Pumpkin (Pumpkin 🎃) wrote an exploit for this issue! Go check out their blog post 👀 u1f383.github.io/linux/2025/10/…

Wrote a blogpost today about getting Lucid fuzzing on a "real" target, all of the work that it took and the changes we made along the way. Next, we'll take a more earnest bug-finding approach and conduct a serious fuzzing campaign with Lucid: h0mbre.github.io/Lucid_Dreams_1/

In our final ksmbd research post, 73696e65 provides a detailed walkthrough for exploiting a local privilege escalation vulnerability. If you're interested in learning more about exploitation on modern systems - check it out! blog.doyensec.com/2025/10/08/ksm… #doyensec #appsec #security

CVE-2025-23282 is going to debut tomorrow at Hexacon in our talk "CUDA de Grâce" w/ chompie, but you can try CVE-2025-23332 now! Tweetable Python PoC: ``` import fcntl fcntl.ioctl(open('/dev/nvidiactl'),218,0) ```

💣 We caught Y Combinator–backed Gecko Security stealing two of our CVEs, one on ollama , one on Gradio. They copied our PoCs, claimed CVE IDs, and even back-dated their blog posts. Here’s the full story 👇

Meanwhile on x86, upcoming memory tagging support was announced today - named ChkTag. A few notes: - Tags are stored in virtual memory - this is quite similar to the recently disclosed FEAT_VMTE on Arm

Wrote a blogpost today on how to write a harness for Lucid. This is the harness I'll be using to fuzz `nftables`. Some overlap with last blogpost, but everything is explained step-by-step. First blog entry into my earnest attempt to find bugs with Lucid for the 1st time: 👇

First mention of x86 memory tagging (aka MTE) by both Intel and AMD (codename ChkTag): community.intel.com/t5/Blogs/Tech-… amd.com/en/blogs/2025/… 🤘🤘🤘

From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise. Full technical breakdown inside, #vmalloc exploitation technique included! blog.quarkslab.com/nvidia_gpu_ker…

🚨 Save the Date for #offensivecon26 Mark your calendars, spread the word, and stay tuned for when registrations open! 📍 Hilton Berlin 🧠 Trainings: 11–14 May 2026 🎤 Conference: 15–16 May 2026 Visit 🔗offensivecon.org for more details.

I've released Rootkit Signal Hunter - a simple tool which detect rootkits which use signals to elevate process privileges. github.com/bcoles/rootkit…

I analysed a recent KernelCTF 1-Day (CVE-2025-39965) which is a UaF in Linux XFRM subsystem, including the XFRM internals, the patch-fix, vulnerability analysis, along with a trigger PoC. Enjoy! Blog: streypaws.github.io/posts/Dissecti… PoC: github.com/Shreyas-Penkar…

I published a deep-dive blogspot about a Linux kernel bug #CVE-2022-0847 (#DirtyPipe), covering the root cause, exploit mechanics, and the patch. Feedback welcome. 0xnull007.github.io/posts/dirtypip…

More HW security goodness from Arm: community.arm.com/arm-community-… vMTE (Virtual Memory Tagging) allows to use MTE in a more flexible way, consuming less RAM. POE2 allows to build efficient in-process sandboxes and isolation. More-or-less improvement over x86 Memory Protection Keys.

Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE - [email protected] Billy from starlabs hitcon.org/2025/slides/b7…

Honey wake up, a new alternative to userfaultfd / FUSE for lengthening race windows just dropped!! github.com/google/securit…

Faith 🇧🇩🇦🇺 I believe this technique has been known for a while now, first saw it in GoogleCTF and was later used in starlabs.sg/blog/2023/07-a…

🚨 New advisory was just published! 🚨 A Local Privilege Escalation vulnerability was found in Ubuntu, caused by a refcount imbalance in the af_unix subsystem. This vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place: ssd-disclosure.com/lpe-via-refcou…