ctx

@albinowax Had any interesting ideas for security research ??? currently going after ai models , looking for any ideas under client or server side :)

I improved the collection view in Shazzer. You can now expand the results below the vector. shazzer.co.uk/collections/69…

We recently achieved renderer RCE and universal XSS on Samsung's default browser. Here's how we abused an out-of-date V8 to construct the exploit chain.

🎃Chih-Yen Chang(@u1f383) - Modern Android Kernel Exploitation Through a Mali Driver Vulnerability

CODEGATE 2026 CTF Qualifiers - Results are out! Congratulations🙌 to all teams who qualified for the Finals. See you in Seoul 🇰🇷 Details🔜 We’ll reach out to qualified teams. #CODEGATE #CTF

@HaifeiLi 3x @heapracer vulns in this release are found using Minimax M2.7+Agentflow and actually we also found those 6 WebMIDI/Audio Codecs/WebGL/WebGPU vulns in this release as well but dup.

another 21 critical and high vulnerabilities on chrome WTF chromereleases.googleblog.com/2026/03/stable…

Warning - This is more political/philosophical/etc. than my normal postings, if that upsets you ignore my story and just go watch this talk from Nicholas Carlini, about his thoughts on AI and Cyber Security: youtube.com/watch?v=1sd26p…. (1/3)

One of the challenges for #KalmarCTF this year includes some open source tooling we ran into on @_JohnHammond's GitHub. We still have many unsolved challenges left, and there's more than 24 hours left before the end of the CTF - so come play with us by going to kalmarc.tf, and try to make your presence on the scoreboard known!

@HackerOn2Wheels Nope

I have a 2 high severity report just sitting as sent for 5 days now without getting picked up in Hackerone. Is this a normal thing now?

@satoki00 Welcome to the club buddy :)

KalmarCTF 2026 has finished! Congratulations to the winning teams! 🥇- sarrus 🥈- @malta_ctf 🥉- rasmusfaber And also to the top teams on the human scoreboard! 🥇- @mhackeroni 🥈- @FlatNetworkOrg 🥉- @l3akctf Another huge thanks to our sponsors @HexRaysSA and @zellic_io! Thanks to everyone for playing, we hope you had fun - see you all again next year!

How to find a $65,000 zero-day in Chrome V8: Meet @eternalsakura13, researcher at Zellic. - Top 3 Chrome VRP 2022–2024 - Top 2 Facebook whitehat in 2023 - Top 10 MSRC MVR in 2025 Here’s a walk through the mind of one of the world’s best Chrome researchers. Can you follow along?

For a deeper look into this zero-day vulnerability, including the full root-cause analysis, proof of concept, exploitation, and patch analysis, check out our newly published blog post: zellic.io/blog/pwning-v8…

In the era of AI-driven pentesting, I reported two SQLis I discovered through full manual recon. Both were time-based blind SQL injections, identified by injecting payloads into the X-Forwarded-For header. #BugBounty #SQLi

@zonduu1 Looks like hacking , or term called bug hunting should be refactored to new vector or novel class where i feel something new must emerge where hackers on upper hand something mostly like a innovative kind of !!!

I got 30+ reports triaged and noticed 2 duplicates submitted just a few hours after my first batch. Most likely someone from the program or triage side saw the report and started mass scanning/reporting the same issue. Pretty wild how fast that happened. P.S: that really shouldn’t be happening

bro's gonna have 17 years of experience at 21.

SECCON CTF 14 Finals参加記 jp.security.ntt/insights_resou…

@Anebriate @FelixCLC_ 🤣🤣🤣

@FelixCLC_ To truly love the computer, you must first hate the computer

too many people who don't love The Computer have been given the privilege of working on The Computer

My challenge is actually based on a bug I found in Apollo Server; in its default configuration, it uses the same blacklist-based approach to prevent CSRF. I was able to bypass it and use it as an XS-Leak in default configs. I’ll be writing a detailed write-up soon about it :)

It seems the Italian CSIRT confirms the 0-day !! acn.gov.it/portale/w/tele… @telegram