Read my blog post on how I unexpectedly discovered CVE-2021-21702 PHP's SOAP extension: datto.engineering/post/how-i…

He said in this video that finding 0-days with Claude wasn’t possible 3–4 months ago but at @0dinai we were already doing it back in Feb/March 2025. We called the technique “OH LAWWWD.” We talked about it multiple times on podcasts and even demoed it live at @ekoparty last October. We asked the crowd to pick any target someone said Discord. We found 10 zero days in under 15 minutes. 1k retweets and I will release the monolithic prompt!

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-0… Cheers to @u1f383 for finding these CVEs the OffensiveCon talk from gteissier & @laomaiweng for inspiration!

IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newtown…

Excellent article on using graph theory in security

The libarchive e8 vulnerability is actually really cool, but the ZDI advisory doesn't explain why it's so wild lol. For some reason, I know about RAR filters, so let me provide the background. 🧵 1/n

This is awesome!!!!

#Fuzzing still faces many challenges when applied to Android native system services. Eric Le Guevel tested AFL 's Frida mode to fuzz directly on Android devices and reports the process and results in today's #blog post: bit.ly/445VWn7

After looking at @hackerpinup's post on @Fox0x01's ARM assembly book, I had to get a copy myself. Ready to dig deep into some ARM assembly internals and do some reversing 😁

Today we share our Alibaba Cloud research for the first time, where we gained unauthorized access to other customers' databases in two different services 🚨 This complex research involved RCE, PE, Container escape, K8s lateral movement, and supply chain attack. Check it out 🧵

New details on the 2nd LastPass incident are fun: - got into Sr DevOp's home via vuln media software - installed keylogger - got master pass to corp vault (seemingly because it was being accessed from home computer) Cool to see that LastPass is sharing this level of detail. Most companies are vulnerable to an attack like this. Main post: support.lastpass.com/downloa… Incident 1 details: support.lastpass.com/help/in… Incident 2 details: support.lastpass.com/help/in…

Didn't know about this. Makes me wonder how many bugs have been missed because of it

Finding one vulnerable kernel driver is cool, but finding multiple vulnerable drivers it’s even better! I’m excited to share my blog post about an interesting vulnerable driver code base that many different vendors tend to share. cyberark.com/resources/threa…

This is a simple but effective idea to reduce the amount of data ingested into data collection platforms.

Fix the database integration and I'm in! The local Cayley graph is useful, but I want to store it in a Postgres or Neo4j db if possible.

Whoa ty!

Here are some of the presentations I found the most interesting within the macOS/iOS Kernel Security research space in 2022! 🧵 alexplaskett.github.io/macos…

A ton of valuable techniques here for those looking for ideas outside of standard email phishing

Everyone knows about Bloodhound for the offensive side, but what about the defensive side? Well, look no further! A thought I've had for the past two years was implemented by the great team at @ZeroNetworks called BlueHound. github.com/zeronetworks/Blue… and youtu.be/IMeZ66ZI_kM

Check out our new blog post on exploiting PDF reader vulnerabilities! Part 2 features a use-after-free vulnerability in Foxit Reader which we exploited using JIT spraying. Blog: hacksys.io/blogs/foxit-reade… Github: github.com/hacksysteam/CVE-2… cc: @shsirk