🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I rarely post this kind of stuff but I think if you check the photos you will agree it’s a fucked up situation idausa.org/campaign/wild-… . Panda is not easy to keep, after seeing the effort to nurture them in their natural habitat

Exploiting the libwebp vulnerability (CVE-2023-4863) in Chrome. Our blog coming soon.

Two vulnerabilities recently, curl 9.8 and libwebp 8.8. The former has several triggering conditions and scenario limitations, which IMO make it almost impossible to exploit, while the other one has been proven to be exploitable by us. So what is CVSS doing?

We've successfully exploited three RCE chains in Steam, one of which chains 4~6 pure logical bugs (features). Memory corruption vulnerabilities were also exploited. Stay tuned for the technical details on our blog after Valve fixes them.

Full Chain Baseband Exploits. Details of the baseband and baseband-to-AP pivot vulnerabilities, exploitable for RCE, chained together at the same time ▶️Part 1: labs.taszk.io/articles/post/… ▶️Part 2:labs.taszk.io/articles/post/… ▶️Part 3: labs.taszk.io/articles/post/… Taszk Security Labs Daniel Komaromy

We are counting down the life of heap memory corruption. Enjoy our new blog post: Strengthening the Shield: MTE in Heap Allocators. darknavy.org/blog/strengthe…

Backdoor in upstream xz/liblzma leading to ssh server compromise openwall.com/lists/oss-secu…

I will share my research on Chrome, including some vulnerabilities reported since last year🤨

DEF CON Shellphish ... but with my kids now sentient enough to participate in the tradition and the rest of my family not getting any younger, I had a moment of clarity: some year, I'll willingly play Quals for the last time, and I'll look back from the future and be okay with that decision...

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

Issue 1492383: UAF in UsbDeviceHandleMac::AsyncIoCallback issues.chromium.org/issues/40074794 The last WebUSB issue we reported last year is finally public. The interesting part is its interaction with the macOS system APIs. In the end, Chromium fixed it by removing the code😂

Since the issue of CVE-2024-5274 is public now, we can finally release our research from months ago. This is a rare vulnerability in the V8 Parser module, and we were surprised to find that our exploit method coincidentally aligns with the ITW exploit😅 blog.darknavy.com/blog/cve_2024_…

A textbook UAF vulnerability in... Chrome AI? We will share more details at Geekcon 1024 next week! [$36000][367755363] High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18 chromereleases.googleblog.com/2024/10/stable…

The Most "Golden" Bypass of 2024 darknavy.org/darknavy_insig…

Finally saw a technical analysis explaining "why this backdoor is so laggy"🥲

[Official Announcement]: deepsec.cc 2025 IS COMING!!! This is a community-driven, non-profit information security closed-door symposium, where technology speaks loudest. 🌐 deepsec.cc 📅 June 16, 2025 📍 Shanghai, China 📧 [email protected]

5 Win11 LPE, 3 Linux LPE, 0 macOS 2 Firefox RCE, 0 Chrome/Safari 5 VirtualBox, 3 VMware, 1 Docker Desktop

The Chromium reviewers are so patient and kind🤣 issues.chromium.org/u/2/issues/419…

Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: github.com/DarkNavySecuri…

It is pretty interesting that as I age and geohot ages, I end up noticing that we agree on more things than I thought in the past. This here is a good read: geohot.github.io//blog/jekyll/u… -- it's