7 Photos and videos
a fun bug that requires not only a crafted IPC message but also a response from the server to trigger. I guess that’s why Mythos missed it.
1
4
35
5,869
Based on my limited observations, all recent v8ctf entries fall into three bug classes: Maglev Phi node, Wasm type, and Wasm × Turboshaft. The Wasm type bugs are dominated by the #0 hacker, 0x10n. This writeup and the Nebula team recently published work related to Maglev Phi nodes. Bugs in Maglev and Turboshaft seem appears to correlate with the release timeline of Opus 4.6 and GPT-5.4.
Pwning V8CTF with a 0day in Chrome thanks to Phi untagging.
Read here: kqx.io/post/cve-2026-4447/
3
53
6,933
Beautiful exploit :)
Over the next few months, we'll be gradually publishing some of our internal security research.
Starting with a bug chain that turns Nginx-Rift Nginx-PoolSlip into full RCE.
More to come.
#Nginx #1day #RCE
blog.verichains.io/p/two-byt…
1
4
36
9,707
These races are mind's bitter food but when you truly understand them, many doors open wide!
May 25
We live in interesting times.
Last month Linux patched a core uaf in the epoll subsystem, we rarely see these kind of bugs.
As i like these kind of bugs, i wrote a few words about it here: guysrd.github.io
15
2,591
134 bugs found by Google across components and categories this release looks like to me an enormous success in integrating AI into the ClusterFuzz/OSS-Fuzz infrastructure.
( total more than thousand in recent months )
security.googleblog.com/2024…
May 29
it really seems like with ai the advantage is shifting toward defense over offense. google alone found ~130 findings in the latest chrome release, and we've seen firefox nuking pwn2own entries by patching the bugs before the event.
also, either google has some crazy model finding these, or they're just using mythos heavily. I think its latter, can anyone confirm?
chromereleases.googleblog.co…
4
23
3,326
Not exactly the same, but the big corporation structure seems to show that there are many ways to organize agents, and each works well for a specific purpose.
the architecture derived from swarm intelligence- my favourite subject, the rest is random tikering here and there by enjoying the trajectory of the swarm. I have many others working archs but not much relevant to infosec.
1
14
2,254
My eval shows that GLM 5.1 performs well enough to genuinely find these vulnerabilities. Some of the glm family pruned models by baa-ai can reach around 50-70% and run locally on a mac ultra with 0 cost and 100% secret.
But sometimes the harness need to improved to give extra help for not-so-smart local models.
It also extremely fun to watch the trajectory of the campaign from 0 till it find first crash.
huggingface.co/collections/b…
I’ve tried various agent pipelines, and here is one of them. It found five type-confusion bugs in V8 Wasm: three under non-default flags and two in DrumBrake/MS Edge.
The repo includes all the bugs in detail, along with a README file that explains how the pipeline works, the prompts used, and many of the genomes it generated.
Since the README is enough to let Claude vibe-code it, I won’t upload my messy and embarrassing code.
Have fun :)
github.com/qriousec/colony_a…
9
65
10,172
I’ve tried various agent pipelines, and here is one of them. It found five type-confusion bugs in V8 Wasm: three under non-default flags and two in DrumBrake/MS Edge.
The repo includes all the bugs in detail, along with a README file that explains how the pipeline works, the prompts used, and many of the genomes it generated.
Since the README is enough to let Claude vibe-code it, I won’t upload my messy and embarrassing code.
Have fun :)
github.com/qriousec/colony_a…
4
43
165
21,716
One interesting aspect is not just the competition between bug hunters and frontier labs, but also among the labs themselves. OpenAI was also scanning Firefox for bugs after Anthropic’s Mythos, so either they have more findings to come, or they only found one bug after all.
But given that we observed this bug being duplicated by some P2O entries, including ours, we cannot rule out the possibility that OpenAI’s codex pipeline may have caught it?
(CVE-2026-8390)[2038081]UAF in WASM
hg-edge.mozilla.org/mozilla-…
mozilla.org/en-US/security/a…
Reported by OpenAI Preparedness, Bill Demirkapi
1
24
3,962
Astonishing work! Remind me about @CodeColorist's brilliant logical chains against iOS 14 Safari, which were rooted in Loki more than a decade ago.
I wonder whether Edge might do something unexpected with URL schemes or web content involving AI features.
Looking forward for the details.
codecolor.ist/talks/
Hack Different: Pwning iOS 14 with Generation Z Bugz
May 14
That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉
3
49
9,235