresh start.🔥🦎 oobs.io/posts/four-byt…

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. googleprojectzero.blogspot.com/2025/11/defeat…

I am the main developer fixing security issues in FFmpeg. I have fixed over 2700 google oss fuzz issues. I have fixed most of the BIGSLEEP issues. And i disagree with the comments @ffmpeg (Kieran) has made about google. From all companies, google has been the most helpfull & nice

After several attempts I made a segment heap visualizer. It render 2.5kkk chunks of kernel pool for 360ms. It is a handy tool for visual exploits debugging. github.com/immortalp0ny/p…

Sometimes it really is a cpu bug 😂 A weird AVX512 bug on Zen 4 (Genoa) just got officially confirmed as erratum 1514 in the latest spec update. There's a workaround/chicken bit too. My testcase: godbolt.org/z/4zE8svEPK

My new blog describes a vulnerability in Windows that allows a low privileged user or guest to remotely crash the Spooler service in Windows by one simple call. incendium.rocks/posts/Remotely…

Don't forget to checkout the full writeup with extra details! You can even create your own MD5 collision in browser: stackchk.fail/blog/jxl_hashq…

New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing, AI agents found $4.6M in exploits. The research (with MATS Research and the Anthropic Fellows program) also developed a new benchmark: red.anthropic.com/2025/smart-con…