screenshot of the aftermath of our #Pwn2Own Safari chain that Niklas B @[email protected] and I did. This was a lot of fun and I cannot thank these two enough for working together on this :)

I have completed the FORCED ENTRY RCE + SBX chain with a PAC bypass. The calculator payload can be found here: github.com/jeffssh/CVE-20…. I learned a lot about iOS exploitation and can't wait to share that in a blog post, which I'll release along with the code to generate this PDF.

How the NSA (Equation Group) allegedly hacked into China's Polytechnical University 👀 I analysed intelligence reports from Chinese cyber firms (360, Pangu, CVERC) to aggregate TTPs attributed to Equation Group. 🔗inversecos.com/2025/02/an-ins…

I’ve built the Perplexity of the DarkWeb! Let me explain 👇 First, if you've been living in a cave, Perplexity is a search engine powered by LLMs. So what if we could do the same for the darkweb? Compared to the clear web, browsing the darkweb requires a few things: - A Tor

The HackingTeam is back! New name, new malware, new exploits securelist.com/forumtroll-apt…

I bypassed user approvals and achieved RCE in VS Code Copilot by flipping 4 bits. Find out how: jro.sg/CVEs/copilot/ Thanks to Microsoft Security Response Center for rapidly triaging and patching this vulnerability.

Spent my month’s salary just to see a clear sky. Delhi is literally a gas chamber now- where clean air has become a luxury. FYI: AQI is 10 here !

Anyone who wrote the complex code or repos before AI or LLM era deserves the salute x 100 🫡 till the earth ends Historically the code might be marked or referenced as B-AI and A-AI just like BC and AD .. #ThoughtsInBed #Security

What has happened at VIT Bhopal is beyond shameful > Charging 20 lakhs per student > Providing sewage water > Jaundice outbreak happened > 300 students hospitalized > 3 lost their lives While CM is busy with increasing Reservations, students are dying without clean water.

So, you are mandating an app on phones of 150 crore people to track their activities. But there is no app to track govt activities: > Exactly how tax funds are being used > Political funding & sources You don’t trust people who voted for you, but they should trust you. Wow!

my dad’s phone was compromised, OTPs kept arriving without pause. By morning, ₹42,000 had vanished. The credit card was blocked, but too late. It was a RBL Bank credit card. We reported it within an hour, to the bank and to cybercrime, believing that acting fast would help. The

Great work team

fastest way to move llms between machines for distributed inference

Tomorrow is Budget Day. Can we demand an audit on how much General Category has paid for social justice in last 78 years?

🚨 Security Alert A 0-day Pre-Auth RCE has been identified in the latest Dolibarr ERP by our team Video Poc: vimeo.com/1160745103 🔒No exploit code or PoC has been shared or leaked. vrseclabs.in #ZeroDay #RCE #Dolibarr #CyberSecurity #InfoSec

Spent some time recreating the ‘Blastpass’ iOS exploit in a faked target process, to understand the heap shaping strategy first-hand. Video here youtu.be/0JFcDCW3Sis?si…

404 page to RCE. A report by spaceraccoon | Eugene Lim He chained two old CVEs to achieve RCE: - Found a 404 page mentioning an obscure CMS, discovered /josso/signin login - Triggered CVE-2007-0450 (directory traversal in mod_proxy) using a %5C../ to bypass the internal proxy - Reached

x.com/i/article/2018…