Part 2 of the blog describing the #Firefox bug used by Manfred Paul at #Pwn2Own Vancouver is live. Hossein Lotfi continues looking at the code execution bug with sandbox escape that won $100K at the event. Read the details (and watch the video demo) at zerodayinitiative.com/blog/2022/8/23…

A writeup analysis of a simple logical vulnerability at Chrome for which Google VRP (Google Bug Hunters) paid me $16,000. Link: blog.slonser.info/posts/cve-2023… P.S. I have very few subscribers, so I am grateful for every repost #0day #Chrome #GoogleVRP #CVE

CVE-2024-1086 (Local Privilege Escalation) - While the xz backdoor was all over the place, this incredible exploit seemed to "slip" by! - This is working on most Linux kernels from 5.14 to v6.6 - Repo: github.com/Notselwyn/CVE-… - Creator: Lau

🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT! Bounty: $28,000 💸 Here is the write-up 👉 swarm.ptsecurity.com/xxe-chrome-saf…

🚀 Finally released the details of the MikroTik RouterOS exploit that won us the Master of Pwn at #Pwn2Own Toronto 2022! 🎖 Curious about how we did it? Check out the latest blog revealing the attack chain: devco.re/blog/2024/05/2…

CVE-2024-30043: Piotr Bazydło details this #SharePoint XXE he discovered. He calls it one of the craziest XXEs he has ever seen, both in terms of vuln discovery and the method of triggering. He shows how it can be used for info disclosure & NTLM relaying. zerodayinitiative.com/blog/2024/5/29…

New blog post: plORMbing your Django ORM - Part one of a series about ORM Leak vulnerabilities and attacking the Django ORM. elttam.com/blog/plormbing…

After months of work (and bugs), Maxence SCHMITT has finally released his fabulous research. Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery or #CSPT2CSRF. Full paper here: doyensec.com/resources/Doye… Summary in blog.doyensec.com/2024/07/02/csp…

🔥 XSS on any website with missing charset information? 😳 Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: sonarsource.com/blog/encoding-… #appsec #security #vulnerability

new blogpost time!! this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c: have fun! lyra.horse/blog/2024/09/u…

During a recent CTF, one participant found a particularly interesting solution to my challenge. The goal was to send multiple CSRF requests with SameSite=Lax from 1 visit. Normally, a form sends you to the page you are posting to and you cannot send any more CSRF requests. (1/4)

Ya tenemos ganador de la última #HackerNight, la cual hicimos con la colaboración de Yogosha y en la que Rooted ha añadido 3.000€ adicionales. Enhorabuena Borgi por encontrar la mejor vulnerabilidad.🥳👏 Y gracias a todos los que participasteis. ¡Nos vemos en la

We have just published our AttackerKB Rapid7 Analysis for CVE-2024-47575, the recent FortiManager 0day, aka FortiJump 🔥 Read our full technical analysis; detailing firmware decryption, protocol analysis, and unauthenticated RCE 🚀 attackerkb.com/topics/OFBGprm…

My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. + Commentary video featuring SuperFashi, where we review the chals together. * 45 hours of content * 400+ GB of raw footage Merry Christmas! youtube.com/watch?v=vwW9xv…

In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of extensions and key attacks. P.S. I tried to make everything as clear as possible and hope it won’t feel too overwhelming anywhere. extensions.neplox.security

Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :) hacefresko.com/posts/rce-on-s…

🔥 The "impossible" XXE in PHP? Not so impossible anymore. Our researcher Aleksandr Zhurnakov discovered an interesting combination of PHP wrappers and a feature of XML parsing in libxml2 to exploit it. Read: swarm.ptsecurity.com/impossible-xxe…

I’m excited to introduce Namespace Confusion, a novel attack discovered during Gareth's and mySAML Roulette: The Hacker Always Wins research. We uncovered a brutal attack on XML signature validation that destroys authentication in Ruby-SAML!

Our client base has been feeding us rumours about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while... Given these are now CISA KEV, enjoy our now public analysis and reproduction :-) labs.watchtowr.com/sonicboom-from…

The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) labs.watchtowr.com/well-well-well…