h0ps

Took me almost a month, but it’s finally done. I completely rewrote the first chapter of linux-insides about the Linux kernel initialization process. Now it should be aligned with modern kernels (up to master). github.com/0xAX/linux-ins…

We open sourced the tool used to detect the Axios supply chain compromise! I built it Friday after a red eye home from RSAC. Also, wrote up the full story, including the hectic moments after that first critical alert github.com/elastic/supply…

day 1: exploited by LiteLLM day 2: exploited by vim day 3: exploited by emacs day 4: exploited by axios day 5: echo "hello world" exploited me The threat model is now "software"

@RenwaX23 @kasturixbm5 This is not universally true. KalmarCTF last weekend had hard, well thought out challenges that could still be solved by AI.

@kasturixbm5 A CTF challenge is not worth playing nor a good quality if it's solved by AI, using firewalls and other boring stuff won't get you anywhere. All these years we just saw refurbished and low quality challenges it's just AI exposed them. I blame authors for any CTF slop.

Kepada CTF organizer yang tak suka players pakai AI: danisy-eisyraf-portfolio.super.site/blog-posts/how…

@ruikai Rip pwn2own

we discovered and helped patch four memory bugs in Llama.cpp today pwno.io/?highlight=37,…

Just derestricted a now-fixed kernel bug in Pixel 10. I think this ranks as the most easily exploited kernel bug of all time😬 Thanks to @tehjh for collab'ing on this driver and full credits for noticing this bug in the first 5 minutes of auditing😂 project-zero.issues.chromium.org/issues/4634382…

This is pretty darn impressive, and also a good counterargument to "nothing ever changes" criticisms of infosec: blog.calif.io/p/a-race-withi…

With a slight delay of three months, me and @bitfriends_ finally found the time to finish our writeup for Still Not Malloc from LakeCTF Quals. Shout out to @LakeCtf organizers for the cool pwn. See you soon in Lousanne! leo1.cc/posts/writeups…

I started playing CTFs in 2022, and LLMs definitely changed the **competitive** CTF scene a lot, especially since mid-2025. I also started using LLMs in late 2025. Yes, those models did one-shot many challenges, but what's the fun of slopping them? I learned absolutely nothing 🥲

theregister.com/2026/02/12/app… "Apple patched a zero-day vulnerability affecting every iOS version since 1.0" 👀

@farazsth98 Love your content !

Finally, here is the blog post containing all the details about how I wrote this PoC: faith2dxy.xyz/2025-12-24/cve… The ~4-5 millisecond race window was more than enough to trigger the vulnerability, but is it enough for a full exploit? Or do I need to extend it? We'll see 😉

In my previous post about CVE-2025-38352, I used a kernel patch to extend the race window to help trigger the vulnerability. I've since improved it to work without the kernel patch. @hackyzh 👀 I also wrote a "Part 2" of the blog post. It's linked at the end of this thread!

Modern iOS Security Features – A Deep Dive by Moritz Steffin and @naehrdine arxiv.org/pdf/2510.09272

For the weekend ARESx had the honor of attending mimic ctf 2025 Big thank you to @XCTF_League for organizing the event 🎖🎖 Hope to see you all next year!

spent a lot of effort with the team on this

Buckle up folks, evidence of the acceleration of capabilities of hackers with agents is becoming a weekly event.

Defeating KASLR by Doing Nothing at All googleprojectzero.blogspot.com/2025/11/defeat…

@ErebiusWhite Rust. Stay secure

Things to know to build a robot: - Soldering - CAD - Python - C++ Anything else?

We are proud to announce, ARESx placed 3rd on m0leCon CTF!!! 🏆🇮🇹 Thank you for hosting! @pwnthem0le Looking forward to see everyone in Turin!! #pwnthem0le

Big problem that needs to be fixed with the pwn2own ecosystem.