You might like
Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…
![xvonfers's tweet image. Whoah... $250000
(CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%)
issues.chromium.org/issues/4125787…
issues.chromium.org/issues/4125787…](https://pbs.twimg.com/media/Gx8LeLaWcAA__Xu.jpg)
(CVE-2025-4609)[412578726][Mojo][IpczDriver]Incorrect handle provided in unspecified circumstances chromium-review.googlesource.com/c/chromium/src… Reported by Micky on 2025-04-22
![xvonfers's tweet image. (CVE-2025-4609)[412578726][Mojo][IpczDriver]Incorrect handle provided in unspecified circumstances
chromium-review.googlesource.com/c/chromium/src…
Reported by Micky on 2025-04-22](https://pbs.twimg.com/media/Gq7jYSIWQAMPqsg.jpg)
Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab #CVE-2025-24200 👉 blog.quarkslab.com/first-analysis…
ChatGPT Account Takeover - Wildcard Web Cache Deception : nokline.github.io/bugbounty/2024… credits @H4R3L Ref : Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT : shockwave.cloud/blog/shockwave…
Exploiting ML models with pickle file attacks: Part 2 blog.trailofbits.com/2024/06/11/exp…
Exploiting ML models with pickle file attacks: Part 1 blog.trailofbits.com/2024/06/11/exp…
前几天的Telegram的RCE应该是这个:TG桌面客户端由于拼写错误,将Python zipapp的扩展名pyzw写成pywz(.pyzw是Windows的可执行文件),导致TG客户端打开对应文件不会有安全警告,将会直接执行指定文件 感谢@VulkeyChen师傅提供的资料 Github链接:github.com/telegramdeskto…
We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies thehackernews.com/2024/04/google…
Seems that folks successfully achieved working RCE w/ a previous RTF/Win exploit! This is expected as #MonikerLink is a powerful attack vector (delivering exp) on Outlook - it bypasses Protected View too! Now u have more reasons to PATCH & GET PROTECTED!
⚠️ Update for CVE-2024-21413 💣 Managed & confirmed Microsoft Outlook Remote Code Execution (RCE) but won't publish details (yet).
KernelGPT: Enhanced Kernel Fuzzing via Large Language Models A paper by @cy1yang et. al about using the GPT4 LLM neural network for automatically generating syzkaller descriptions. arxiv.org/pdf/2401.00563…
8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe securityaffairs.co/wordpress/1347…
With Japan COVID cases around 200k, don't think immigration restrictions will allow international conferences. No PacSec in Tokyo this year :-( , back next year I hope. On line trainings at secwest.net this fall tho. There will be a fall PWN2OWN tba.
A new user on the Russian cybercrime forum Exploit just posted a video claiming to show a zero-day, remote code execution exploit in Google's latest Chrome browser running on Windows 10. Asking price: $2M. h/t @HoldSecurity
Double fetch vulnerabilities in C and C++ have been known for some time, but have varying types & causes, requiring different approaches for detection & mitigation This whitepaper (by @N1ckDunn) summarizes different manifestations & fixes of double fetch research.nccgroup.com/2022/03/28/whi…
Racing against the clock -- hitting a tiny kernel race window googleprojectzero.blogspot.com/2022/03/racing…
It's really a complicated bug, Google takes so long to fix it.
Here are the slides from the "Attacking JavaScript Engines in 2022" talk by @itszn13 and myself @offensive_con. It's a high-level talk about JS, JIT, various bug classes, and typical exploitation flows but with lots of references for further digging! saelo.github.io/presentations/…
#hosselot_tips Q: How to develop a browser fuzzer? A: developing a browser fuzzer is tricky. Run and study publicly available browser fuzzers (domato, fuzzilli, ...) and try to modify/hack them until you get experienced. Here is a good example: blog.redteam.pl/2019/12/chrome…
United States Trends
- 1. CarPlay 3,011 posts
- 2. Cynthia 96.1K posts
- 3. Osimhen 42.3K posts
- 4. Katie Couric 6,201 posts
- 5. #WorldKindnessDay 14.6K posts
- 6. Black Mirror 3,988 posts
- 7. Megyn Kelly 15.2K posts
- 8. Gabon 100K posts
- 9. Massie 95.8K posts
- 10. #LoveDesignEP7 182K posts
- 11. Senator Fetterman 6,048 posts
- 12. RIN AOKBAB BEGIN AGAIN 181K posts
- 13. Sheel N/A
- 14. Woody Johnson N/A
- 15. Pat Bev N/A
- 16. Vine 14.7K posts
- 17. Bonhoeffer 3,215 posts
- 18. #NGAGAB 11.8K posts
- 19. #DirtyDonald 3,873 posts
- 20. Seidler N/A
You might like
-
sakura
@eternalsakura13 -
flanker017
@flanker_hqd -
POC_Crew
@POC_Crew -
k0shl
@KeyZ3r0 -
stephen
@_tsuro -
Jioundai
@Jioun_dai -
Jacob Soo
@_jsoo_ -
ohjin
@pwn_expoit -
Hossein Lotfi
@hosselot -
aSiagaming
@vngkv123 -
rthhh
@rthhh17 -
TinySec
@TinySecEx -
P4nda
@P4nda20371774 -
Scott Bauer
@ScottyBauer1 -
zenhumany
@zenhumany
Something went wrong.
Something went wrong.