Windows Exploitation Techniques: Winning Race Conditions with Path Lookups

Welcome to the new Project Zero Blog

Most exploitation activity related to the CVE-2025-55182 vulnerability affecting React Server Components, Next.js, and related frameworks originated from red teams assessments, but observed exploitation attempts by threat actors deliver various payloads.

The December 2025 security updates are available:

RCE in React Server Components.. Next.js users impacted, upgrade immediately https://t.co/Jj1zJchxnW

Join me this Friday at 11AM with guest Bramwell Brizendine on the next @offby1security stream titled, "Can't Stop the ROP! Weaponizing ROP on Windows to Bypass System DLLs" Please use the following YouTube link: https://t.co/FimhzBS6IL

We have some exciting news – Corellium is now officially part of Cellebrite! Welcome to a new era for mobile security research and testing. We can’t wait to show you what the future holds as a Cellebrite company! Read the press release to learn more ⬇️

Great talk by Samuel Groß(@5aelo). Those who think that the train has left and it is too late to enter the browser vr/xd... This is not true, so good luck to everyone in your endeavors. And once again I want to mention the legend - Seunghyun Lee(@0x10n) https://t.co/vxqmVaHIpU

📢Call for beta testers!📢 The "Architecture 1901: From zero to QEMU - A Gentle introduction to emulators from the ground up!" course by Antonio Nappa @jeppojeps / @fuzzsociety_org will begin November 28th. Sign up here: https://t.co/Cf884f9jlY This course explores the

How to build Android Bug Bounty lab Guide to configuring emulators, real devices, proxies, Magisk, Burp, Frida by @yeswehack https://t.co/f3Iez8PKI0

Unit 42 uncovers the new LANDFALL Android spyware delivered as DNG images that exploit CVE-2025-21042 in Samsung devices. https://t.co/qFWkEUFMxC

A demo for the Renesas RX64M is now available for download. This is the first demo that targets an RXv2 cored MCU. http://t.co/gnlbhZWEeT

📱 A Comprehensive Guide on Modern iOS Pentesting Guide: https://t.co/oOZ3u4p6Vg Author: Noah Farmer (@d_vuln)

Frida JDWP Loader This tool dynamically attaches #Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access. Perfect for quick dynamic app analysis https://t.co/4mxB8feSLb

New public advisories released by @Acronis related to our research: https://t.co/HiE4YPn4dd, https://t.co/Jk2wlo8mKZ, https://t.co/e9JRdKF6qq, https://t.co/EH7s5XBKPc, https://t.co/o6A7JdLD3G, https://t.co/vDwVuswZeB. Don't forget to apply patches!

I've been waiting for this a long time: the latest version of WinDbg is now shipping with the console mode debuggers (cdb, kd, ntsd) as well🥳 If you start WinDbg a bazillion times a day, starting cdb instead will save you a lot of frustration / time.

If there's interest I was thinking about doing a stream for an hour this Friday while I'm teaching a class on introductory Windows exploit development. Next Friday I'm hoping to continue turning the recent patch diff we did on ole32.dll into a crash condition PoC.

We're excited to announce a major new release of x64dbg! The main new feature is support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed 🔥

Windows Native API Programming course is now available on Trainsec! https://t.co/Z4haEdcbrB

I guess AI isn't all bad... I asked ChatGPT to explain to me why so many people without any visible talent are famous. Its fair response gave me hope. 😂