The story of how I almost pwned the Lexmark Postscript stack for Pwn2Own 2025... And I would have gotten away with it too, if it hadn't been for those meddling firmware updates! boredpentester.com/pwn2own-2…

As far as we can tell, no. There is only anecdotal evidence, along with claims from AI pentesting vendors. If a strong model can do everything by itself, then what exactly have these vendors been building? It is understandable that people would prefer a story in which the harness, workflow, and surrounding infra matter a great deal. It's also why people keep flexing "0-days" in OpenSSL, FFmpeg, or nginx, despite limited real-world impact. That said, Niels Provos was not trying to sell anything, and he and several people have reported good results with IronCurtain despite using relatively weak models. Most importantly, what Google achieved with Chrome suggests that a good harness may be quite valuable. Google does not appear to have access to anything more capable than Mythos, which means they likely scanned Chrome using Mythos itself or something less powerful. Yet they still uncovered hundreds of bugs. There is, however, another explanation. Google may simply have better Chrome/V8 experts who can extract more value from Mythos. This remains our preferred hypothesis. What provides a real advantage: domain knowledge accumulated over many years, or a harness vibe-coded in an afternoon? We think the answer is fairly obvious.

Defcon quals writeups haven't started to trickle out yet?

DEF CON patched our QEMU nday, what about a 0day? kqx.io/post/qemu-0day

I originally prepared this bug for Pwn2Own Berlin. A few days before the contest, a CVE got assigned. So, here is my technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment, exploitable both as an LPE and SBX. voidsec.com/cve-2026-40369-b…

Anyone doing DistrictCon's Junkyard this year? 👀

👏👏👏🔥

Holy...

p2o so far seems to be mostly...previous p2o players or if new, players on well-established p2o teams? not many plausible "from no skills -> p2o success based almost entirely on model capability" examples afaict

👏👏👏

everyone, i need your help, anyone can hook us up with the "ESXi version 9.1.0.0"? your RT is really appreciated, this is Urgent AF.

Pwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo awesomeagents.ai/news/pwn2ow…

Pretty sure the vendor reports before the competition starts are likely actively hurting the competitors that have flown out just to have their bounty halved as the issues are now considered 'known'. Equally, you can't just sit on a full chain. Far from the ideal situation...

It would be helpful to see the distribution of entries across targets this year. Which had more entries than others? Even with AI, my experience is that the hard targets remain hard, and I suspect the entry count we'll see will reflect that.

Good morning! Just published a blog post exploiting a VMware Guest To Host. A UaF Heap Feng Shui base address leakage to bypass ASLR and a stack-based buffer overflow to achieve RCE. r0keb.github.io/posts/VMware…

New post is up! This one uses CVE-2025-20741 (a heap overflow in the MediaTek MT76xx driver) to show how a bit of kernel alchemy can turn a heap OOB write into a number of stronger exploit primitives, up to page-level r/w via pipe_buffer corruption :) blog.coffinsec.com/0day/2026…

VuLneRbiLitY reSeaRcH iS cOoKed

🎉

'You're absolutely right...'

Exploiting the Synology BeeStation (BST150-4T), CRLF injection, auth bypass, and SQLite injection to RCE (CVE-2024-50629~50631) kiddo-pwn.github.io/blog/202… Credits @kiddo_pwn @infosec