The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

42-b3yond-6ug had a strong performance overnight, being the sole team to find a Linux Kernel bug and the first to identify and patch a Jenkins bug. They're now tied with Buttercup for total achievements.

AI Cyber Challenge Semifinal Competition results are in! Congratulations to the top seven scoring teams who will advance to finals, and to all the competitors who worked to help safeguard the code that underpins critical infrastructure. More: darpa.mil/news-events/20…

We are 42-b3yond-6ug

Go Cats!💜💜💜 Northwestern University Computer Science Northwestern Northwestern Engineering

Team members of 42-b3yond-6ug at USENIX Security. Our topics cover LLM Security, System & Software Attack and Defense. #aixcc

Amazing

interesting

Extremely happy that our paper "Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States" has been accepted for publication NDSS Symposium 2025. TU Delft DistriNet Yonsei University

Team 42-b3yond-6ug - led by Northwestern Engineering's Xinyu Xing and Yan Chen - was among the top seven scoring teams at the DARPA and ARPA-H #AIxCC semifinal competition! They will advance to the final competition in August 2025. Congratulations! spr.ly/6012WDs1y

GPUAF: Using a general GPU exploit tech to attack Pixel 8 A talk by @peterpan980927 and Billy about leveraging an integer overflow bug in the Mali GPU driver to gain use-after-free access to physical pages and escalate privileges on Pixel 8. youtube.com/watch?v=Mw6iCq…

Congrats NU!

😧

wow!

wow

USENIX WOOT Conference on Offensive Technologies 2025 (WOOT '25) CFP is online! Deadlines: - Up-and-coming track: March 4th, 2025 - Academic track: March 11, 2025 usenix.org/conference/woo…

Here is everything that happened in AI Agents this week 🧵 (save for later)

Garak : the LLM vulnerability scanner : github.com/NVIDIA/garak

Our PatchAgent has successfully repaired multiple real-world vulnerabilities!

CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit Article by Hoàng Hải Long 🇻🇳 about finding an unfixed netfilter use-after-free bug reported by syzbot. The researcher exploited it to pwn the kernelCTF COS instance. seadragnol.github.io/posts/CVE-2023…