🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

My V8 vulnerability CVE-2019-5790 is now public (Heap buffer overflow in the V8 language parser) bugs.chromium.org/p/chromium/iss…

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. zerodayinitiative.com/blog/2022/3/16…

Fuzzing from First Principles with Alisa Esage x.com/i/broadcasts/1…

[Research] Hyper-V 1-day Class: CVE-2024-38127 이번 연구글도 Hyper-V LPE 취약점 분석입니다. CVE-2024-38127의 patch diffing, poc에 대해 다루었습니다 🧐 hackyboiz.github.io/2024/09/15/pwn…

New writeup from ꙅɿɘƚɔɘqꙅ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate. Full disclosure: samcurry.net/hacking-kia

[Browser Exploitation] Insightful little analysis of v8 CVE-2024-7965: bi.zone/eng/expertise/… PoC: github.com/bi-zone/CVE-20… Logic bug in Turbofan's "sea of nodes" IR implementation allows for OOB array access! Exploit in-the-wild reported by Google & CISA on 26th August 2024

#POC2024 Nguyễn Hoàng Thạch(Thach Nguyen Hoang 🇻🇳) - VMware Workstation: Escaping via a New Route - Virtual Bluetooth 😆

My first V8 sandbox bypass vulnerability has been fixed, and I will continue to discover more. chromium.googlesource.com/v8/v8.git/+/7f…

Pwning a Brother labelmaker, for fun and interop! by sdomi sdomi.pl/weblog/20-pwni…

🎄 All I Want for Christmas is a CVE-2024-30085 Exploit 🎄 As always, we at starlabs are sharing what we learnt. This time, it's brought to you by Cherie-Anne Lee starlabs.sg/blog/2024/all-…

Think you’ve got what it takes to pop shells and snag your ticket to... RE//verse and Off-By-One Conference ? 😏 github.com/star-sg/challe…

A brief JavascriptCore RCE story by Lan Vu and An Nguyễn qriousec.github.io/post/jsc-unini…

The most elegant V8 Wasm Turboshaft typer exploit that I've reported. This primitive converts **any** Wasm type confusion in **any type hierarchy** into fully controlled arbitrary type confusion - e.g. what happens if you type `null : ref extern`? RCE :) crbug.com/372269618

[$20000](CVE-2024-12693)[382190919][maglev]Array OOB access in the maglev phi untaggingoptimization is now open with PoC: issues.chromium.org/issues/3821909… Wow... A very detailed report, I recommend it to those who are interested in how v8 works, and especially maglev.

A deep dive into the core IR components of Fuzzilli, focusing on Analyzer.swift, Blocks.swift, and Context.swift. This post kicks off a series exploring the internal structure of Fuzzilli's IR. rpc.kr/posts/fuzzilli…

Part 2 of the Fuzzilli IR series explores Opcodes.swift, Operation.swift, Program.swift, and Variable.swift. With the groundwork complete, the next post dives into the core of the IR engine. rpc.kr/posts/fuzzilli…

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

Congrats to Gerrard Tai , Thach Nguyen Hoang 🇻🇳 and the starlabs team for winning the first #Pwn2OwnBerlin!

A toolkit to turn Chromium vulnerabilities into full-chain exploits github.com/Petitoto/chrom… From BSidesLuxembourg 2025 "Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome" pretalx.com/bsidesluxembou…