🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Moodle’s domino effect (1/2): Unauthenticated XSS to RCE via arbitrary folder creation (CVE-2023-30943). Learn more about the technical details in our first of two blog posts on Moodle: sonarsource.com/blog/playing-d… #appsec #security #vulnerability

Super excited to publish this blog post! One of the most fun bugs I exploited so far, had to get creative and lose my mind reading the CSS spec for 2 days 🙃

⚠️ Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) ⚠️ Attackers could steal source code and poison build artifacts to launch supply chain attacks: sonarsource.com/blog/teamcity-… #appsec #security #vulnerability

Neat authentication bypass! Great work as always from scryh

Critical Vulnerabilities in CasaOS 🏠 Sometimes, the most simple bugs are the best ones! Have you ever seen a malformed header leading to Remote Code Execution? Now you have! 👻 sonarsource.com/blog/security-… #appsec #cleancode #golang

Another Google Cloud service (Cloud Run) is abused by #Astaroth, #Mekotio & #Ousaban banking trojans. The campaign was targeting Italian-speaking victims. Delphi malware is not fun to reverse 😂 but working with b4n1shed, Guilherme Venere, Holger Unterbrink was great 🎉blog.talosintelligence.com/google-cloud-r…

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

Hey folks, if you're looking for an amazing security engineer, check out jvoisin whom I had the pleasure to work with on a lot of cool projects at Google :) > I don't have anything lined-up job-wise, so feel free to reach out if you're hiring. Looks like an opportunity!

Very excited to present this with Anthony Weems! See you in Berlin! (Ezequiel Pereira and 那个火饺🦆(JJ)) were also working on that project and will also be there :)

What could go wrong when Java speaks to C? They certainly don't speak the same language. Read more about a critical parser differential vulnerability we discovered in Apache Guacamole: sonarsource.com/blog/avocado-n… #appsec #security #vulnerability

The past year has been amazing. From marriage, to Pwn2Own to a Pwnie Award, I'm so grateful. I'm using the money I've won from hacking competitions, bounties, & RB for two ppl to travel & attend Hexacon, the premier offensive security con in Paris, France. forms.gle/zt9RaR7EEvTxWG…

Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker come together to persistently leak emails from a victim's browser. Read about it here: sonarsource.com/blog/governmen… (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)

Excited to share this blog post about server-side memory corruption that my team exploited in production. Shout-out to Simon Scannell, Ezequiel Pereira, and 那个饺子🦆(JJ) - this was a very fun project. :-) bughunters.google.com/blog/622075742…

Exciting news from Google's CVR team! They've discovered vulnerabilities in the Kakadu JPEG 2000 library. Their innovative "Conditional Corruption" technique overcomes challenges in targeting unknown environments. bughunters.google.com/blog/622075742…

Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fix, and tips for bughunters. Also, shout-out to Ezequiel Pereira for teaming up to adapt this work to another cloud provider. bughunters.google.com/blog/567986357…

🕺"Leaving tradition" is one of the best parts of Google's security culture and has led to some of the most interesting attack chains I've gotten to work on. There's nothing quite like starting with a blank slate and ending with a root shell.💃

Sharing rsync instances vulnerable to CVE-2024-12084 RCE (version check only) in our updated daily Accessible Rsync report: shadowserver.org/what-we-do/net… 17,475 instances found vulnerable (out of population of 146,844) on 2025-01-16. Top affected: US (5K) dashboard.shadowserver.org/statistics/com…

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm! Go check it out at github.com/googleprojectz…. While we still have a way to go in improving it, we think it shows a promising approach!

🌪️ Speaker Announcement! Excited to welcome Simon Scannell to the #TyphoonCon2025 Conference lineup! Join us in Seoul on May 29-30! 🔗typhooncon.com/agenda