New #CodeXplorer v2.1 [IDA7 Edition] released! Changelog: multiple bugfixes, added gcc Virtual Tables and RTTI parsing, improved Linux and macOS support. github.com/REhints/HexRaysCo… #REhints

The rax emulator now lives under the Hex-Rays brand github.com/HexRaysSA/rax

RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization. We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06…

If models are just going to get better, even than Mythos, the time for those models to turn a patched vulnerability into an exploit will keep shrinking from hours to minutes. I have a hard time imagining the entire world continuously deploying updates in minutes every time that an update for any software they use is released without other adverse effects. The right strategy has to be achieving sufficient security without relying on patching (still do it, but don't depend upon winning the race).

IDA 9.4 Beta has been released. Some of the major new features include - Strings in the decompiler views will now FINALLY show up in the Strings view - A new "Pathfinder" view that shows you how code execution flow looks like - A new IDA protocol for sharing view states - Automatically detecting Rust version and packages and more docs.hex-rays.com/release-no…

June 19, 3pm at @reconmtl: VMProtect, anti-cheats, DRM — how much of today's obfuscation survives agentic reverse engineering? Find out in our talk with @nicolodev: "Deobfuscation in the Age of Agentic Reverse Engineering" cfp.recon.cx/recon-2026/talk…

Performing better than Opus models in RE/VR projects 🎉

Microsoft puts a feature flag in every vuln fix (my team published this 3 years ago). This makes N-day root cause id much simpler. Waiting to see which bugs they exploited! I’ve been impressed during my own N-day experiments but Opus still can’t crack the hardest bugs by itself

Discovery of N-day vulnerabilities are largely solved at scale by the Mythos and Opus models, for both proprietary and open-source software. It’s time to seriously rethink vulnerability disclosure and time-to-fix timelines. Cascading effects across the software supply chain are becoming a serious bottleneck.

🔺NEW: Apple is expanding Private Cloud Compute (PCC) beyond our data centers. PCC on Google Cloud: NVIDIA Confidential Computing, Intel TDX, and Google's Titan chip, with capabilities that go far beyond a traditional confidential computing deployment. security.apple.com/blog/expa…

Arbitrary code execution in objdump -g We have a thing for finding bugs in bug finding tools. IDA Pro, Ghidra, Binja Sidekick, or radare2. You name it we hacked it. Our friends were saying we should try objdump. So here we go. Blog post: blog.calif.io/p/oobdump-relo… AI-generated PoC and writeup: github.com/califio/publicati…

I forked Anthropic’s new vuln-discovery harness and made it Codex-first. Recon → Find → Verify → Triage → Report → Patch Sandboxed agents find bugs, prove them with crashing PoCs, dedupe, write exploitability reports, and validate patches. github.com/zeroxjf/defending…

My talk "SELECT * FROM binary - Vibe Reversing Across IDA, Ghidra, and Binary Ninja" got accepted at @reconmtl . I am happy to talk about this toolset (idasql, bnsql and ghidrasql) and how it is designed to allow AI agents to work across all these top 3 reverse engineering tools. Point Claude, Codex, or your favorite agent to any single one or all of them at once, and allow your agent can now use the tools all at once to analyze one or more binary at once. These work nicely with loops like "/goal" to allow e2e analysis over many hours. Use cases: - Full source code recovery (with types and code structure) - Full database annotations (also with type recovery, comments, etc.) - Binary diffing - Or just any kind of Q&A against your binary or binaries cfp.recon.cx/recon-2026/talk…

MCP is slow for RE-heavy projects and, in some cases, is unstable. ghidra-rpc is way faster than MCP and scales more efficiently in a multi-agent setup, since it outputs structured JSON.

Practical Android Software Protection in the Wild: An Appetizer In which @Farenain analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use: blog.quarkslab.com/practical…

We're mostly an IDA shop at @CellebriteLabs, but I decided to play around with Ghidra. My main motivation was to experiment with agentic reverse engineering techniques. The result is an agent skill for Ghidra, which we are releasing publicly: github.com/cellebrite-labs/g… >>

That is crazy! I do not believe there are any excuses for the overall behavior. I am extremely disappointed that Microsoft thinks this is acceptable at all and that a (non-)apology suffices @msftsecresponse @MSFTBlueHat @Microsoft

Looks like @Binary_Gecko has published my blog post about putting a KASAN style MTE tag map into the kernel panic output of macOS. binarygecko.com/blog/looking…

Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios. cdn2.qualys.com/advisory/202…

Agents need better tools for reversing! I'm releasing declib (previously libbs), with a new CLI today that gives agents CLI access to 4 decompilers (IDA, Ghidra, Binja, angr), parity feature support to most MCP (12 features), and the ability to sync those changes across decs!

Time-to-Exploit has changed significantly for n-days, especially in OSS projects, where the code changes in the fix can serve as a harness for PoC creation. There’s effectively zero time to apply updates, the MTTR metric has a negative value nowadays. Defense in depth definitely helps by adding layers to buy some time, but in general, old threat models are becoming irrelevant.