Dino A. Dai Zovi It was known to be possible since at least 1972 :) See the end of page 64 / beginning of page 64 here csrc.nist.gov/files/pubs/con… But yeah, RTM is a legend for actually exploiting it at scale for the first time. Then Thomas Lopatic and 8lgm dropped bof vulns/exploits in 1995 and

As a homage to the work of Blaklis, our Security Researcher Tomais debuts his first research post on reverse engineering a critical unauthenticated RCE in Magento (SessionReaper) CVE-2025-54236 at Searchlight Cyber: slcyber.io/assetnote-secu…

Live from Pwn2Own Ireland: Summoning Team vs. Samsung Galaxy x.com/i/broadcasts/1…

Wow - just wow. Ken Gannon (@yogehi) didn't just exploit the #Samsung Galaxy S25: he had it tell a joke, exfiltrate a picture, & open a shell. All that from a single click. He's off to the disclosure room with all the details. You can watch the attempt at youtube.com/live/LuzHcXruJ…

Nice! Mehdi & Matthieu from Synacktiv pulled out the RF enclosure to run their exploit of the Phillips Hue Bridge. They were able to exploit it without laying a finger on the device. They're off to the disclosure room to explain themselves. #Pwn2Own

It's confirmed! Ken Gannon / 伊藤 剣 (@yogehi) of Mobile Hacking Lab, and Dimitrios Valsamaras (Dimitri Os) of Summoning Team (SummoningTeam) used five different bugs to exploit the #Samsung Galaxy S25. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own

We became an admin in the Fédération Internationale de l'Automobile's driver categorisation system, which allowed us to access the PII and password hashes of any rated driver, including Max Verstappen. 🏎️ ian.sh/fia

If you're excited to see the WhatsApp bug thrown Trend Zero Day Initiative - free to watch my talk from REcon 2025 on 4 remote bugs I discovered last year! While they're not 0-click RCE - there are some remote corruption and funny logic bugs in there. youtube.com/watch?v=bre5bA…

Credential Guard was supposed to end credential dumping. It didn't. Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm

Probably one of the biggest losses of US cyberweapons in years. 👇 All from private companies... ❓How were stolen capabilities used? ❓Were NSA etc ops burned? ❓Were they turned against Americans? Raises alarming questions about for-profit offensive sector's reliability.

First and foremost, Thank you God for all of this. Second, our eternal respect to the amazing teams Trend Zero Day Initiative and Trend Micro for making this competition possible! Third, thank you to the film crew (blackrabbitint) working with zdi to make all of those great videos of us!

People confuse the inability to win a fight as the inability to deter. Deterrence isn't as much about the ability to win as it is convincing the opposition that pursuing an undesired course of action is too costly and to pursue an alternative. Maybe that is a win though.

O(N) the Money: Scaling Vulnerability Research with LLMs by Caleb Gross noperator.dev/posts/on-the-m…

The HackingTeam is back! New name, new malware, new exploits securelist.com/forumtroll-apt…

thanks to everyone who attended my #TheSAS2025 talk "Typographic hit job: when fonts pull the trigger". 🙏 I've written an accompanying blogpost that goes over all the details: haxx.in/posts/2025-09-…

I found out that you can use "ftp::" to convert a limited Dom Clobering situation into a full CSPT. Then, while talking about it with m0z, he found that we can also use "https::" This can be used to prevent URL parsing of href, allowing us to hit other endpoints

ways to grow, even amid chaos: 1/ follow the thread of what fascinates, not what you think you should know 2/ share your insights, teach - simplicity eludes your explanation, mastery remains distant 3/ create tangible outcomes - mere absorption yields only data hoarding -

We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#comm… for a PoC exploit. Also affected other browsers

Peter Williams, former exec of zero-day company Trenchant who was accused of selling his company's software secrets to Russian zero-day broker, pleaded guilty in DC court this morning. Prosecutors say he was still communicating with his Russian buyer when he met with FBI in July

pyotr villiamovitch after selling state secrets and copping a counterfeit rolex