b0ring retweetledi
b0ring
447 posts
Incredible (i mean, a good thing!), I did 120 points last Q4 and got 2nd place in Office bug hunting, in Q1 I did 200 points but only got 5th place in Office bug hunting.
Conclusion: Office researchers around the world don’t sleep in Q1.:)
Congrats to all!
Microsoft Security Response Center@msftsecresponse
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q1 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers. Learn more in our blog post: msrc.microsoft.com/blog/2025/05/c… We also want to recognize the top 10 researchers in the leaderboard: 1. 0x140ce (@0x140ce) 2. VictorV (@vv474172261) 3. Vaisha Bernard of Eye Security 4. Wkai 5. Li Shuang and willJ 6. Brad Schlintz (@nmdhkr) 7. Zhiniang Peng with HUST & R4nger with CyberKunLun (@R4nger99) (@edwardzpeng) 8. Anonymous 9. Anonymous 10. Nan Wang (@eternalsakura13)
English
Thanks, @msftsecresponse ! Thrilled to be on the leaderboard with everyone! 😊
Microsoft Security Response Center@msftsecresponse
Shoutout to the other incredible researchers who made this quarter’s leaderboard. Your work and partnership is deeply appreciated! @dhiralpatel94 @dnpushme @HaifeiLi @sim0nsecurity @KeyZ3r0 @xtytia0922 @longgregc @hpy_insu @nevul37 @nvk0x @ashketchum_16 @niraj1mahajan @fatnass1f1ras @thisis0xczar @martin_jw @AnupamAs01 @scwuaptx @_dirkjan @ImanGurung13 @guilhermesgi
English
@wmessmer I couldn't find any place to update to 2504, even the update log still shows 2502 (aka.ms/WinDbgWhatsNew). Can you tell me where I can download it?
English
If you update WinDbg today (1.2504.15001.0), you might notice another icon in the View tab of the ribbon, one called "Parallel Stacks". While incredibly useful in its own right, this isn't just a parallel stacks view. It's the introduction of graph visualization for extensions!
English
(CVE-2025-3620)[405292639][usb]The UsbChooserController holds a raw pointer to the requesting RenderFrameHost -> RenderFrameHost is destroyed before the chooser controller -> UAF
chromium-review.googlesource.com/c/chromium/src…
chromereleases.googleblog.com/2025/04/stable…
English
b0ring retweetledi
TF is too mature for bug hunting, so we introduced a new surface for u guys.
Leszek Swirski@leszekswirski
V8 is leaving the Sea-of-Nodes Turbofan compiler for the shores of CFG, read all about it in my colleague's blog post: v8.dev/blog/leaving-t…
English
Let’s compete again next year
Google VRP (Google Bug Hunters)@GoogleVRP
📯 Announcing the top 20 Chrome VRP researchers for 2024: crbug.com/386306231 📯 Congratulations to everyone on the list! Many thanks and much gratitude to our entire Chrome VRP researcher community and helping us make Chrome Browser & Chromium more secure for all users! 🎊
English
CVE-2024-23282 : A maliciously crafted email may be able to initiate FaceTime calls without user authorization
I submitted a complete PoC for this vulnerability to Apple, but they awarded me a reward of $5,000. I requested a re-evaluation, but Apple declined.😢
English
b0ring retweetledi
virustotal.com/gui/file/9f180… "Desktop Window Manager local privilege escalation.docx"
Boris Larin@oct0xor
We discovered a new zero-day in Microsoft Windows used in attacks with QakBot and other malware. It was just fixed as CVE-2024-30051, and this time it all started with a curious find on VirusTotal… @r00tten securelist.com/cve-2024-30051…
English
@R00tkitSMM Has anyone actually seen Apple paying a bounty for the ImageIO vulnerability? I haven't seen it😂
English
Does anyone know why Google's two vulnerability report submission portals are now invalid?
bugs.chromium.org/p/chromium/iss…
bugs.chromium.org/p/chromium/iss…
I encountered it once a long time ago, but at least one worked that time:
#c6" target="_blank" rel="nofollow noopener">bugs.chromium.org/p/chromium/iss…
English