🔮NEW RCA!! A few hours after it was patched, TAG found an ITW exploit sample for CVE-2023-36802. Benoît analyzed it in detail ✨ googleprojectzero.github.io/0days-in-the-w…

While personally I think this is too extreme, I still believe that the high-level guys in MSRC should hear more from external reserachers because there are indeed many problems in their whole process these days.

🎁 New RCA up from Genwei Jiang of Mandiant FLARE on CVE-2023-36033, an EoP in Windows DWM Core Library that was patched in November! googleprojectzero.github.io/0days-in-the-w…

A vulnerability I forgot I reported was patched today. Clearly, the FBX insertion feature was a huge chunk of vulnerability, and as usual, MS decided to remove it. msrc.microsoft.com/update-guide/v…

TIL you can debug Windows EXEs under Wine with x64dbg running also under Wine. What's the point of actually using Windows anymore 🤠

This is my first Chrome vuln that I found by chance. Google handles vulnerabilities faster and more accurately than any other.

We HypeBoy topped Plaid CTF 2024! 👑 Reinose Kim Dong-uk munsiwoo as3617 mhibio Jinheon Lee stan Hyunsoo Cha n1net4il 1nteger_c c2w2m2 pr0cf5 Minyeop Choi 대나무젓가락 ironore15 G0RiYa Thanks to the great support from dakuo & hellsonic

I just pushed out wtf v0.5.5 where you can now generate full execution traces with both hypervisor backends (winhv & KVM) 🔥🔥 This should hopefully greatly help people debug their setup 🪄 github.com/0vercl0k/wtf/r…

:)

Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't. This was a story I was gonna save for a book but fuck it, I ain't gonna write it anyways.

Everyone wants to fuzz complex optimizations of WebAssembly compilers, but most approaches are simply considering grammars and types. Why can't we fuzz optimizations directly? We will share how we can do if we have systematically written optimization rules in S&P 2025 :)

Over the past few days, the IDA Pro (reverse engineering) MCP server—let’s call it Re MCP—has become a hot topic. In my opinion, it’s not yet capable of automatically uncovering vulnerabilities. However, if we look at it from a different angle, Re MCP is akin to tools like CodeQL

mozilla.org/en-US/security… Reported by Dong-uk Kim (Kim Dong-uk)

Nice work. I've previously delved into this, and since Windows Defender is closely integrated with Windows OS internals, effectively fuzzing it requires significant engineering effort. But it's definitely possible. :)

When working on certain hard exploits, you might dread & fold from how difficult the task is; true, some exploits are nearly PhD-level problems, verily so. But there will be no gain without this pain. You either go through it or go away. There is no royal path.

(CVE-2025-2783)[405143032][mojo] Google Chrome Sandbox Escape(exploited ITW) is now open(PoC & exploit are restricted🥲) issues.chromium.org/issues/4051430… Reported by Boris Larin Igor Kuznetsov

BYOVD is no longer required on modern Windows. a bunch of recent msft kernel patches just shove vulnerable kernel code behind a privilege check. I wonder if we will see threat actors leveraging this like they did BYOVD. no bringing along a driver and loading also means less IOCs

Little late, but yea. following last year's USACyKor, this year's CyGoN get second place in codegate 😀

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…