The Dustin Childs
@dustinchilds.bsky.social
Just a simple information security gnome trying to make his way through the universe. Part-time patch wrangler. Tweets are just my opinion and such. Got questions about patches or bug bounties? My DMs are open. Signal: DustinChilds.17
Reposted by The Dustin Childs
Microsoft report six(!) exploits in the wild while Adobe has a small (and relatively quiet) month. Join @dustinchilds.bsky.social from Tokyo as he breaks down the release and shows you what to watch for. www.zerodayinitiative.com/blog/2026/2/...
Zero Day Initiative — The February 2026 Security Update Review
I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security pat...
www.zerodayinitiative.com
February 10, 2026 at 6:32 PM
Microsoft report six(!) exploits in the wild while Adobe has a small (and relatively quiet) month. Join @dustinchilds.bsky.social from Tokyo as he breaks down the release and shows you what to watch for. www.zerodayinitiative.com/blog/2026/2/...
A small release from @adobe.com but 6 (yes six!) actively exploited bugs from #Microsoft. I'll have my full thoughts out soon, but get ready for some emergency patching. #PatchTuesday
February 10, 2026 at 6:22 PM
A small release from @adobe.com but 6 (yes six!) actively exploited bugs from #Microsoft. I'll have my full thoughts out soon, but get ready for some emergency patching. #PatchTuesday
Reposted by The Dustin Childs
CVE-2025-6978: Arbitrary Code Execution in the #Arista NG Firewall - our researchers took a deep dive into this recently patched RCE to provide root cause and detection guidance. Read all the details at www.zerodayinitiative.com/blog/2026/2/...
Zero Day Initiative — CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall
In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arist...
www.zerodayinitiative.com
February 5, 2026 at 4:48 PM
CVE-2025-6978: Arbitrary Code Execution in the #Arista NG Firewall - our researchers took a deep dive into this recently patched RCE to provide root cause and detection guidance. Read all the details at www.zerodayinitiative.com/blog/2026/2/...
Patches are now available for Office 2016 and 2019. Get to updating them there systems!
Wow - Office security feature bypass patched OOB after active exploitation detected. Path now - CVE-2026-21509. At least the Preview Pane isn't an attack vector. msrc.microsoft.com/update-guide...
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
January 27, 2026 at 12:33 AM
Patches are now available for Office 2016 and 2019. Get to updating them there systems!
Reposted by The Dustin Childs
Wrapping up Day Two of #Pwn2Own Automotive - we saw some amazing research demonstrated today, some of which had never been seen in public before! Join @dustinchilds.bsky.social as he summarizes the highlights and previews the final day. youtu.be/xKZtfblNrHc
Recapping Day Two of Pwn2Own Automotive 2026
YouTube video by TrendAI Zero Day Initiative
youtu.be
January 22, 2026 at 10:59 AM
Wrapping up Day Two of #Pwn2Own Automotive - we saw some amazing research demonstrated today, some of which had never been seen in public before! Join @dustinchilds.bsky.social as he summarizes the highlights and previews the final day. youtu.be/xKZtfblNrHc
Wow - Office security feature bypass patched OOB after active exploitation detected. Path now - CVE-2026-21509. At least the Preview Pane isn't an attack vector. msrc.microsoft.com/update-guide...
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
January 26, 2026 at 5:40 PM
Wow - Office security feature bypass patched OOB after active exploitation detected. Path now - CVE-2026-21509. At least the Preview Pane isn't an attack vector. msrc.microsoft.com/update-guide...
