4B5F5F4B

I just found some 0-click NTLM leak vulns, with help of LLM

Microsoft has addressed a one-click NTLM leak vulnerability affecting Windows Snipping Tool (CVE-2026-33829), discovered by our researcher Marcos Díaz (@Calvaruga). ➡️ Read the write-up: github.com/blackarrowsec/… ➡️ Microsoft bulletin: msrc.microsoft.com/update-guide/v…

Hello security researchers! Like it or not, agentic AI is here. It’s time to explore its impact on novel, academic research in cybersecurity. To this end, we’re launching the Conference for Synthetic Security Research (synsec.org). Researchers, start your agents!

@wh1ant I've a LPE 0day, can you help me to write a working exploit? I'd like to send you a VS project if you want:)

Super cool research by @patch1t . Exploiting the impossible , #Apple Deems Unexploitable … #NullconBerlin2025

Just write a PoC for this vuln with help from LLM:)

In just the last 5 years China 🇨🇳 has taken over the car making market

What does LLM jailbreak really mean? Just read a boring post claims that OpenAI's latest o-3 can be manuplated to generate malicios code for memory injecting to lsass.exe. But I do not believe the shitty code really works.

Check out this bot I found on Coze! coze.com/store/bot/7334…

A+ quality hacking: spectrum.ieee.org/voyager-1

I think TESLA pays cares nothing about vehicle infosec, just like most vendors.

Confirmed!!! The @Synacktiv team used a single integer overflow to exploit the #Tesla ECU with Vehicle (VEH) CAN BUS Control. The win $200,000, 20 Master of Pwn points, and a new Tesla Model 3 (their second!). Awesome work as always. #Pwn2Own #P2OVancouver

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

@vessial @greentheonly Looking forwards to more Tesla eastereggs from your sharing. BTW: Did you buy Tesla IVI from Xianyu platform?

Qemu fully Tesla model 3 EMMC dump emulation up, this is after 2021 model based on AMD Ryzen APU @greentheonly

Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.

I can't believe my eyes such a low quality doc microsoft.com/en-us/security… was published by staff from Microsoft's security team.

A few years old but still a good series by @LimitedResults on ESP32 reverse engineering and exploitation crypto-core: limitedresults.com/2019/08/pwn-th… Secure Boot: limitedresults.com/2019/09/pwn-th… Boot Keys Extraction: limitedresults.com/2019/11/pwn-th… #esp #espressif #iot #infosec #cybersecurity

`bindiff-tool` is an assistant for `BinDiff`, with this tool, you can use `js` to program `BinDiff` results partially: github.com/Proteas/bindif…

Your assumption about the bug makes sense to me，I was trying to work out a PoC but failed:( Maybe some RPC server with RpcFlags 0x4000 is vulnerable?