CVE-2023-20593 — Exploiting Zenbleed from Chrome This repository contains a proof-of-concept for exploiting Zenbleed from Chrome using a V8 vulnerability which enbles arbitrary code execution in the renderer process. github.com/vu-ls/Zenbleed… Details: vu.ls/blog/exploitin…

Blogpost from me and Giulio C 🔥🌸 ! microsoftedge.github.io/edgevr/posts/E…

Had a good time at Blackhat Europe 2023. The release version of our slide is available now: i.blackhat.com/EU-23/Presenta… Hope you like it. Thanks to everyone who helped with this talk!!🥳🥳

(CVE-2024-2606)[1879237]Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. hg.mozilla.org/mozilla-centra… P1umer

A short but happy trip at Blackhat Aisa 2024. Our slide is available now: i.blackhat.com/Asia-24/Presen… Hope you like it and hope we can do it better next time. Thanks to everyone who helped with this talk. And also thanks Mr. Anthony 安東尼 's gifts, I like them so much.

Thanks to the fine folks at @nautilusinstitute the #defcon32 #ctf quals are in the books - you can read all about it at quals.2024.nautilus.institute. There's also a veritable feast of JSON dumps for the curious. Congrats to the winners, thank you to everyone who suited up and we'll

Since returning from BH Asia last year, we have made further progress in the exploiting and eagerly anticipate sharing it with you all #BHUSA #BlackHatEvents

Thanks to events like Pwn2Own or our V8CTF (~= exploit bounty program), we now have more data about the types of bugs exploited in V8. Based on that, we've gathered some basic statistics: docs.google.com/document/d/1nj…

During #BHUSA Briefing "Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution" we will discuss some of the interesting vulnerabilities we found on attack surface of WebAssembly and demonstrate how to exploit them >> bit.ly/3yXSpfD

Our slides about WASM bugs in browsers are now available. Thanks to everyone who helped with the talk.🫡 Hope we can do better next time. 1. BH USA 2024: i.blackhat.com/BH-US-24/Prese… 2. GeekCon Shanghai 2024: geekcon.top/js/pdfjs/web/v… cc my partners (P1umer xmzyshypnc Q1IQ)

Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT security.googleblog.com/2025/01/osv-sc…

icymi: CodeQL can now scan C/C++ without needing to build 🙌 github.blog/changelog/2025…

"AI Agents for Offsec with Zero False Positives" by Brendan Dolan-Gavitt, a journey on how we managed to get 0 FPs with XBOW. You can find the slides for his BH talk here: cdn.prod.website-files.com/686c11d5bee015…

New blog out now! We’re answering the top questions from the DEFCON audience and sharing the behind-the-scenes story of our victory. team-atlanta.github.io/blog/post-afc/ #AIxCC

🔎 How do sink-aware fuzzing + LLMs uncover Java vulns under pressure? See how Atlantis-Java did it. 👉 team-atlanta.github.io/blog/post-crs-… #AIxCC #Cybersecurity #CTF #AI #LLM #GenAI #AICyberChallenge #DARPA #DEFCON #Security #Vulnerability