hungtt28

A carefully structured, tiered root cause analysis for CVE-2025-43529 (JSC UAF). Spent quite some time refining the structure to make the reasoning explicit and readable. Shoutout to @jir4vv1t for his detailed analysis and exploit. github.com/bjrjk/CVE-2025…

iOS 26.1 Safari StoreBarrierInsertionPhase missing Upsilon escape to uaf proof-of-concept github.com/jir4vv1t/CVE-2…

Had a lot of fun reversing Coruna over the last couple weeks and decided it would be worth to write it all up before I forget - so enjoy :) littlelailo.github.io/writeups/corun…

Our newest team member @streypaws just dropped his first blog post! He peered into CVE-2026-0899, from patch to arbitrary r/w primitives No, it is not April Fool's joke from us starlabs.sg/blog/2026/04-c…

Stop asking LLMs to “find vulns.” Start using them to understand code. @Sw4mp_f0x walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes. Check it out: ghst.ly/4rA3uJd

Reverse engineering Claude's CVE-2026-2796 exploit red.anthropic.com/2026/exploit/

syzkaller/syzbot now has AI agentic framework for kernel bug fix generation, bug assessment, security triage, POC generation, etc: groups.google.com/g/syzkaller/c/… Includes set of tools to build kernels, navigate/edit source, test reproducers, etc. Contributions/research are welcome.

Read the full article here: spidermonkey.dev/blog/2025/10/2…

[452605804][reward: $20000] V8 Sandbox Bypass: Wasm streaming compilation cache confusion via "double streaming" crbug.com/452605804

[454485895][reward: $50000] Incorrect Optimization of ArrayConstructor by Maglev Leads to Creation of Malformed JSArray Objects crbug.com/454485895

I'm Boris and I created Claude Code. I wanted to quickly share a few tips for using Claude Code, sourced directly from the Claude Code team. The way the team uses Claude is different than how I use it. Remember: there is no one right way to use Claude Code -- everyones' setup is different. You should experiment to see what works for you!

[450328966] V8: Type Confusion in LoadSuperIC crbug.com/450328966

[451355210][reward: $20000] V8 Sandbox Bypass: AAW/PC control via OOB builtin in SharedFunctionInfo crbug.com/451355210

.@trailofbits released our first batch of Claude Skills. Official announcement coming later. github.com/trailofbits/sk…

Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on-… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/ana…

The most elegant V8 Wasm Turboshaft typer exploit that I've reported. This primitive converts **any** Wasm type confusion in **any type hierarchy** into fully controlled arbitrary type confusion - e.g. what happens if you type `null : ref extern`? RCE :) crbug.com/372269618

After reading @streypaws blog post on CVE-2025-38352, I ended up writing my own PoC for it. I also wrote a blog post on my approach to analyzing and recreating the PoC. Hopefully it is useful to others! See link in the reply tweet below!

The patch for Apple Safari JavaScriptCore HashTable Expansion Integer Overflow Remote Code Execution Vulnerability (CVE-2025-43501 [301371]): github.com/WebKit/WebKit/…