In the The Washington Post today, we have published every one of the 18,500 known names of children killed by Israel’s military operations in Gaza.

“Veracode found Java to be the riskiest language for AI code generation, with a security failure rate over 70 percent. Other major languages, like Python, C#, and JavaScript, still presented significant risk, with failure rates between 38 percent and 45 percent. The research also

bath time 🫧

Jeez, seems a little drastic.

Our slide is online: i.blackhat.com/BH-USA-25/Pres… Glad to share our pre-auth DoS & RCE bug hunting research at #BHUSA! Thanks Black Hat for the pre-recording, as we couldn’t attend in person this time for personal reasons. Questions? DM us VictorV wei zhiniang peng

Microsoft confirms Windows 10's Edge and WebView2 are supported until October 2028. Windows 10 support officially ends on October 14, 2025, but can be extended until October 2026. Regardless, even if you don't extend Windows 10 support, Edge remains supported until October 2028.

So Shak Mo and I just dropped our Win-DoS research + tools at DEF CON and on GitHub!💥 Win-DoS repo: * 4 new remote DoS exploits for Domain Controllers and Win11 (3 pre-auth!) * TorpeDoS technique - exhausting resources via RPC * DCs DDoS botnet attack github.com/SafeBreach-Lab…

Micropatches Released for Windows Update Service Elevation of Privilege Vulnerability (CVE-2025-48799) blog.0patch.com/2025/08/microp…

We'd like to thank Filip Dragović (Filip Dragovic). for sharing their finding and their POC, which allowed us to reproduce the issue and create patches for our users.

You didn’t click, but your password challenge is leaked. I’m excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. cymulate.com/blog/zero-clic…

Find the POC for my new finding, CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch. github.com/rubenformation…

we are in for a few years of security nightmares

By intentionally coercing a host to open a share with a virus (or an EICAR test file), Windows Defender re-connects with computer account credentials in order to quarantine/delete it. 🦠😷

Today I have a more serious topic than usual, please consider reposting for reach: My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/3]

Hosts running the WebClient service are prime targets for NTLM relay attacks, and it may be possible to start the service remotely as a low-privileged user. Steven breaks down the service startup mechanics, plus the protocols and technologies. ghst.ly/41QT7GW

A critical part of Active Directory security is regularly reviewing your AD admins. The simplest way to do this is to recursively enumerate the membership of the domain Administrators group (that group's members and all member group members). PowerShell code shown below. Check

Are you an IT admin whose responsible for dealing with AppLocker? Do you struggle to wrangle all your policies? Are you worried that you have misconfigurations hiding in your AppLocker Policy? Well, have I got something for you.... It's called AppLocker Inspector and it's

What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague Johnny Fishcake blog.amberwolf.com/blog/2025/augu…

I found that using RegQueryMultipleValuesW to read sensitive registry values bypasses nearly all the EDRs I tested. Alongside NtOpenKeyEx with OpenOptions 0x04, you can read Windows secrets without touching the disk and without SYSTEM. More here: sud0ru.ghost.io/silent-harvest…

"Do [AI companies] have a plan to control the unimaginably powerful superintelligent AI that they themselves claim they are only a few years away from building? Spoiler alert: they do not." Siliconversations' new video about our Summer 2025 AI Safety Index: