YaraXGUI Improvements HexEditor, Yara Match Table to show all matches found. It supports more tab, yara formatting fixed as well. We can browse for rules and filter files that we want to scan this time. Hex editor is added with the goal to make it more hassle free. Within the hexeditor, we can also apply changes, do basic diffing, mark multiple regions and send to YARA editor. Also included a way to select multiple regions and gaps within each regions can be set a wildcard so we do not need to calculate each size. Can now do disassembly of selected region (capstone), draw basic CFG to do quick checks (maybe for certain obfuscation technique or unique code blocks). Simple parsing for PE and ELF file. Added a wonky and (not-so-reliable) autocomplete (NOT based off parser) but good enough I guess for my workflow). To try the new version: github.com/Owl4444/YaraXGUI/…

i love this exploit! universal SELinux bypass still works to this day. I released it for Qualcomm based processors and just realized I never released the Exynos version so here it is unprivated: github.com/chompie1337/s8_20…

:D

kind of a funny story that led to this @malware_owl and i cooked up a little something...

Last week @ultimat3hg and I decided to try looking for bugs with the help of Prof. Claude and we did find a little something. Reported it and waiting :D

Following the idea of @eversinc33 and thanks to Claude I was able to lift the VM bytecode to LLVM IR, but due to the stack model, and the calling convention inside of the bytecode, the lifted code doesn't look so fancy 😂😂😂. Link next

Claude Opus 4.8 is quite good at RE/VR tasks and can provide additional explainable context on the targets. This in itself is a significant time-saver for any REsearch work.

Short Writeup on an ExifTool Arbitrary Command Execution Vulnerability that was reported two months back: CVE-2026-3106 securelist.com/exiftool-comp…

Have you noticed that those deep-dive stories about complex Windows malware have pretty much vanished, especially in recent years? It feels like the era of "blockbuster" Windows malware has just gone silent, and this blog post tries to give some answers why. r136a1.dev/2026/05/07/where-…

two years ago people said that coding is dead, now they calling hacking is dead ... My take is probably bug bounty/0day for money is dead, but the joy of understanding something deeply will survive, just like coding as the joy of building things. ( but tbf I think 0day for huge $ will be also survived as well )

Read our technical walkthrough: nebusec.ai/research/v8-magle…

🚨Kaspersky GReAT has uncovered a compromised installer of DAEMON Tools Lite distributed directly from the official vendor site since April 8, 2026. It successfully uses a valid developer digital certificate. Affected versions: 12.5.0.2421 to current. Read more in the thread below🧵 1/5

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135 - @zellic_io zellic.io/blog/pwning-v8ctf/

Together with @bzvr_, @2igosha and Anton Kargin, we identified that the DAEMON Tools software has been compromised in a complex supply chain attack since April 8. We see thousands of infections across 100 countries. If you use DAEMON Tools, run a malware scan immediately! [1/7]

1/2‼️ QuimaRAT v2.0.0, a new cross-platform Java-based RAT, is allegedly being sold on a hacking forum, targeting Windows, macOS, and Linux systems. ⠀ ‣ Threat Actor: QuimaCORE ‣ Category: Malware / RAT Sale ‣ Product: QuimaRAT v2.0.0 ‣ Industry: Cybercrime / Malware-as-a-Service ⠀ The actor is advertising a Java 17 JavaFX based remote access trojan claiming FUD (Fully Undetectable) output, end-to-end encryption (Mutual TLS AES-256-GCM), and no Java requirement on target machines. ⠀ What's advertised: ⠀ ▪️ 70 Windows modules / 44 macOS & Linux modules ▪️ Surveillance: keylogger, clipboard logger, screenshot/screen recorder, hidden VNC, webcam/microphone capture, hidden browser ▪️ Credential theft: browser recovery (Chromium/Firefox/Edge), email clients, LSASS dump, RDP/VPN credentials, crypto wallet artifacts, token stealer ▪️ Evasion: AMSI bypass, ETW patcher, UAC bypass, Defender/Firewall disable, process hollowing, DLL injection, shellcode loader, rootkit module ▪️ Network: scanner, SOCKS5/reverse proxy, port forwarding, lateral movement, AD enumerator ▪️ Builder output formats: JAR, EXE (Launch4j), BAT, VBS, NATIVE formats with embedded JRE ▪️ ProGuard obfuscation with 15,600 runtime classes ⠀ Pricing: $200 (1 month) / $400 (3 months) / $600 (6 months) / $800 (12 months) / $2,400 (lifetime)

Infosec community right now…

The ever awesome @NielsProvos dropping knowledge. Vulnerability research with AI is an orchestration thing not a model capability thing at this point. Echoes my sentiments that winning here (defense v offense) is a question of tokens, agents, agility. provos.org/p/finding-zero-da…