Reposted by HexNomad
We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#co... for a PoC exploit. Also affected other browsers
October 29, 2025 at 2:27 PM
We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#co... for a PoC exploit. Also affected other browsers
Reposted by HexNomad
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
U.S. government accuses former L3Harris cyber boss of stealing trade secrets | TechCrunch
The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets and selling them to a buyer in Russia.
techcrunch.com
October 23, 2025 at 3:47 PM
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
Reposted by HexNomad
SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and fired. Weeks later, Apple notified him that his personal iPhone was targeted with spy...
techcrunch.com
October 21, 2025 at 2:54 PM
SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
Reposted by HexNomad
Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
project-zero.issues.chromium.org/issues/42807...
project-zero.issues.chromium.org/issues/42807...
Project Zero
project-zero.issues.chromium.org
October 16, 2025 at 7:50 PM
Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
project-zero.issues.chromium.org/issues/42807...
project-zero.issues.chromium.org/issues/42807...
Reposted by HexNomad
We now have a (draft) @metasploit-r7.bsky.social exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metas...
July 23, 2025 at 1:18 PM
We now have a (draft) @metasploit-r7.bsky.social exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metas...
Reposted by HexNomad
New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account.
TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.
TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.
Google fixes bug that could reveal users' private phone numbers | TechCrunch
The bug allowed a researcher to uncover recovery phone numbers of nearly any Google account.
techcrunch.com
June 9, 2025 at 2:06 PM
New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account.
TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.
TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.
Reposted by HexNomad
The final part of Mateusz’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for
googleprojectzero.blogspot.com/2025/05/the-...
googleprojectzero.blogspot.com/2025/05/the-...
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry a...
googleprojectzero.blogspot.com
May 28, 2025 at 6:24 PM
The final part of Mateusz’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for
googleprojectzero.blogspot.com/2025/05/the-...
googleprojectzero.blogspot.com/2025/05/the-...
Great write-up, as usual, from Project 0 going into even more detail on the BlastPass iOS zero click exploit from 2023: googleprojectzero.blogspot.com/2025/03/blas...
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-...
googleprojectzero.blogspot.com
March 26, 2025 at 11:03 PM
Great write-up, as usual, from Project 0 going into even more detail on the BlastPass iOS zero click exploit from 2023: googleprojectzero.blogspot.com/2025/03/blas...
Reposted by HexNomad
"Windows App to replace Remote Desktop app for Windows"
There's a lot of confusion about what this means, so let me clarify:
This only affects the Remote Desktop App on the *Microsoft Store*, which you most likely don't use
Most system administrators use mstsc, the Windows built-in RDP client
There's a lot of confusion about what this means, so let me clarify:
This only affects the Remote Desktop App on the *Microsoft Store*, which you most likely don't use
Most system administrators use mstsc, the Windows built-in RDP client
March 12, 2025 at 1:07 PM
"Windows App to replace Remote Desktop app for Windows"
There's a lot of confusion about what this means, so let me clarify:
This only affects the Remote Desktop App on the *Microsoft Store*, which you most likely don't use
Most system administrators use mstsc, the Windows built-in RDP client
There's a lot of confusion about what this means, so let me clarify:
This only affects the Remote Desktop App on the *Microsoft Store*, which you most likely don't use
Most system administrators use mstsc, the Windows built-in RDP client
Reposted by HexNomad
We will never know— we will never have the faintest idea— how much money is getting made in insider trading windfalls from people in Trump's and Musk's circles who have an hour of notice about the daily swings in tariff policy or the occasional announced *expectations* of such swings.
March 6, 2025 at 7:06 PM
We will never know— we will never have the faintest idea— how much money is getting made in insider trading windfalls from people in Trump's and Musk's circles who have an hour of notice about the daily swings in tariff policy or the occasional announced *expectations* of such swings.
Reposted by HexNomad
Ghidra 11.3 is OUT!
PyGhidra is the new feature to be excited about. It’s a Python library providing direct access to the Ghidra API.
I expect this to massively increase Reverse Engineering tool development, as it significantly reduces the barrier to entry for Ghidra interaction.
PyGhidra is the new feature to be excited about. It’s a Python library providing direct access to the Ghidra API.
I expect this to massively increase Reverse Engineering tool development, as it significantly reduces the barrier to entry for Ghidra interaction.
February 6, 2025 at 6:34 PM
Ghidra 11.3 is OUT!
PyGhidra is the new feature to be excited about. It’s a Python library providing direct access to the Ghidra API.
