RT @charliermarsh: Today, we're announcing our first hosted infrastructure product: pyx, a Python-native package registry. We think of pyx….

RT @tjbecker_: @theori_io's AIxCC CRS has already found dozens of 0day vulnerabilities, and we've barely scratched the surface! The best pa….

Solid, clean and straight to the point.

I wonder how much OSS documentation is now written by AI versus new or junior developers looking to contribute. This is typically how devs build early stage confidence. My guess is they now use AI to enhance those contributions.

So will @perplexity_ai contribute to V8 development if the unsolicited Chrome offer is entertained? 🙂.

RT @trailofbits: Learn how Buttercup works under the hood:

Some early experimentation of using ollama with gpt-oss for automated code review vuln detection, seems promising. Was able to catch a bug I found in Chromium Blink that I was only able to catch via fuzzing and manual code review.

At some point people have to realize we don't need yet another "vulnerability management product" but yet people keep buying and investing. 🤷🏾‍♂️.

RT @argvee: Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vuln….

Agreed. I once had a mentor who said, there are those who read the RFC and those who write it.

The types of posts that bore me, "vibe coding doesn't work on anything slightly complex" or "it's impossible to add code or fix bugs because of vibe coding". This only suggests a few things but IYKYK.

Has anyone built AFL++ to instrument V8 (d8)? The only resource I found is which vaguelly mention it Fuzzilli and LibFuzzer were straightforward.

RT @5aelo: We released our Fuzzilli-based V8 Sandbox fuzzer: It explores the heap to find interesting objects and c….

RT @natashenka: While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today,….

RT @thezdi: Announcing #Pwn2Own Ireland for 2025! We return to the Emerald Isle with our new partner @Meta and a $1,000,000 WhatsApp bounty….

Up and running, Let's go!

I'm glad I took notes during my previous fuzzing sessions. Testing a new profile (harness) for a different JS fuzzer engine. Hoping for luck.

Friendly reminder: not everyone is attending or wants to attend Hacker Summer Camp this year.

RT @sidbidasaria: Claude Code is getting a brand new feature: custom subagents. Type `/agents` to get started.

Definitely one of the better sources for modern and fresh content. Subscribe and join!.