Microsoft Office Remote Code Execution Vulnerability(CVE-2021-27059) Internet Explorer Remote Code Execution Vulnerability(CVE-2021-27085) 0day(exploit) in the Wild But no one talk about it😅 msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/e…

The exploits and slides of our talk on Zer0Con2021 are now opened. The success rate of the exploit is VERY reliable on Samsung Browser 13.2.3.2 with S21 5G. The exploit demonstrates cookie upload, hope to see more PORT tricks in the future :) github.com/singularseclab…

More details about the 4 in-the-wild 0-day exploits that Google's Threat Analysis Group has discovered this year as well as our thoughts on the uptick in in-the-wild 0-days we're seeing this year. clem1 blog.google/threat-analysi…

We're also publishing root cause analyses for the four 0-days: Chrome CVE-2021-21166: googleprojectzero.github.io/0days-in-the-w… Chrome CVE-2021-30551: googleprojectzero.github.io/0days-in-the-w… Internet Explorer CVE-2021-33742: googleprojectzero.github.io/0days-in-the-w… Safari CVE-2021-1879: googleprojectzero.github.io/0days-in-the-w…

[New Blog Post] Analysis of DirectComposition Binding and Tracker object vulnerability iamelli0t.github.io/2021/08/15/Dir…

Not too difficult to repoduce the code excution part of CVE-2021-24090 in the latest Windows 10, thanks Gal De Leon for wonderful sharing😀

- A THREAD - [1/3] LATEST NEWS: Microsoft has disclosed the existence of a new zero-day #vulnerability that affects multiple versions of Windows. Follow this thread and read our report: research.trendmicro.com/3yQa1nW

New blog post: Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability msft.it/6011XTGHN

[Looking for iOS Speaker at #POC2021] If you think you are the one, DM or email us via pocadm dot gmail. Also, please welcome Lei Cao (Lei Cao) on board! He will be speaking about "Discovering Vulnerabilities by Studying 0-Day In the Wild" For more: powerofcommunity.net/speaker_main.h…

Uploaded the code I used for performance testing I/O rings - showed the results in my P99CONF talk earlier today: github.com/yardenshafir/I… I'm not a performance engineer so please lower your expectations before clicking the link! Jens Axboe Dor Laor

IronHusky APT uses zero-day on Windows servers #MysterySnail #PatchTuesday #itw0days securelist.com/mysterysnail-a…

New Blog Post: A Look At Some Real-World Obfuscation Techniques research.nccgroup.com/2021/10/12/a-l…

🌟 RCA for WebKit itw 0-day CVE-2021-30858 🌟 #itw0days I do love me a tweetable poc: var fontFace1 = new FontFace("font1", "", {}); var fontFaceSet = new FontFaceSet([fontFace1]); fontFace1.family = "font2"; googleprojectzero.github.io/0days-in-the-w…

Two in-the-wild 0-days patched by Chrome: CVE-2021-38000 and CVE-2021-38003. Both discovered by Google TAG! clem1 Neel Mehta Samuel Groß #itw0days chromereleases.googleblog.com/2021/10/stable…

POC2021 D-1! We have around 350 attendees even it's online. It's amazing! Thank you all for your interest! We will see you tomorrow:) Starting 11th Nov UTC +09:00 #POC2021

#POC2021 has just started.

#POC2021 2nd last talk of today. Lei Cao(Lei Cao) is giving his talk, "Discovering Vulnerabilities by Studying 0-Day In the Wild". He will show the importance of researching 0days that are being used in the wild.

#POC2021 Thanks for the souvenir😀 POC_Crew 👨‍👩‍👦‍👦

In the final part of his series covering a V8 bug used during #Pwn2Own, Hossein Lotfi details how the exploit took advantage of incorrect numeric results in JIT to get code execution on both #Chrome & #Edge. Read the details at zerodayinitiative.com/blog/2021/12/1…