V8 now has a JS bytecode verifier! IMO a good example for the benefits of a sandbox architecture: - Hard: verify that bytecode is correct (no memory corruption) - Easier: verify that it's secure (no out-of-sandbox memory corruption) Basically separates correctness from security

XNU as shipped to the outside world is built with some flags not available in the compilers apple ships in Xcode: -mapple-speculative-hardening -mllvm -apple-speculative-hardening-mode=always-poison

Happy to share our work "Cottontail: LLM-Driven Concolic Execution for Structured Test Input Generation" will appear in S&P'26! Paper: https://t.co/vIxZD5BGE2 Code: https://t.co/NxuD4wwNF4 Special thanks to @nim_gnoes_eel, @JNUYUXIAN, @spinpx, @LingxiaoJiang, and @mboehme_ ♥️

New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing, AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark:

Don't forget to checkout the full writeup with extra details! You can even create your own MD5 collision in browser: https://t.co/JBIPSOecVp

My new blog describes a vulnerability in Windows that allows a low privileged user or guest to remotely crash the Spooler service in Windows by one simple call. https://t.co/fiQVib9k6C

After several attempts I made a segment heap visualizer. It render 2.5kkk chunks of kernel pool for 360ms. It is a handy tool for visual exploits debugging. https://t.co/ETSdltDEJC

Sometimes it really is a cpu bug 😂 A weird AVX512 bug on Zen 4 (Genoa) just got officially confirmed as erratum 1514 in the latest spec update. There's a workaround/chicken bit too. My testcase: https://t.co/bbpia3vX1U

I am the main developer fixing security issues in FFmpeg. I have fixed over 2700 google oss fuzz issues. I have fixed most of the BIGSLEEP issues. And i disagree with the comments @ffmpeg (Kieran) has made about google. From all companies, google has been the most helpfull & nice

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. https://t.co/AE0vBXEcob

It’s time to publish the blog post about the bug that won at P2O Berlin 2025. Enjoy! With this post, I mark my last moment as a researcher at @oobs_io. I’m moving on to a new place for a fresh start.🔥🦎 https://t.co/PAdwKgeHuL

made an IDA plugin that tracks the time you spend in IDA and displays a leaderboard https://t.co/8MACfSevGK https://t.co/NQxBrfQyRE

Remember HackingTeam? They're back as Memento Labs. Their tools were used vs media, universities, government, financial institutions in Russia. Phishing + Chrome 0-day exploit. Just clicking a link was enough for full infection. Quite a disclosure.

Today I am releasing a new blog on Windows on ARM! It comes from the perspective of one, like myself, who comes from an x86 background and is new, but, interested in Windows on ARM! ELs, OS & hypervisor behavior (with VBS), virtual memory, paging, & more! https://t.co/jUHls4wupu

A crash feels like being stranded on Mars. No rescue. No signals. Just you… and the logs. Meet Martian — our AI patch agent that fixes the unfixable. Exploring the unknown, one bug at a time. 🔗 https://t.co/eiSWcrRTkZ #AIxCC #AICyberChallenge #LLM #GenAI #AIForSecurity

RIP ...

Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution.

https://t.co/j5f6AZq6BI

Software vulnerabilities can be notoriously time-consuming for developers to find and fix. Today, we’re sharing details about CodeMender: our new AI agent that uses Gemini Deep Think to automatically patch critical software vulnerabilities. 🧵

Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). https://t.co/4IvvqcVs4Q