symeon

@eternalsakura13 @hlvl4d i know right 🥲

@symeonp @hlvl4d I scanned Skia with CodeQL today, and there were way too many false positives—300 cases.🥹

chromereleases.googleblog.com/2026/03/stable… Critical CVE-2026-3538: Integer overflow in Skia, latest Chrome releases addresses one critical vuln I reported a couple of weeks ago. Incredible!

@hlvl4d @eternalsakura13 codeql 100% (tons of false positives though...)

@symeonp @eternalsakura13 Any specific tool (CodeQL/SemGrep)?

@steventseeley Thank you means a lot! 🖤

@symeonp Well done 💪

@eternalsakura13 cheers, thanks! indeed static analysis!

@symeonp Nice, how did you find it? Was it through fuzzing or code review?👍

@xvonfers Thanks! 🙏

@symeonp 🔥🔥🔥 Great job!

@_EthicalChaos_ Very very true Ceri! Been using it for both vuln hunting and soft dev and it's really impressive. Of course needs some guidance as you say....

The last few weeks I have been consuming LLM tokens like pacman chomping on pac dots going for the world record. I am blown away by its capability. My background before the world of cyberz was software development. Using LLMs to code so far tells me that you still need to understand good vs bad code and have a decent grasp of SOLID principles if you want production quality code, unlike my GitHub. That way, you can prompt the LLM to do it again but better. Essentially becoming a lead developer guiding a junior with their PRs. Without this, you'll certainly get what has been coined as AI slop. But it does make me wonder how learning to become a software developer will change. I assume it will switch to learning to read, understand, debug and spot design flaws over syntax, data structures and mundane writing tasks that now take seconds to write. Certainly an exciting time.

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇 synacktiv.com/en/publication…

✨AI-generated code is accelerating development, but it's also introducing unmaintainable, vulnerable dependencies. Today, we introduce VulHunt: A new framework for semantic binary vulnerability detection. binarly.io/blog/vulhunt-i…

@danrobinson #L60" target="_blank" rel="nofollow noopener">github.com/theori-io/aixc… An early version of this was proven in AIxCC and is open source. In evaluations, we gave it thousands of candidate bug reports (with just a handful of true positives), and it filtered out nearly every false positive while preserving every true positive.

pyghidra-mcp v0.1.13 new release - 👀🔥 New Features: - Import Directory - Mermaidjs CallGraphs Ghidra Headless Vibe reversing++

After reading Lui's blog post: blog.quarkslab.com/exploiting-len… I decided to give it a go and create an exploit for it. After spending a few days I was able to re-produce it and spawn a SYSTEM shell, published the working code here: github.com/symeonp/Lenovo… there's no ASLR bypass though!

@nsg650 It's got a similar vulnerability to the one you exploited: github.com/eset/vulnerabi… such a shame it's impossible to find a copy though!

@symeonp Nope I can't find it either. How did you come across it though?

Hey @nsg650 any chances that you can share the PCADRVX64.sys driver? :) i can't find a single copy of it, thanks!

@nsg650 Sorry, confused this driver (nsg650.github.io/blogs/28-9-202…) with another one! Nevertheless, great blog, thanks for sharing :)

@symeonp ?

BYOVD is a well-known technique commonly used by threat actors to kill EDR 🔪 However, with the right primitives, you can do much more. Find out how Luis Casvella found and exploited 4 vulns (CVE-2025-8061) in a signed Lenovo driver. 👇 blog.quarkslab.com/exploiting-len…

Will post more later but: please check out @theori_io's landing page for AIxCC! We've got source code, agent traces, and blog posts to understand the system we built! theori-io.github.io/aixcc-public/

@garethheyes right I see!! I opened it and then clicked 'update the restart' and somehow reverted it back to the stable one! whoops, sorry, thanks!!

@garethheyes thanks cheers, that's the one I believe I tried?

Manual testing doesn't have to be repetitive. Meet Repeater Strike - an AI-powered Burp Suite extension that turns your Repeater traffic into a scan check.

@garethheyes Hey Gareth, wanted to give it a try:

Source code: github.com/hackvertor/rep… Blog post: portswigger.net/research/repea…