Vous faites de la recherche de vulnérabilités sur mobile? On recrute en France mais aussi à l’international chez Epsilon ! Envoyez nous un message à [email protected] 😁

Chrome VRP top20?😅

It doesn't happen very often, but Project Zero is hiring! goo.gle/41DBQBY Please share with anyone you think would be awesome for the role 🎉 Looking for at least one person. DMs open if you want to reach out about the role. The team: youtu.be/My_13FXODdU

Does anyone know why this single sharing pag is not next to the user page tables, but is allocated from somewhere else? The alloc_page flags are the same. I tested it in a virtual machine and it was adjacent, but on a real machine the success rate was only 1/10.

TF is too mature for bug hunting, so we introduced a new surface for u guys.

According to the vulnerability announcement, both vulnerabilities are exploitable. chromium-review.googlesource.com/c/chromiumos/t… chromium-review.googlesource.com/c/chromiumos/t…

🚨 New advisory was just published! 🚨 A vulnerability in PHP's extract() function allows attackers to trigger a double-free in version 5.x or a user-after-free in versions 7.x, 8.x, which in turn allows arbitrary code execution (native code): ssd-disclosure.com/ssd-advisory-e…

CVE-2025-21756: Attack of the Vsock Michael Hoefler published an article about exploiting an incorrect reference counter decrement causing a UAF in the vsock subsystem. hoefler.dev/articles/vsock…

Off-By-One Conference founder Jacob Soo bids👋farewell to our speakers, sponsors, review board, attendees, activities& communities teams, crew, friends & supporters. We couldn't have done it without your kind participation and encouragement! Hip hip hooray starlabs See you in 2026!

We are also newly publishing some mobile pwning shenanigans in the coming months: catch us presenting `Eastern Promises: Mobile VRP Lessons For Bug Hunters` at Troopers 2025 and Le Hack 2025! troopers.de/troopers25/tal…

"Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit" by Seth Jenkins

Exploit is an art. In the writing process, creative thinking is very important and can help you improve efficiency greatly.

I want to know if anyone can jailbreak on iOS 17 or 18 after A17 Pro? Or has anyone already worked out a bypass for SPTM privately?😏

What is the problem? Why can I hexdump the data, and it is the data I wrote to that GPU address many times before running it?I don't know if this is a vulnerability, and it doesn't leak any important data.

Jann

Is there a way to make cpu_addr and libselinx share the same physical address? I can currently write to the read-only cpu_add, but this page is not controllable.

Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…

Reverse engineering Google's undocumented DSP pays off! Our co-workers Billy & [email protected] found the first public vuln in Pixel 8's DSP → kernel takeover MTE? What MTE? 😎 Their talk got accepted at HITCON hitcon.org/2025/en-US/age…

git.kernel.org/pub/scm/linux/…

git.kernel.org/pub/scm/linux/… Dmitry Vyukov