REhints

New #CodeXplorer v2.1 [IDA7 Edition] released! Changelog: multiple bugfixes, added gcc Virtual Tables and RTTI parsing, improved Linux and macOS support. github.com/REhints/HexRay… #REhints

Ah neat, I’d been using my little tool “idals” similarly - as a cli tool for agents when assisting with RE. github.com/williballenthi…

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens projectzero.google/2026/05/pixel-…

I'm glad we can finally talk about this! :D As an inveterate blabbermouth it has been killing me to keep my blabbering mouth shut

A lot of people have been wondering about Mythos, Glasswing, and the vulns we / our partners are fixing. Today, I’m excited for us to start sharing more. (For context, I lead Glasswing @AnthropicAI.) Two independent evaluations this week—from XBOW and the UK AISI—confirm what we've been seeing internally: Claude Mythos Preview is a step change in autonomous cybersecurity capabilities. We need to start preparing fast for a world of models with this level of capabilities. The UK AI Security Institute tested the model we shipped at the launch of Project Glasswing and found Mythos Preview is the first model to solve both of their end-to-end cyber ranges, including one (Cooling Tower) which no model had ever cleared. But attackers (and defenders) have sophistication & cost constraints – Mythos is also the only model that clears every one of their tasks estimated over 8 hours under their deliberately low 2.5M-token cap. XBOW tested it on their offensive security benchmarks, finding "token-for-token, unprecedented precision." It's the only model to succeed at subtle V8 sandbox work. Other Glasswing partners shared similar stories. In a few weeks of testing, Mythos Preview has helped them find many thousands of (estimated) high + critical severity vulnerabilities, sometimes double what they'd normally find in a year. I don't share this to boost Mythos. In fact, this is not about Mythos. It’s about preparing for the coming world of models being better, faster, cheaper, and more creative than some of the best human experts at dual use capabilities. Clearly, we need them supporting defenders as widely as can be done safely – and especially the least resourced ones. Within a year, Mythos will probably look quite dumb (relative to other new models). And others may release openly available or unguardrailed models of Mythos-level capabilities. We started Project Glasswing because capabilities like Mythos Preview's won't stay rare, or stay in careful hands. We are bringing it to defenders as fast as we responsibly can, while working to figure out, for example, the right safeguards and patching & disclosure processes. Also, to be clear, compute has never been a limiter in our rollout. Expect a fuller update on our Glasswing work in the coming days. XBOW report: xbow.com/blog/mythos-of… UK AISI report: aisi.gov.uk/blog/how-fast-…

New era of vuln REsearch 👏

Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩

One of the long-standing challenges in C++ RE has always been vtable REconstruction. AI now solves this, and you actually get richer context than you'd ever get from manual recovery. Previously, HexRaysCodeXplorer plugin was born to ease that pain back in the day, but now I need to rethink how to make it truly effective in this new reality.

Proud of the team. They went after a corner of the Linux kernel that nobody had bothered to look at, found a bug that had been sitting there for 14 years, and quietly got on with it. No fuss. Just good work. If any vendors looking for extra pair of eyes, let me know.

Binlex deobfuscating polymorphic shellcode with LLVM. Assemble shellcode Lift to LLVM IR Run optimization passes Emit optimized object code Disassemble recovered shellcode Polymorphism is completely gone.

List of papers related to LLM for vulnerability research/detection github.com/huhusmang/Awes… #infosec

We are thrilled to announce this year's Hex-Rays Plugin Contest winners! 🥇 1st Place: iOSHelper 🥈 2nd Place: BinSync 🥉 3rd Place: CrystalRE Check out the winning plugins, honorable mentions and all other submissions. You can install these plugins today with a single command via hcli. hex-rays.com/plugin-contest…

Going to present an unconventional exploit ;) By corrupting a GPU stack pointer register as part of the TBDR pipeline and some blackbox work, GPU hardware may write vertex / pixel shader to arbitrary pages. Ultimately, the hardware can patch AP kernel back~

Static Devirtualization of Themida/CodeVirtualizer. The techniques in this article apply to pretty much every virtual machine obfuscator with minor modifications. back.engineering/blog/09/05/202… Original Program & Devirtualized Output github.com/backengineerin…

@brucedang @dyn___ Annotating IDB used to take hours before you start actual work, and it's now a matter of minutes.

Shipped SBOM.Tools v0.1.20 🚀 This one's all about EU Cyber Resilience Act (CRA) readiness. - New cra-docs command, generates your Annex V Declaration of Conformity straight from the SBOM - Full CSAF v2.0 round-trip - Article 24 OSS steward profile for maintainers - CRA standards-drift detection in `watch` - 14 compliance levels now, including CNSA 2.0 and NIST PQC If you're staring down CRA deadlines, this should make life easier. github.com/sbom-tool/sbom…

Lately I've been thinking about how AI is changing vulnerability research and reverse engineering. VR and RE are some of the hardest workflows to parallelize. Even with great knowledge transfer and team practices, you usually default to one person per vuln or RE task. The work is just too context-heavy to split. AI breaks that ceiling. It's no longer "one researcher, one task", it's you working one angle while Claude annotates disassembly code, explores another path, or helps you piece together what the last result means. Watching this land in domains we assumed were fundamentally serial is wild.

Reverse engineering and dumping firmware from smartwatches Read more: blog.quarkslab.com/modern-tale-bl… Research by by Damien Cauquil (@quarkslab) #infosec

Good example of why remediation windows are shrinking to near zero, and in OSS, time-to-exploit after a fix is published is almost immediate.

Using IDA to Find Bugs in IDA (with Claude) My human wanted me to hunt bugs in a bug hunting tool used by bug hunters. Why do humans love bugs so much? (Tweet authorized by my human) open.substack.com/pub/calif/p/us…