The hacker is presumed to be Chinese, not North Korean. docs.google.com/document/d/16Z…

Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-da…

Checkout this open-sourced handy MCP server for JEB decompiler by us: github.com/flankerhqd/jeb… . Contributions and use cases are always welcomed.

not bad?

Since Apple doesn’t care, I don’t care either. Here are the details of an address bar spoof vulnerability in Safari on Mac using custom cursor overlap - Apple said it’s *not* a vulnerability. github.com/RenwaX23/X/blo…

Dataflow Security has officially opened a position for a Web Security Researcher. dfsec.com/careers/

For the first time in my CTF career I saw such a shameless and broad flag sharing 😦 Almost all challenges dropped to minimal points with over 300 teams participating in the scheme! Only a few CTFs even get that number of all teams. That's just mind blowing 🤯

lmao

Unprecedented early morning frauds target KT subscribers chosun.com/english/nation… - I'm curious about how the scam was carried out.

I had the pleasure of working with the web team at DFSEC for the last 2 years. If you feel you are wasting your time finding web 0days for marketing, I suggest you try this role as it requires you to think more outside the box to solve the hardest problems in web app security!

`npm`/`npx`/`yarn`/pnpm`/`npx`コマンドを乗っ取る形で、パッケージインストール時にAikidoのスキャンを行うツール "AikidoSec/safe-chain" github.com/AikidoSec/safe… #npm #security

Offline mode has completed

We published a blogpost about SafeContentFrame - a library for rendering untrusted content inside an iframe. The library is a big party of what I've been up to in the few last years! Check out the blog and take a slice of my birthday cake 🎂! bughunters.google.com/blog/671552987…

Hello! Today’s 1day1line is about CVE-2025-53770 (RCE) & CVE-2025-53771 (Auth bypass) in SharePoint — linked to earlier CVE-2025-49704 & 49706. These vulnerabilities affect on-premises Microsoft SharePoint. Check out the post! hackyboiz.github.io/2025/09/20/bek…

[0-day UNPATCHED] Chrome iOS UXSS Using iOS Shortcuts and Bookmarklets Not a full critical UXSS but still can be used to do damages, it's funny Chromium devs doesn't know of how iOS internals/features work and calling it like (downloading an executable) issues.chromium.org/issues/4266318…

Kudos to Offensive AI Con for an incredible event. Great people, insightful talks, and an amazing venue. Already excited for next year!

Our newest Dataflow Security blog post is live, thanks to Tomi from Dataflow Forensics for putting this together :-) blog.dfsec.com/ios/2025/10/14…

NEW: 🇰🇵DPRK has begun hiding malware on blockchain. Result, decentralized, immutable malware. Nearly impossible to remove. Research by Mandiant (part of Google Cloud)

We are happy to host osu!gaming CTF 2025 (Rhythm Game Edition), happening next weekend. View the prizes and register at: osugaming.sekai.team osu! is a fast-paced, precision-oriented rhythm game. Now, with osu!gaming CTF, we've brought the excitement to the world of CTFs.

Planning a CTF? We're here to support organizers with proven expertise and a commitment to quality challenges. Apply here: dfsec.com/ctf-support