[#Zer0Con2025] 🎙️ SPEAKER Highlight: Manfred Paul "PAC2Own: From Bug to Shellcode in modern Safari" 🌐

[#Zer0Con2025] 🎙️ SPEAKER Highlight: matteo malvica ⭕ "Breaking Chrome's V8: Type Confusion, WASM JIT-Spraying and Heap Sandbox Evasion" 💥

My writeup for CVE-2024-7971. Just a POC. Let me know if u have any questions. github.com/mistymntncop/C…

😅 Exploit chain: CVE-2024-12053 + 361862752(rce + v8sbx escape), exploited ITW issues.chromium.org/issues/3790091… issues.chromium.org/issues/3618627…

Thanks to TyphoonCon🌪️ and sponsor’s support, I'm able to attend again this year 🥰 Looking forward to learning a lot and meeting amazing people at the conference!

"Advanced .NET Exploitation" June edition at REcon is confirmed! We've hit 10 registered students, so the class is happening for sure. If you’ve been thinking about joining, there’s 5 more space to learn some deserialization Magic! summoning.team

🌪️ Kicking things off with our keynote by Andy Nguyen sharing how console hacking sparked his journey into cybersecurity.

#TyphoonCon25

🌪️ Back from lunch just in time to escape VirtualBox and unchaining objects in the Windows Kernel with Corentin Bayet

🌪️ Tapping into the past TyphoonCon🌪️ with Rick de Jager & Carlo Meijer’s RCE via Fax Machine!

It seems like the Midnight Blue guys successfully demonstrated again their IVI exploit! Happy to meet Rick de Jager & Carlo at #TyphoonCon25

This year's TyphoonCon🌪️ was the best! I was grateful to make new friends and learn so much from them 🥰 If you’re looking to use Binary Ninja more efficiently, I'd highly recommend Kyle Martin's upcoming training! (2nd pic) In my experience, he’s one of the top who can help us

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to Billy, Ramdhan, [email protected] & rainbowpigeon CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…

What does it take to hack a Sonos Era 300 for Pwn2Own? Take a look at our process of adapting existing research, establishing a foothold, and exploiting media parsers for unauthenticated RCE over the network🔥👇 blog.ret2.io/2025/06/11/pwn…

Signal SIGTRAP in v8 (reward: $55000) crbug.com/400052777

[ZDI-25-376|CVE-2025-23118] (Pwn2Own) Ubiquiti Networks AI Bullet Improper Certificate Validation Authentication Bypass Vulnerability (CVSS 7.5; Credit: Kiddo, @d0now, @insp3ct0r_x, Wonbeen Im, @leeju_04, JuYeong Lee, @nang__lam, slyfizz of STEALIEN Inc.) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-377|CVE-2025-23119] (Pwn2Own) Ubiquiti Networks AI Bullet Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability (CVSS 7.5; Credit: Kiddo, @d0now, @insp3ct0r_x, Wonbeen Im, @leeju_04, JuYeong Lee, @nang__lam, slyfizz) zerodayinitiative.com/advisories/ZDI…

Today Rapid7 is disclosing 8 new printer vulnerabilities affecting 742 models across 4 vendors. After 13 months of coordinated disclosure with Brother Industries, Ltd, we're detailing all issues including a critical auth bypass. Full details here: rapid7.com/blog/post/mult…

A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…