Kimi K2 thinking is truly impressive for an oss model, with it's assistant we developed fully firefox rce given 0x41414141 primitive in very short time.More importantly, the freedom without worrying it might leak 0day to closed source model vendor! This bug has been patched by

Double Kill 🤪 Mozilla team working on the patch, we developing the exploit, no drama needed 😎

Unfortunately, Tri Dang (@trichimtrich) from Qrious Secure could not get his exploit of the Samsung Galaxy S25 in the time allotted. #Pwn2Own

We have another Success/Collision. Ho Xuan Ninh (@Xuanninh1412), Hoang Hai Long (@seadragnol) from Qrious Secure used 5 bugs to exploit the Phillips Hue Bridge, but only 3 were unique. They still earn $16,000 and 3.75 Master of Pwn points. #Pwn2Own

We have prepared 2 entries this year mobile pwn2own! Ho Xuan Ninh (@Xuanninh1412), Hoang Hai Long (@seadragnol) from Qrious Secure targeting Philips Hue Bridge in the Smart Home Tri Dang (@trichimtrich) from Qrious Secure targeting Samsung Galaxy S25 https://t.co/dZJDjXweZX

Our web3 audit agent keep getting smarter! Thanks for frontiers model 🙏 Time to teach it some Rustlang for bigger competition 😎

First crash of the year. Displaying a calculator is another story.

Our fuzzer generated entirely by Vibing just found it first ( confirmed! ) 0day in Firefox. CVE and details soon!

Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. https://t.co/vYvVPtF2PP by @lanleft_ + @__suto

Theses findings found by our AI Agent. Probably some writeup when more complex issue got destricted. https://t.co/ho0lrb9OEL

We have a full win!! Ho Xuan Ninh (@Xuanninh1412) and Tri Dang (@trichimtrich) from Qrious Secure used a 4 bug chain to exploit #NVIDIA Triton. Their unique work earns them $30,000 and 3 Master of Pwn points.

Fantastic! Ho Xuan Ninh (@Xuanninh1412) and Tri Dang (@trichimtrich) from Qrious Secure successfully demonstrated their exploit of #NVIDIA Triton. Will it be unique or another bug collision? They are off to the disclosure room to find out. #Pwn2Own #P2OBerlin

The hibernation of our Linux kernel team has ended. Our team member @SeaDragnoL has successfully pwned the COS 109 target of Google's kernelCTF!

We kick off 2025 with a 0day in Mesa driver of Chrome GPU found by @kyr04i and @__suto

Our V8 sandbox escape found by @__suto and @lanleft_ has been derestricted https://t.co/CUnloA8HUv

A brief JavascriptCore RCE story by @lanleft_ and An Nguyễn https://t.co/mKJMcmVZGS

Santa gave us freshly new JSC 0day ✌️

https://t.co/5I5n8jfWcB

This is the report of the Windows LPE bug that I used in TyphoonPwn this year.

After CVE-2024-0223, we reported the bypass and it was assigned CVE-2024-3516: https://t.co/VVJz6lWJt8 Months later, someone else reported another variant and Google decided to give up and allow Chrome's GPU to crash instead of fixing the issue.