BAR24's Call for Papers has just been posted here ndss-bar24.github.io! We welcome both short and long manuscripts on *all* things binary analysis! Deadline: Friday, January 5, 2024 by 11:59PM Anywhere-on-Earth (AOE). Please help us spread the word!

Anyone know the folks over at VCSLab ? Looking to get in contact w/ the pwn2own contestants.

Qualcomm's Product Security (QPSI) is looking for interns for the summer of 2024 to work on AI model security against malicious attacks. Mail [email protected]. DM me with any questions you have. #AIModelSecurity

I am recruiting PhD students to join my group and the Software Practices Lab ([email protected]). If you are interested in research in automated testing & program analysis & the like, apply to UBC Computer Science by dec 15 here: cs.ubc.ca/students/grad/…

A little under one month to go until the deadline for the 2024 NDSS Binary Analysis Research Workshop!! ndss-bar24.github.io! We welcome short or long papers on *all* things binary analysis! Deadline: Jan. 5, 2024 by 11:59PM Anywhere-on-Earth. Please help spread the word!

are there any hints on the mobile capabilities I-SOON had? did they exploit any N-days or 0days?

The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers. Microsoft Microsoft Teams posted on a bug tracker full of volunteers that their issue is "high priority"

I'll be at the final ShmooCon 💚! If you're around, come find me, and let's chat about basebands, emulation, Android, and sailing. ⛵ I'll also be at DistrictCon and RE//verse in Orlando.

Chromium's fix idea is to provide WAs so specific SPIR-V is not being passed down to the backends? Does anyone know the reason why they do this? It sounds incredibly stupid. This reeks of some corporate bureaucracy.

If CVE-2025-21479 was your bug hit me up (reach out for signal/telegram/or pgp key). I *REALLY* want to know how you or your team found it.

Qualcomm June 2025 Security Bulletin docs.qualcomm.com/product/public… "There are indications from Google TAG that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation"

The GPU shares similar microcode across products, which is why CVE-2025-21479/80 is so interesting. Whomever had it burned (reach out to me pls) had a crazy versatile bug ruined. The affected GPU versions run on multiple different product types (IoT/phones/laptops & future auto.

Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more? jobs.apple.com/en-us/details/…

📢The end of Hexacon's CFP is approaching (July 14th)! If you have technical content you would like to present in Paris, you have another ~11 days to send it in ✍️ Topics of interest are vr / xdev / hardware hax, appsec & offensive security in general 🐛🐜🪲 See you there!👋

CVE-2025-21479 Meta Quest 3 privilege escalation Exploit poc - github.com/FreeXR/eureka_… #root #MobileSecurity #infosec #dfir

Cool exploit, if only Qualcomm customers took Kernel Protect this technique wouldn't work. Unlucky.

docs.qualcomm.com/product/public… Continuing my trend of no one tells me anything if you were using these, especially 21483, hit me up.