🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

Really enjoyed reading this rebuttal. It touches on a topic I hope to write more about in the future, that offense and defense are both necessary and must exist in balance with one another.

What does the future look like for the CNE market? Excited to be discussing with an amazing panel DEF CON! Policy@DEF CON

Why exploits prefer memory corruption Thanks to Halvar Flake and chompie! pacibsp.github.io/2024/why-explo…

New kid on the block lookin good 👀

lol

En route to Hexacon !

Much of what you see publicly reported probably wouldn't fly as a fully working exploit. It may be obvious when you look into a bug, it may not be; just finding it doesn't prove anything, and the skill to take it to a true exploit is completely different from bug hunting.

After 10 years, today is my last day at Trenchant (Azimuth). It has been a truly incredible experience and immense privilege to work alongside some of the best in this industry.

IMO the hallmark of a "senior" vuln researcher is not only their ability to discover/exploit vulnerabilities in difficult targets, but, critically, their ability to effectively *invest and allocate resources*. Knowing when to sink more time/effort into an attack surface or

Summercon 2025 Call for Papers Since 1987, Summercon has been where serious security research meets irreverent hacker culture. We're looking for original, technically rigorous presentations that challenge assumptions and advance the state of the art. CFP: summercon.org/cfp/

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

Exploit devs and professional vuln hunters: How many false positives from a tool are you willing to go through to find one real, exploitable, vulnerability? Assume triage of each bug report at least 10 minutes. (Please RT for reach)

We're excited to announce the formation of Catalyst Security! We're a new company started by a small group of experienced vulnerability researchers, focused solely on innovative research. catalystsecurity.com

We're currently hiring experienced researchers, particularly focusing on the areas of iOS, Android, Browser, and 0click. If you're interested, please reach out: <[email protected]>

I'm beyond excited to be a part of this team and share our new company Catalyst Security. We've assembled a small team of exceptionally skilled vulnerability researchers focused particularly on iOS, Android, Browser, and 0click. We are hiring senior researchers. If you're

We're excited to be at OffensiveCon this year, come up to our booth and say hi!

I’m in Berlin for offensivecon. Stop by the Catalyst Security booth during the con if you want to say hi!

Excited to announce our collaboration with DiceGang to host an epic battle for hackers of all ages. This will be the inaugural event for QuendCon. See you in Brooklyn…. Stay tuned for more