I'm so proud that my project Blink is one of the first to be officially listed as Fil-C compatible. I'm amazed it was even possible. I'm happy with how easy it was. Filip Jerzy Pizło was super helpful too.

Last month, Zellic researcher Faith 🇧🇩🇦🇺 gave an internal talk on pwning Linux kernel. He teased an exploit he'd be submitting to a 0day challenge. Today, Faith 🇧🇩🇦🇺 and his teammate just won $40,000 for a Linux kernel 0-day! Congratulations Faith!

#今年造った最高傑作で２０２５年を振り返る 株価分析できそうな天気表示装置

Reminder: Tampermonkey is no longer open source or even source available. Use Violentmonkey.

we pwned x, vercel, cursor, and discord through a supply-chain attack news.ycombinator.com/item?id=463170…

>openai buys out 40% of global DRAM wafer >they can't even use it, because it's not processed >it's only so no one else can use it >they buy it with money they don't even have >openai is also unprofitable business

Last weekend, we played #0CTF 2025 and were lucky enough to take 1st place! 🥇🎉 Big thanks to 0ops.ctf for the high-quality challenges 🙌 Congrats to Never Stop Exploiting for 2nd 🥈 and mhackeroni for 3rd 🥉👏 See you next year! 🚀✨

Clarification post, previous post about Ubisoft lead to some confusion. That's my fault. I'll be more verbose. I was trying to compress the information into 1 singular post without it exceeding the word limit. Here's the word on the internet streets: - THE FIRST GROUP of

昨日、4chan に「Halo 2の初期開発ビルド/内部ツール一式」と思われるデータが突如投稿され話題に。 投稿者は中身について一切説明せず、スレは正体不明のまま混乱状態に。 検証の結果、これは 2003年5月時点の Halo 2 開発データと判明し、4chan 内では正体を巡る議論がかなり白熱していた。

The MongoBleed vuln is such a cool and powerful primitive, it practically allows you to remotely live-view the host memory (limits still apply) and navigate around like a local hexdump! I made a TUI live memory browser based on Joe Desimone's PoC. Credits to him for the original PoC

PC-98 Windows is pretty much a novelty these days, but it is neat knowing that these transitional machines were how a lot of people first read some landmark visual novels.

MongoDB's latest vuln (CVE-2025-14847) is wild. unauthenticated attackers can send crafted requests and leak uninitialized heap memory from the server via zlib compression mishandling. All from *one line* of code: returning the allocated buf size instead of the decompressed len

you're tweeting this from a phone which uses the linux kernel

peak javascript moment: if you call setInterval with a timeout greater than INT_MAX, instead of throwing an error (the sane thing to do), setInterval will silently execute your callback **every millisecond**

Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMD’s stack engine across Zen 1–5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking

tl;dr > decide to do winsock malware poc > need to be position indepedent > low as possible to metal > post about it > Dominic Chell 👻 recommends x86matthew research > "nah not related" > mfw i was wrong > get code working > need to remove abstractions > start reversing winsocks > mfw

Paged Out! #8 will be published within the next 24 hours.