We landed in DFW at 2:30pm, but thanks to bad weather and @americanair.bsky.social incompetence, here it is 9:30 and we have left customs. Still waiting on bags. *sigh*
January 26, 2026 at 3:21 AM
We landed in DFW at 2:30pm, but thanks to bad weather and @americanair.bsky.social incompetence, here it is 9:30 and we have left customs. Still waiting on bags. *sigh*
Reposted by The Dustin Childs
Reposted by The Dustin Childs
The a highlight from Day 2 of #Pwn2Own Automotive, the team from @synacktiv.com is at it again. This time, they leverage NFC(!) to exploit the #Autel MaxiCharger with a stack-based buffer overflow. Amazing! We've never seen an NFC exploit like this one before. youtube.com/shorts/eGAMc...
From Pwn2Own Automotive 2026 Day 2: Synacktiv vs. Autel
YouTube video by TrendAI Zero Day Initiative
youtube.com
January 22, 2026 at 11:45 PM
The a highlight from Day 2 of #Pwn2Own Automotive, the team from @synacktiv.com is at it again. This time, they leverage NFC(!) to exploit the #Autel MaxiCharger with a stack-based buffer overflow. Amazing! We've never seen an NFC exploit like this one before. youtube.com/shorts/eGAMc...
Reposted by The Dustin Childs
Verified! Fuzzware. io (@ScepticCtf, @diff_fusion, @SeTcbPrivilege) chained two vulnerabilities (CWE-306, CWE-347) to achieve code execution on the Autel charger and manipulate the CP signal, earning $50,000 USD and 5 Master of Pwn points. Full win with the add-on. #Pwn2Own #P2OAuto
January 21, 2026 at 3:06 AM
Reposted by The Dustin Childs
Confirmed! Taejin Kim (@tae3), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), and Hoseok Lee of SKShieldus (@EQSTLab) exploited a hardcoded credential (CWE-798) for code execution via CWE-494 on the Grizzl-E Smart 40A, earning $40,000 and 4 MoP points. #Pwn2Own
January 21, 2026 at 3:33 AM
Confirmed! Taejin Kim (@tae3), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), and Hoseok Lee of SKShieldus (@EQSTLab) exploited a hardcoded credential (CWE-798) for code execution via CWE-494 on the Grizzl-E Smart 40A, earning $40,000 and 4 MoP points. #Pwn2Own
Reposted by The Dustin Childs
The exploit in action!
January 21, 2026 at 4:03 AM
The exploit in action!
Zed is learning about sake. I had to apologize for putting him in checked baggage on the way to Tokyo.
January 19, 2026 at 11:34 AM
Zed is learning about sake. I had to apologize for putting him in checked baggage on the way to Tokyo.
Reposted by The Dustin Childs
We're in the middle of setting up for #Pwn2Own Automotive, and @dustinchilds.bsky.social and Zed peek behind the scenes to see how it's going. youtube.com/shorts/h8dbY...
Behind the Scenes of Pwn2Own Automotive - Setting Up!
YouTube video by Trend Zero Day Initiative
youtube.com
January 16, 2026 at 6:36 AM
We're in the middle of setting up for #Pwn2Own Automotive, and @dustinchilds.bsky.social and Zed peek behind the scenes to see how it's going. youtube.com/shorts/h8dbY...
Reposted by The Dustin Childs
He may be in Tokyo prepping for #Pwn2Own Automotive, but Patch Tuesday waits for no one. Join @dustinchilds.bsky.social as he breaks down a big #Microsoft release (w/ 1 CVE in the wild) and a smallish #Adobe release. www.zerodayinitiative.com/blog/2026/1/...
Zero Day Initiative — The January 2026 Security Update Review
I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside you broken New Year’s resolutions for just a moment as we review the latest security patc...
www.zerodayinitiative.com
January 13, 2026 at 7:05 PM
He may be in Tokyo prepping for #Pwn2Own Automotive, but Patch Tuesday waits for no one. Join @dustinchilds.bsky.social as he breaks down a big #Microsoft release (w/ 1 CVE in the wild) and a smallish #Adobe release. www.zerodayinitiative.com/blog/2026/1/...
It's a big patch Tuesday with more than 110 CVEs from Microsoft but only 25 from Adobe. There's one info disclosure bug under attack. I'll have my full thoughts out soon.
