Publiquei minha pesquisa sobre uma vulnerabilidade de RCE em visualizadores PDF Linux como Atril, Evince e Xreader, resultando na CVE-2026-46529. Abrindo o PDF, e clicando qualquer parte da pagina um comando arbitrário é executado no sistema O artigo: medeiros.zip/posts/CVE-2026-…

Dialed in! Nikolaos Mourousias (@deltaclock), Caue Obici (@caueobici) & Bruno Halltari (@BrunoModificato) of OtterSec used a Code Injection bug to exploit LM Studio in the second round, earning $20,000 and 4 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

CVSS' Attack Complexity metric is the bane of bug bounty hunters: "you tried really hard to find that bug, so we'll pay you less".

CVE-2025-6554: in-the-wild V8 the_hole based vulnerability analysis and exploit Bug analysis by @r3tr074: retr0.zip/blog/cve-2025-6554… PoC by @mistymntncop: github.com/mistymntncop/CVE-… #infosec

TRAMOIA 0x2 tramoia.sh/trm2

A comunidade de Bug Bounty Brasileira está fazendo um evento GRATUITO e trazendo gringo para palestrar. Você de São Paulo ou q pode está nessa data em SP simplesmente VÁ nesse evento. #Bolhasec Maiores detalhes aqui neste tweet.

🚀 Orgulho nacional! 🇧🇷 Parabenizamos todos os envolvidos por essa conquista histórica! Vocês levaram o nome do Brasil ao topo e mostraram que nossa comunidade de CTF está cada vez mais forte e preparada para desafios globais! 🔗 Assista o vídeo em youtube.com/watch?v=5Yt3HGNd…

youtube.com/watch?v=5Yt3HGNd… Obrigado @mentebinaria ! Não foi dessa vez mas DEFCON que nos espere ano que vem! Até lá, como todos devem fazer sempre, estudaremos! Obrigado novamente ao @hackaflag por nos receber!

Brazil made history last weekend, and of course, ELT was a part of it! Thanks @GaneshICMC , @boitatech , @gris_ufrj and #hawksec_unifei for partnership! We got 17th place, the best brazilian result, at #DEFCONCTF Quals as "pwn de queijo"! Thanks @hackaflag for hosting us!

Where there’s bug bounty, there’s #Bugcrowd. 😉✨ We’re honored to have supported the @BugBountyBr at H2HC in #Brazil, big thanks to @bsysop! Seeing the hacker community come together with such passion was nothing short of amazing (as always). 🥲 Huge thanks to the organizers, sponsors, and everyone who joined—you made it unforgettable! 🎉💚

NEW blog post: Netfilter Universal Root 1-day Our latest blog dives deep into the state of Linux kernel security and the open-source patch-gap, exploring how we monitored new bug fixes and achieved 0day-like capabilities by exploiting a 1-day vulnerability. Read more here →

✍️ Pivoting Capabilities and Conquering the Linux Kernel by @_0xTen youtube.com/watch?v=bxJhlwGj…

Seeing that Pwn2Win isn't happening this year, here's an unreleased beginner-level XSS challenge I created for it (shouldn't be too difficult). lbherrera.me/challenge

The results are in!🥇 Congratulations to these 32 teams who will move on to the Group Round of the 2024 #AmbassadorWorldCup! 🙌 The next round kicks off at the end of August! Stay tuned for the latest info, and read more about the AWC here. bit.ly/3SwGbkV

Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: srlabs.de/blog-post/certicep… Source code: github.com/srlabs/Certicepti… Slide deck, including our guide to deception strategy: github.com/srlabs/Certicepti…

Decided to give my childhood game a try now that they relaunched Habbo's 2005 version back again, oops! (It was already reported and fixed).

"Additionally we set Attack Complexity to High because the attack depends on the victim being authenticated in their default browser" - Shopify

casual CSS injection on github using the math mode