You might like
From bit flip to RCE in Ollama! 🦙 Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally: sonarsource.com/blog/ollama-re… #security #vulnerability #llm #ai
That's a wrap #flareon12 read the official solutions and see the prize here: security.googlecloudcommunity.com/community-blog…
Last night I taught nanochat d32 how to count 'r' in strawberry (or similar variations). I thought this would be a good/fun example of how to add capabilities to nanochat and I wrote up a full guide here: github.com/karpathy/nanoc… This is done via a new synthetic task…
A four part series about Blockchain Operations, the custody of crypto assets and the management of private keys by Mario Rivas State of the Art of Private Key Security in Blockchain Ops
Here's my writeup for kinc from BlackHat MEA 2025 Quals. It introduces Dirty Pageflags, a new exploitation technique inspired by Dirty Pagetable. Big thanks to Dronex for the great discussions! ptr-yudai.hatenablog.com/entry/2025/09/…
Made a pwn challenge for this year’s HITCON CTF, which required participants to bypass PAC, BTI, and deal with relative vtables. Here’s the write-up: bruce30262.github.io/hitcon-ctf-202… Check it out if you're interested🙂
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-da…
Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 bughunters.google.com/blog/624373010…
New WinDbg just dropped in the Microsoft Store! Faster downloads for large PDB files and console debuggers are part of the package! Note the architecture is part of the exe name. aka.ms/windbg.
Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel…
Well, here we go. After well over two years, here's a new version of my programming languages book, PLAI (v3.2.5). As always, free of cost! Can't thank enough all the people named in the acknowledgments. Enjoy! plai.org
Even a single floating-point op may break consensus. In our latest blog, @0xcneagu shows us why this is the case and how to model exponential functions safely with polynomial approximations via Taylor series: 👇 adevarlabs.com/blog/fee-model…
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability! project-zero.issues.chromium.org/issues/4062711…
A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/06/…
🚨 NEW PAPER on the 0day Supply Chain 🚨: I gathered open source data & interviewed Gov employees, VR and China researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China. Key findings below ⬇️ 0/🧵 atlanticcouncil.org/in-depth-resea…
This weekend, I gave a talk on web browser security research at a student-organized conference. I tried to make the talk reasonably beginner-friendly, so the slides (linked here) could hopefully be useful to someone as a learning resource. docs.google.com/presentation/d…
this is so insane. kCTF has a first-come-first-serve policy when it comes to 0day bounties when an instance releases. this team hand crafted a proof of work solver with avx-512 instructions to beat everyone else with an 0day to the flag: anemato.de/blog/kctf-vdf
anemato.de
Beating the kCTF PoW with AVX512IFMA for $51k
PoW is gone 🦀🦀
Ethereum is for shipping. Here’s 21 things the global @ethereum ecosystem got done in the last few weeks: 1. The latest upgrade to Ethereum, Pectra, went live. Pectra introduced smart account wallet features to improve UX, increased capacity for Ethereum L2s by 2x, and…
Track delegated wallet activity on EIP-7702, now live on Ethereum mainnet Our Research team has built a detailed @Dune dashboard to help developers, analysts, and infra teams monitor how EOAs delegate execution to contracts What it tracks and what the data reveals so far ↓…
United States Trends
- 1. Aaron Judge 6,477 posts
- 2. Cal Raleigh 1,921 posts
- 3. Shohei Ohtani 26.7K posts
- 4. AL MVP 5,484 posts
- 5. Under Armour 8,929 posts
- 6. Purdue 5,271 posts
- 7. ALL RISE 9,252 posts
- 8. #internetinvitational N/A
- 9. Megyn Kelly 44.5K posts
- 10. Blue Origin 12.6K posts
- 11. Nike 28.8K posts
- 12. Big Dumper N/A
- 13. RIP Beef N/A
- 14. #RepBX N/A
- 15. Aden Holloway N/A
- 16. Curry Brand 7,470 posts
- 17. New Glenn 13.2K posts
- 18. Senator Fetterman 24.5K posts
- 19. Thursday Night Football 2,951 posts
- 20. #2025CaracasWordExpo 21.2K posts
Something went wrong.
Something went wrong.