January 13, 2026 at 6:51 PM
It's a big patch Tuesday with more than 110 CVEs from Microsoft but only 25 from Adobe. There's one info disclosure bug under attack. I'll have my full thoughts out soon.
Reposted by The Dustin Childs
NEW: Apple and Google have rolled out security updates to fix a series of flaws used in an active hacking campaign.
Google updated Chrome; Apple issued fixes for iPhones, Macs, and more. Apple and Google's TAG were credited with the find. TAG usually tracks goverment-backed threats, like spyware.
Google updated Chrome; Apple issued fixes for iPhones, Macs, and more. Apple and Google's TAG were credited with the find. TAG usually tracks goverment-backed threats, like spyware.
Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerabilty exploited in the attacks.
techcrunch.com
December 12, 2025 at 8:38 PM
NEW: Apple and Google have rolled out security updates to fix a series of flaws used in an active hacking campaign.
Google updated Chrome; Apple issued fixes for iPhones, Macs, and more. Apple and Google's TAG were credited with the find. TAG usually tracks goverment-backed threats, like spyware.
Google updated Chrome; Apple issued fixes for iPhones, Macs, and more. Apple and Google's TAG were credited with the find. TAG usually tracks goverment-backed threats, like spyware.
A small release from Microsoft and Adobe for our final Patch Tuesday of the year, but we do have Microsoft 0-days in the wild. I'll have my thoughts about the release out soon.
December 9, 2025 at 6:06 PM
A small release from Microsoft and Adobe for our final Patch Tuesday of the year, but we do have Microsoft 0-days in the wild. I'll have my thoughts about the release out soon.
Silent patches make Zed sad :-[
It's a small release from #Microsoft and #Adobe, but there's one CVE in the wild and plently to discuss - including silent patches from October. @dustinchilds.bsky.social has his full roundup at www.zerodayinitiative.com/blog/2025/11...
Zero Day Initiative — The November 2025 Security Update Review
I’ve made it through Pwn2Own Ireland , and while many are celebrated those who served their country in the armed services, patch Tuesday stops for no one. So affix your poppy accordingly, and let’s...
www.zerodayinitiative.com
November 11, 2025 at 6:37 PM
Silent patches make Zed sad :-[
Wow - a small(ish) Patch Tuesday! Just 64 new CVEs from #Microsoft and 29 from #Adobe. One Msft CVE under active attack. I'll have my full thoughts out shortly.
November 11, 2025 at 6:05 PM
Wow - a small(ish) Patch Tuesday! Just 64 new CVEs from #Microsoft and 29 from #Adobe. One Msft CVE under active attack. I'll have my full thoughts out shortly.
Reposted by The Dustin Childs
I attended Pwn2Own in Cork ☘️ last week. I shared a review of the event on this week's episode of my podcast.
You can find that at 14:41 in the video linked here ⬇️
www.youtube.com/watch?v=aaLA...
Thanks to @dustinchilds.bsky.social & @thezdi.bsky.social for allowing me to attend. ❤️
You can find that at 14:41 in the video linked here ⬇️
www.youtube.com/watch?v=aaLA...
Thanks to @dustinchilds.bsky.social & @thezdi.bsky.social for allowing me to attend. ❤️
October 30, 2025 at 8:40 PM
I attended Pwn2Own in Cork ☘️ last week. I shared a review of the event on this week's episode of my podcast.
You can find that at 14:41 in the video linked here ⬇️
www.youtube.com/watch?v=aaLA...
Thanks to @dustinchilds.bsky.social & @thezdi.bsky.social for allowing me to attend. ❤️
You can find that at 14:41 in the video linked here ⬇️
www.youtube.com/watch?v=aaLA...
Thanks to @dustinchilds.bsky.social & @thezdi.bsky.social for allowing me to attend. ❤️