candymate

👀 (CVE-2026-2649)[481074858][wasm][turboshaft]Wasm br_table operation Phi integer overflow(passing too many inputs). chromium.googlesource.com/v8/v8/+/04d57e… chromium.googlesource.com/v8/v8/+/25613a… chromereleases.googleblog.com/2026/02/stable… PoC: ./d8 --no-liftoff chromium.googlesource.com/v8/v8/+/25613a… Reported by JunYoung Park(@siwu_network)

Everyone wants to fuzz complex optimizations of WebAssembly compilers, but most approaches are simply considering grammars and types. Why can't we fuzz optimizations directly? We will share how we can do if we have systematically written optimization rules in S&P 2025 :)

Just killed a Pixel 7 Pro... Not sure what I did wrong here... I'm very sad..😭

Driving forward in Android drivers googleprojectzero.blogspot.com/2024/06/drivin…

Cold Fusion got 6th place at DEF CON CTF Qualifier 2024 💙 Cold Fusion이 DEF CON CTF Qualifier 2024에서 6위를 차지했습니다! 😘 *PLUS is part of the "Cold Fusion", which is a collaboration team from South Korea 🇰🇷

🌪️”From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit's Journey to v8CTF Glory” will be presented by Haein Lee and @insu_yun at #TyphoonCon24! Buy your tickets at: eventbrite.com/e/typhooncon-2…

Confirmed!! Seunghyun Lee (@0x10n) of KAIST Hacking Lab used a UAF to RCE in the renderer on both #Micosoft Edge and #Google Chrome. He earns $85,000 and 9 Master of Pwn points. That also puts us over $1,000,000 for the event! #Pwn2Own

Boom! Seunghyun Lee (@0x10n) of KAIST Hacking Lab was able to successfully demonstrate his exploit of #Google Chrome. He's off to the disclosure call to provide us all the details before we bring in the Google team for disclosure. #Pwn2Own #P2OVancouver

Big change coming to @USENIXSecurity starting 2025. "Starting with USENIX Security '25, we will be decoupling paper publication from paper presentation, so not all papers will have full-length talk presentations at the conference." usenix.org/blog/2023-usen…

Our POC2023 slide is now available on our website #POC2023 kaist-hacking.github.io/publication/ki…

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent qualys.com/2023/07/19/cve…

This was exploited in the wild and is a Type Confusion vulnerability in Safari DFG JIT (CVE-2023-32439). This vulnerability causes type confusion because `EnumeratorNextUpdateIndexAndMode` and `HasIndexedProperty` are different DFG Nodes but share the same heap location kind.

I am happy to announce that "BaseComp: A Comparative Analysis for Integrity Protection in Cellular Baseband Software" is accepted to Usenix Security '23. This work is related to static analysis to find logical bugs in baseband firmware.

This is Huge. A UCLA student may have just found the first feasible Indistinguishability Obfuscation (iO) scheme, based on well-understood cryptographic theories. In other words, imagine an obfuscator/packer that is nearly as difficult to crack as AES. The research validates the creation of an (iO) scheme for all polynomial-size circuits (i.e. computer programs of a reasonable size) Malware and DRM could start to get really, really interesting in the next few years. escholarship.org/content/qt7vq3…

CVE-2023-28231: The Trend Micro Research Team takes a in depth look at this recently patched RCE bug in the #Microsoft #Windows DHCPv6 service. Their write-up includes root cause analysis and detection guidance: Read the details at zerodayinitiative.com/blog/2023/5/1/…

Elevation of privileges from Everyone through Avast Sandbox to System AmPPL (CVE-2021-45335, CVE-2021-45336 & CVE-2021-45337) by @Denis_Skvortcov the-deniss.github.io/posts/2023/02/…

GHSL-2023-023: Type confusion in the Chrome renderer - CVE-2023-1214 securitylab.github.com/advisories/GHS…

VM escapes in #Parallels Desktop are a common target for many researchers. @renorobertr details some local privilege escalation via setuid root binaries in his latest blog. His write-up includes root cause analysis of CVE-2023-27322, -27324, & -27325. zerodayinitiative.com/blog/2023/4/5/…

I am really happy to announce that my research on adobe sandbox escape exploiting a windows CVE has been published on the Exodus Intelligence's blog blog.exodusintel.com/2023/04/06/esc…