Akai 🇻🇳

Here is my CVE-2025-10891 Chromium RCE PoC: github.com/mwlik/v8-ndays…

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 synacktiv.com/en/publication…

Confirmed! Mia Miku Deutsch (@newbe3e) exploited a stack-based buffer overflow against the Alpine iLX‑F511, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

We suggest assigning such vulnerable templates the new ESC number 17 (ESC17) to help identify and mitigate these risks. You can read our blog post here: blog.digitrace.de/2026/01/using-… 2/2🧵

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks github.com/Maldev-Academy…

New BOF to run native PE in the Cobalt Strike beacon without console allocation or pipe creation. Like BOF_Spawn, this BOF is malleable with proxy/spoof for LoadLibraryA, allocation methods (Heap, VirtualAlloc, Module Stomping) and some other tweaks :) github.com/NtDallas/BOF_R…

I found a new one click NTLM leakage vulnerability / technique from a browser. A web server can redirect a client to a ms-photos URI handler followed by a fileName parameter. If the parameter value is a UNC path instead of a local path, photos.exe will leak the client’s NTLMv2-SSP hash, enabling relay attacks or offline cracking. Leaking hashes from URI handlers is not new, but combined with a browser redirection, it allows moving from website infection to capturing NTLMv2-SSP hashes (supply chain attack). No LLMNR is required, and except if the firewall blocks outbound SMB queries, the hash will leak to public facing SMB servers. The vulnerability can be combined in a supply-chain attack, by infecting public facing applications. MSRC will not release a patch for this issue. Find more details with a POC here: github.com/rubenformation…

GitHub - D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 winning bug. - github.com/D4m0n/CVE-2025…

Small update on "printerbugnew:" added a description of how to exploit CVE-2025-54918: DCs running 2025 allow reflection RPC->LDAPS - from a standard user to DA before patch😃 github.com/decoder-it/pri…

🚨 New APT26 IOCs were just dropped by Chinese researchers at 360. Turns out they’re using a new RAT developed in Golang. MD5(Linux) e1b4572ea0780c963043819016f4c7a8 aff4b4f121aba5046f781fc6aafe8de2 10b7139952e3daae8f9d7ee407696ccf 311f9894297fb1624a2c99ac5c8d8abf 1ded71930d997de43a68e098d232e2e5 3d272caf8bd0342550d65a425ef86f4d a484f85d132609a4a6b5ed65ece7d331 ed923d191cc1f60b189b8356fdbf64d8 MD5(Windows) 5a25a5fc22f2adfe42ac493fd3757f6f ab6022bde19d8495c56812ef5d1c6186 55c020ba4045b92622bf0e0a43b3ca9d 7405ce819ef85fd219c6a204b48cdae1 9fceef2d082a1df7779f5a09311c9a76 abd95f897f392b19873d5fb0c7df831 C&C sinjita[.]store modindia.serveminecraft[.]net 45.155.54[.]28:8080 101.99.94[.]109:8080 45.155.54[.]122:8080 URL  https[:]//trmm[.]space/SoftsCompany/d/27/clipboard.txt http[:]//solarwindturbine[.]site:4000/commands https[:]//trmm[.]space/SoftsCompany/d/25/ProxifierSetup https[:]//securestore[.]cv/ghg/Mt_dated_29.txt http[:]//modgovindia[.]space:4000/commands https[:]//drive.google[.]com/uc?export=download&id=1Umc8DCCFjoclts_tndD1zyAJgDilAW7p https[:]//drive.google[.]com/uc?export=download&id=1VQQiTt78N3KpYJzVbE-95uILnO84Wz_- http[:]//seemysitelive[.]store:8080/ws https[:]//filestore[.]space/SoftsCompany/d/76/CCleaner

S2 Grupo's intelligence team LAB52 reports a new Outlook backdoor, named NotDoor and attributed to APT28, that watches for specific trigger words and then exfiltrates data, uploads files, and executes commands on victim hosts. lab52.io/blog/analyzing…

We can exploit the #securityvulnerability of Windows Error Reporting to put EDRs and #antimalware into a coma-like state. By using the EDR-Freeze #redteam tool: Github: TwoSevenOneT/EDR-Freeze

Recently updated Proof-of-Concepts github.com/0xMarcio/cve

CVE-2025-21479 Meta Quest 3 privilege escalation Exploit poc - github.com/FreeXR/eureka_… #root #MobileSecurity #infosec #dfir

Installing a SharePoint server is really annoying.

@tunadv @msftsecresponse congrats, keep going boi 🎉🎉🎉

My first year at MSRC and being in the top 100 MVR is something I am very proud of😊. Thank you @msftsecresponse for your enthusiastic support🫡. Congratulations to all the researchers on the leaderboard 🎉

updated my ADCS cheatsheet seriotonctf.github.io/ADCS-Attacks-w…

💡 If you're on the OSEP journey or planning to take it soon, bookmark this repository, build your home lab, and start experimenting. 🔗github.com/beauknowstech/… Reference: LinkedIn

👇 github.com/ly4k/Certipy/d…

Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin