We’ve now seen at least four nginx RCEs that require non-default configs: nginx rift, nginx poolslip, and two of our own (including the one in the last tweet). The configs involved are unusual, which raises the obvious question: do these attacks actually work in real-world deployments? We asked Claude to download and analyze more than 4,000 nginx config files from GitHub. The result was embarrassing: none of them were vulnerable to nginx rift or our own attacks. We can’t say anything about nginx poolslip yet, since it hasn’t been published. So don't worry about your nginx yet. Moral of the story: AI can generate FUD, but also help fight FUD. Embrace it!

TempleOS isn't vulnerable to copyfail 😎👍

Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵

Cash prize offered to whoever could break the biggest elliptic curve key using Shor's algorithm on real quantum hardware. Then @yuvadm replaced the IBM Quantum backend in the winning code with A RANDOM NUMBER GENERATOR built into every operating system. And got the same private key back 40% of the time. No quantum computer used. Dumb luck works just fine. The quantum circuit just happens to contribute nothing to the result. github.com/yuvadm/quantumslo…

Cool exploit with @_0x999: He found that \x7F breaks Chrome's "Copy as cURL (cmd)" command parsing in Windows Console Host. In combination with a ", it allowed you to add any arguments to curl. With -o writing files is easy, but we need the username for the startup path... (1/2)

This 1-pager from Xusheng Li on GDB internals of how watchpoints are implemented is a delight to read! (especially that double-write behaviour false positive - I did not know about that)

If you missed the talk at @1ns0mn1h4ck , our latest blog post is now available for you to explore. In this post, researchers @Hacker_Chai and @SachaKozma detail their journey to a 1-click RCE exploit on the Samsung S25 phone. Check it out here: bugscale.ch/blog/shoot-for-t…

Our researchers @SachaKozma & @Hacker_Chai are taking the stage at @1ns0mn1h4ck today! 📍 Campus Auditorium B at 13:30 🎯 Shoot for the Galaxies: Our Samsung S25 1-click RCE Journey If you're into mobile attack surface research, this one's not to miss! #INSO2026 #insomnihack

Proud to have published the first ever report to qualify for Samsung's Important Scenario Vulnerability Programme (ISVP)! @SachaKozma @bugscale security.samsungmobile.com/s…

Just derestricted a now-fixed kernel bug in Pixel 10. I think this ranks as the most easily exploited kernel bug of all time😬 Thanks to @tehjh for collab'ing on this driver and full credits for noticing this bug in the first 5 minutes of auditing😂 project-zero.issues.chromium…

Get to know how a modern smartphone like the Samsung Galaxy S25 got hacked with a 1-click RCE chain. @SachaKozma & @Hacker_Chai will walk through how an ordinary app became the key to a full exploit chain. Join the talk: ow.ly/MPQ550YkjxB #Infosec #INSO26 #CyberConference

Wrote a new blog post on CVE-2025-5959 at yichenchai.com/blog/v8-cve-2… . Check it out!

Going to share about my work with @SachaKozma on the Samsung Galaxy S25 at Bugscale in March at Insomni'Hack! We managed to get a one-click RCE with some limitations; further details will be disclosed during the talk as the bugs are still in the process of patching.

As it turns out, @orange_8361 and I have more in common than I had thought! If you love old school PHP quirks and CTF tricks I recommend you read our articles: phrack.org/issues/72/5_md#ar… phrack.org/issues/72/6_md#ar…

🐞 Bugscale is thrilled to be sponsoring Hexacon again and we look forward to seeing everyone in Paris! Thank you @bugscale for your continued support 🙏

Check out our first blog post about V8 CVE-2024-12695: bugscale.ch/blog/dissecting-…

I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇

Vincent Bouillard of France wins the 2024 #UTMB in 19:54:23. This can only be called an incredible breakout race by a former track and field athlete turned trail ultrarunner who works in research and development for HOKA.

Since the issue of CVE-2024-5274 is public now, we can finally release our research from months ago. This is a rare vulnerability in the V8 Parser module, and we were surprised to find that our exploit method coincidentally aligns with the ITW exploit😅 blog.darknavy.com/blog/cve_2…

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confu… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code from 1996