Reported a fun variant of this, those kind of bypasses are still quite fun

Great work by our web team! We also got RCE on LiteLLM and Oracle AI DB. Blog soon!

Let's goooo! Nikolaos Mourousias, Caue Obici & Bruno Halltari (@deltaclock, @caueobici & @BrunoModificato) of OtterSec was able to exploit LM Studio! If confirmed, they win $40,000 and 4 Master of Pwn points. They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OBerlin

We've had a renderer RCE -> UXSS exploit on Samsung phones since last November, in collaboration with @cor_ctf. Full writeup coming next week.

Our research team achieved client RCE on Minecraft Bedrock Edition via a heap overflow to bypass ASLR and sidestep CFG. Writeup to come.

New research, I did found many wallets /web 3 products not taking in consideration the difference between desktop env and mobile env leading to high severity issues.

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers. Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits. osec.io/blog/2025-10-16-how-…

NEW: The recent supply-chain attack on NPM exposed a fundamental vulnerability in the open-source ecosystem and the risks that lurk within our dependencies. We break down how the malware worked and practical defenses every dev should know ↓ osec.io/blog/2025-09-13-how-…

As a MetaMask user, you do not need to be scared of the supply chain attack that took place earlier today. MetaMask has multiple layers of defense to protect our products and users: - Basic Security: We lock our versions, don't push directly to main, have manual and automated checks during the entire development lifecycle, and have robust release processes and monitored rollouts. - LavaMoat: Prevents malicious code from harming you, even if malicious code was to somehow sneak in. LavaMoat covers both the development lifecycle and runtime scenarios. - Blockaid: Flags malicious addresses nearly instantaneously, protecting you from compromised dapps. Security is paramount for MetaMask. We work tirelessly to protect you from attacks and threats, including supply chain attacks. 🧡

NEW: Proof of Reserves you can verify yourself. We teamed up with @Backpack to build PoRv2, a zero-knowledge system for fast, transparent solvency checks. More on how we designed it ↓ osec.io/blog/2025-08-27-how-…

Yay, got a new bounty #bugbountytips

Happy to talk there :)

I hope the AI hype ends soon: :'(. The quality of infosec reports and write-ups has been declining so much because of AI slop

Just completed this yesterday, it was fun with some cool tricks! It's been a while since I did a challenge, but I loved it. Thanks @joaxcar for the challenge

New research 🫡

NEW: A few months ago, we uncovered an authentication bypass in Web3Auth that could have led to full account takeover. In this deep dive, we break down how we found the issue and expose other authentication misconfigurations lurking in Web3. osec.io/blog/2025-07-07-subv…

Metamask team has some js chads

We just finished an audit for Lavamoat webpack plugin and found an interesting behaviour related to how the URL costruct() was handled. Here's the details 👇

If you like our research "Supply Chain Attacks: A New Era" please vote it :D. there is another article where I was involved " Zoom Session Takeover - Cookie Tossing Payloads" if you like that too pls feel free to vote it XD

I have so much fear every time I have to explain to a triager DOS via Cache Poison with some non conventional way.... pray for me 💀