Rosetta Porter 🕊️🦄

CVE-2026-31431 一大早赶了一个纯文件利用，不需要复写 su 文件，信创、异构利用稳定 github.com/Sndav/CVE-2026…

🧑‍🚒 Our researcher Mikhail Sukhov shares his knowledge and experience in analyzing FreeIPA environments. He also introduces his new tool, IPAHound 💪 Go ’n see the details ➡️ swarm.ptsecurity.com/thinking-in-gr…

Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03) Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/04/28/exp… Key features of this edition: [+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow. [+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM. [+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM. [+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup. This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! I would like to thank Ilfak Guilfanov (@ilfak) and Hex-Rays SA (@HexRaysSA) for their constant and uninterrupted support, which has been vital in helping me produce this series. The following articles will continue the miniseries about iOS and Chrome, which are my areas of research. Enjoy the reading and have an excellent day. #exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow

ps5-linux has been released! You can now turn your PS5 Phat console on 3.xx and 4.xx FWs into a fully functional Linux PC gaming device! github.com/ps5-linux/ps5-…

First blog post in the new series. Just really short and basic as an introductino post. I don't really have a direction in mind for this series, but lets just generate scripts with Claude, and try to find 0days without getting too technical, hehe: patreon.com/posts/blog-0-w…

We reveal details of a previously unknown privilege escalation technique in Windows RPC. The vulnerability is due to an architectural flaw and is currently unpatched. We also discuss risk mitigation measures: kas.pr/8vis

Lets write an 1-day Zero Click #exploit ! for CVE-2026-34159 llama.cpp and hack into #AI infrastructure ! blog post : pwntricks.com/ZeroClick-RCE-… exploit github.com/casp3r0x0/CVE-… #Cyber #Security #OSCP #ExploitDevelopment

🚨🚨🚨Inside Pfizer and AstraZeneca's UKRAINIAN BIOLAB‼️‼️‼️‼️

39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools #39C3 #GnuPG #CryptoFlaws #SecurityResearch #Unpatched heise.de/en/news/39C3-M…

I factored the number RSA1024-1 using my home-built QPU stack; alarming sign that RSA1024 will soon be broken. I'm choosing Full Disclosure, in the interest of transparency and Science advancement: gist.github.com/veorq/25bee6ef… Non-ZK proof that the correct RSA1024 was used: #RSA-1024" target="_blank" rel="nofollow noopener">en.wikipedia.org/w/index.php?ti… @yuvadm your move

Fyi I started blogging about windows secure channel a while back, you could probably get a couple of bug bounties out of certificate chain building related code, its a big attack surface: patreon.com/collection/205…

My new article: "Some notes on the security properties of the pipe_buffer kernel object" Many Linux kernel exploits use the pipe_buffer kernel object to build strong exploit primitives. I experimented with pipe_buffers and discovered something interesting a13xp0p0v.tech/2026/04/20/pip…

🚨🇨🇺 BREAKING — Havana Lit Up Russian Oil is Saving Lives in Hospitals

🚨 BREAKING A Telegram bot allegedly linked to Mossad, used to collect images & videos from inside Iran, has reportedly been taken offline by the hacktivist group Handala. The bot was being promoted via Persian-language channels, encouraging citizens to submit content “securely,” even during internet disruptions. Now, it’s gone. ⚠️ This raises serious questions: Was this an intelligence collection channel or psychological operation? How was it identified and disrupted so quickly? What does this mean for future digital HUMINT campaigns? In modern conflict, even covert comms infrastructure is now a target. And it’s getting burned faster than ever. #CyberWarfare #OSINT #DarkWeb #Hacktivism #Iran #Israel #Infosec #DDW

hi, it's an awesome blog about Advanced Module Stomping kuwaitist.github.io/posts/Astral-P…

After an embargo of 256 days, I'm happy to reveal our newest work: we present TREVEX, a black-box CPU fuzzer that detects transient execution vulnerabilities in an automated manner. Running TREVEX on AMD, Intel, and Zhaoxin CPUs discovered multiple new CPU vulnerabilities!

🔥 Read the new article by our researcher Timofey Duditsky. The write-up dives into the AMD Platform Configuration Blobs mechanism, shows how it works, and reveals the vulnerability CVE-2025-54502. swarm.ptsecurity.com/slowburn-looki…

🔔 A PoC/exploit has been discovered for vulnerability CVE-2026-39808 PT ID: PT-2026-32687 Vendor: Fortinet Product: FortiSandbox Description: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via Link: github.com/samu-delucas/C… #dbugs_vuln

📢 Journalists: Have you used the @waybackmachine in your research or reporting? Share your story & support: ➡️ savethearchive.com/journalists/ #WaybackMachine