This full chain analysis from discovery to exploit has been added to Full Stack Web Attack. The last training for this year is at Romhack between 24th-27th of September at Student discount codes available, PM me but I only have a few left.

RT @carrot_c4k3: finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox)….

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

What do you think the chances are that there are more pre-auth bugs in this?.

RT @Horizon3Attack: Our latest disclosures for CVE-2025-8355 and CVE-2025-8356 - discovering a critical RCE in Xerox FreeFlow Core . https:….

RT @0x_shaq: Dropped a new blogpost. CVE-2025-52970: how I turned a limited, blind OOB read primitive into a full authentication bypass in….

RT @richinseattle: Proud moment. The 40th anniversary @phrack release was a full success. We gave away 12,000 full color 150pg printed zine….

RT @QuoteJung:

RT @xvonfers: Whoah. $250000. (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplic….

RT @PentesterLab:

RT @GoogleVRP: Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and….

RT @smaury92: 👋🏿 Hackers!. Are you a Red Teaming Wizard 🧙🏿 looking for a new challenge? @ShielderSec is hiring a Red Teaming Lead to join o….

. it takes 24 hours, waiting for a daily cron, but we get there. :->

RT @danis_jiang: Our “Dark Corners: How a Failed Patch Left VMware ESXi VM Escapes Open for Two Years” slides are now available!. This rese….

Everyone: OMG I hope AI doesn’t take my job 😱😱🫣.Me: When is AI gonna get good so I can retire? 🫠🫠🫠.

RT @claudeai: We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features:. - /….

RT @dozernz: @mufinnnnnnn Tabby is perfect for that sort of thing. Needs decent compute resources upfront but you can then write Cypher que….

RT @mufinnnnnnn: I made a quick write up discussing techniques to get code execution against Apache Spark SQL: I'm….

RT @PulpLibrarian: Computers are taking our jobs! (1952)

Yep, still got it.

RT @BSidesCbr: KEYNOTE: Not All Vulnerabilities Are The Same.10 years ago, @infosec_au spoke at the first BSidesCbr. Now Australia’s top b….

RT @nirohfeld: We (+@ronenshh) hacked NVIDIA's Triton AI server by abusing a single error message🚨. The result is unauthenticated RCE allow….