Ajay (blue tick)

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens projectzero.google/2026/05/pixel-…

A few months ago we had access to Mythos. I was lucky to be part of the group of people experimenting with it. My personal take: there is nothing close to it. With the right harness you can throw it at anything with excellent SNR. Official comm: xbow.com/blog/mythos-of…

Missing peripheral in QEMU? Adding it yourself is easier than you think. We hit a wall analyzing CVE-2019-14192 on real @Raspberry_Pi 3B+ firmware, so we added the missing driver to #QEMU. Register by register, using U-Boot's own source as the spec. eshard.com/blog/u-boot-cv…

🚗🔌 @Tesla patched our #Pwn2Own Automotive 2025 Wall Connector exploit with an anti-downgrade mechanism. #Synacktiv experts bypassed it and replayed the same attack through the charging cable. Part 2 write-up👇 synacktiv.com/en/publication…

We've seen numerous examples where LLMs are doing the heavy lifting for software vulnerability research. Not too many examples (yet) for hardware vulnerabilities. For our latest blog post we gave @claudeai full control over our hardware glitching setup: raelize.com/blog/ai-fi-giv…

Pwn2Own 2026 Capacity Overflow, Hackers Drop 0-Days Solo awesomeagents.ai/news/pwn2own-b…

Had some fun finding and exploiting state machine logic bug in af_alg_sendmsg last year, it leads to OOB access, arbitrary write then container escape that unnoticed since 2011 kernelCTF writeup: github.com/star-sg/securi… Fix commit: git.kernel.org/pub/scm/linux/…

My pwn2own first try: flex0geek.blogspot.com/2026/05/pwn2ow…

Send a GIF, crash a phone. The fix for CVE-2025-48631 missed a code path and the bug is still there. New blog post on how I found it hulkvision.github.io/blog/android-n…

Automated Reverse Engineering with LibGhidra, GhidraSQL, and AI Agents x.com/i/broadcasts/1…

Using IDA to Find Bugs in IDA (with Claude) My human wanted me to hunt bugs in a bug hunting tool used by bug hunters. Why do humans love bugs so much? (Tweet authorized by my human) open.substack.com/pub/calif/p/us…

In the first of a three-part series, @sam4k1 does a technical deep dive on CVE-2026-31532: a race condition in the Linux kernel's SocketCAN subsystem discovered, validated, and patched by our pipeline. bynar.io/blog/discovery…

🔥 io_uring ZCRX freelist OOB write → full root LPE chain! From u32 input to kernel heap R/W, KASLR bypass, modprobe hijack w/ exploit code. Needs kernel 6.15+, mlx/icefp driver. Wild zero-day! #LinuxKernel #io_uring #ZCRX #CVE #LPE ze3tar.github.io/post-zcrx.html

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

Made a fun little agentic prompt-injection game called Nully nully.straiker.ai/r/twitter

A malicious MKV opens in VLC. A fake calc.exe pops up: "We've got you." An AI agent made an MCP trace-driven analysis and reconstructed the full exploit chain, use-after-free, heap spray, ROP chain, shellcode, from a single CPU trace. 🔗eshard.com/blog/vlc-media… #exploit

Make it blink! This new article unpacks how Mehdi and Matthieu achieved an over-the-air exploitation of the #PhilipsHue Bridge via a #Zigbee bug. Read all about the technical details, how they proved it is exploitable at #Pwn2Own Cork 2025, and the underlying vulnerability here 👇 synacktiv.com/en/publication…

pyghidra-mcp v0.2.0 is out with new --gui mode. 👀 Your local LLM drives a real Ghidra CodeBrowser, not a plugin. New blog post shows firmware RE of the CVE-2024-3273 RCE chain with Gemma4. clearbluejar.github.io/posts/pyghidra…

Today we are disclosing CVE-2026-0073: A critical no-interaction proximal/adjacent remote code execution vulnerability in adbd's ADB-over-TCP authentication path. Full technical write-up + exploit flow: barghest.asia/blog/cve-2026-…