I expect this to massively increase Reverse Engineering tool development, as it significantly reduces the barrier to entry for Ghidra interaction.
PyGhidra is the new feature to be excited about. It’s a Python library providing direct access to the Ghidra API.
I expect this to massively increase Reverse Engineering tool development, as it significantly reduces the barrier to entry for Ghidra interaction.
Reposted by HexNomad
A 25-year-old DOGE worker named Marko Elez who has admin privileges on Treasury dept systems that control about 95% of payments made by the gov, including Social Security checks, tax refunds and contract payments "has already made extensive changes to the code base for these critical payment system"
Musk Cronies Dive Into Treasury Dept Payments Code Base
Overnight, Wired reported that, contrary to published reports that DOGE operatives at...
talkingpointsmemo.com
February 4, 2025 at 7:12 PM
A 25-year-old DOGE worker named Marko Elez who has admin privileges on Treasury dept systems that control about 95% of payments made by the gov, including Social Security checks, tax refunds and contract payments "has already made extensive changes to the code base for these critical payment system"
Reposted by HexNomad
Reposted by HexNomad
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy ...
googleprojectzero.blogspot.com
January 30, 2025 at 6:37 PM
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
Reposted by HexNomad
To all our Bluesky friends, feel free to follow us here as we will be posting regular updates as the conference gets closer. See you in May!
January 21, 2025 at 3:32 PM
To all our Bluesky friends, feel free to follow us here as we will be posting regular updates as the conference gets closer. See you in May!
Reposted by HexNomad
Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click
project-zero.issues.chromium.org/issues/36869...
project-zero.issues.chromium.org/issues/36869...
Project Zero
project-zero.issues.chromium.org
January 10, 2025 at 12:08 AM
Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click
project-zero.issues.chromium.org/issues/36869...
project-zero.issues.chromium.org/issues/36869...
Reposted by HexNomad
Around 2008 I was in Ottawa and some MoD person mentioned that only a few years ago they stopped wargaming against a US invasion, and I joked "just wait until they run out of water for their golf courses in Arizona"...
January 9, 2025 at 11:08 AM
Around 2008 I was in Ottawa and some MoD person mentioned that only a few years ago they stopped wargaming against a US invasion, and I joked "just wait until they run out of water for their golf courses in Arizona"...
Reposted by HexNomad
Someone is using a fake PoC for the LDAPNightmare exploit to infect researchers and threat actors with an infostealer
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
January 9, 2025 at 10:05 AM
Someone is using a fake PoC for the LDAPNightmare exploit to infect researchers and threat actors with an infostealer
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Reposted by HexNomad
Another Chompie banger: securityintelligence...
Racing round and round: The little bug that could
Get the straightforward approach to bug hunting — from an IBM X-Force Red expert.
securityintelligence.com
July 30, 2024 at 3:54 PM
Another Chompie banger: securityintelligence...
Reposted by HexNomad
Brazil's Gabriel Medina with the best touchdown celebration I've ever seen (Photo: Jerome Brouillet/Getty)
July 29, 2024 at 8:08 PM
Brazil's Gabriel Medina with the best touchdown celebration I've ever seen (Photo: Jerome Brouillet/Getty)
Reposted by HexNomad
in the 90’s, computers would scream every time you went online. that‘s called foreshadowing
September 7, 2023 at 9:40 PM
in the 90’s, computers would scream every time you went online. that‘s called foreshadowing
Reposted by HexNomad
Doesn't get as much attention as what Elon's doing, but every day, a team of people at Google comes to work and asks themselves, "What can we do to make search a little worse?" And they're doing a very good job.
September 7, 2023 at 8:36 PM
Doesn't get as much attention as what Elon's doing, but every day, a team of people at Google comes to work and asks themselves, "What can we do to make search a little worse?" And they're doing a very good job.
Video of the talk I gave at Recon on hunting for bugs in the Windows TCP/IP stack is now up!
youtu.be/jzA5aLrK4OY
youtu.be/jzA5aLrK4OY
Recon2023 Erik Egsgard HuntForRedOctober
The windows networking stack has been the source of various vulnerabilities over the years, a few of which could lead to remote code execution. This talk wil...
youtu.be
September 7, 2023 at 9:32 PM
Video of the talk I gave at Recon on hunting for bugs in the Windows TCP/IP stack is now up!
youtu.be/jzA5aLrK4OY
youtu.be/jzA5aLrK4OY