SSD Secure Disclosure
@ssd-disclsoure.bsky.social
SSD provides the quick and responsible way to get zero-day vulnerabilities reported to vendors.
Visit https://ssd-disclosure.com/ for more information.
Visit https://ssd-disclosure.com/ for more information.
🌪️TyphoonCon 2026 CFP & CFT are live & our inbox is filling up.
Ready to share your research or lead a deep-dive course in Seoul next year?
CFT: typhooncon.com/call-for-tra...
CFP: typhooncon.com/call-for-pap...
Ready to share your research or lead a deep-dive course in Seoul next year?
CFT: typhooncon.com/call-for-tra...
CFP: typhooncon.com/call-for-pap...
Call for Training 2026 – TyphoonCon
typhooncon.com
November 11, 2025 at 9:36 AM
🌪️TyphoonCon 2026 CFP & CFT are live & our inbox is filling up.
Ready to share your research or lead a deep-dive course in Seoul next year?
CFT: typhooncon.com/call-for-tra...
CFP: typhooncon.com/call-for-pap...
Ready to share your research or lead a deep-dive course in Seoul next year?
CFT: typhooncon.com/call-for-tra...
CFP: typhooncon.com/call-for-pap...
🚨 New advisory was just published! 🚨
A Local Privilege Escalation vulnerability was found in Ubuntu, caused by a refcount imbalance in the af_unix subsystem.
This vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place:
ssd-disclosure.com/lpe-via-refc...
A Local Privilege Escalation vulnerability was found in Ubuntu, caused by a refcount imbalance in the af_unix subsystem.
This vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place:
ssd-disclosure.com/lpe-via-refc...
LPE via refcount imbalance in the af_unix of Ubuntu's Kernel - SSD Secure Disclosure
Affected Versions Vendor Response The vendor has released an updated kernel on the 18th of September Credit The vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first plac...
ssd-disclosure.com
October 28, 2025 at 10:16 AM
🚨 New advisory was just published! 🚨
A Local Privilege Escalation vulnerability was found in Ubuntu, caused by a refcount imbalance in the af_unix subsystem.
This vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place:
ssd-disclosure.com/lpe-via-refc...
A Local Privilege Escalation vulnerability was found in Ubuntu, caused by a refcount imbalance in the af_unix subsystem.
This vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place:
ssd-disclosure.com/lpe-via-refc...
Ever wondered how virtual machines talk to their host without relying on traditional networking?
Read our full technical breakdown: ssd-disclosure.com/an-introduct...
Read our full technical breakdown: ssd-disclosure.com/an-introduct...
Linux vsock’s VMADDR_PORT_ANY: dynamic port assignment simplifies VM‑host communication - SSD Secure Disclosure
Background vsock (short for Virtual Socket) is a communication mechanism in the Linux kernel designed to enable efficient, low-latency communication between virtual machines (VMs) and their host syste...
ssd-disclosure.com
October 16, 2025 at 7:40 AM
Ever wondered how virtual machines talk to their host without relying on traditional networking?
Read our full technical breakdown: ssd-disclosure.com/an-introduct...
Read our full technical breakdown: ssd-disclosure.com/an-introduct...
🚀 TyphoonCon 2026 is shaping up! CFP & CFT are LIVE. Ready to speak or teach?
Trainers: typhooncon.com/call-for-tra...
Speakers: typhooncon.com/call-for-pap...
Trainers: typhooncon.com/call-for-tra...
Speakers: typhooncon.com/call-for-pap...
October 9, 2025 at 9:18 AM
🚀 TyphoonCon 2026 is shaping up! CFP & CFT are LIVE. Ready to speak or teach?
Trainers: typhooncon.com/call-for-tra...
Speakers: typhooncon.com/call-for-pap...
Trainers: typhooncon.com/call-for-tra...
Speakers: typhooncon.com/call-for-pap...
🚨 New advisory was just published! 🚨
A Remote Code Execution chain was discovered leveraging two severe V8 engine vulnerabilities in Google Chrome: ssd-disclosure.com/google-chrom...
A Remote Code Execution chain was discovered leveraging two severe V8 engine vulnerabilities in Google Chrome: ssd-disclosure.com/google-chrom...
Google Chrome RCE (no sandbox) via CanonicalEquality::EqualValueType() - SSD Secure Disclosure
Affected Version CanonicalEquality::EqualValueType nullity check bug All Chrome builds having the ValueType refactoring commit 44171ac – M135 and above in stable channel. Prior to the commit, Canonica...
ssd-disclosure.com
October 5, 2025 at 8:34 AM
🚨 New advisory was just published! 🚨
A Remote Code Execution chain was discovered leveraging two severe V8 engine vulnerabilities in Google Chrome: ssd-disclosure.com/google-chrom...
A Remote Code Execution chain was discovered leveraging two severe V8 engine vulnerabilities in Google Chrome: ssd-disclosure.com/google-chrom...
🚨 New advisory was just published! 🚨
A path traversal in LG webOS TV allows unauthenticated file downloads, leading to an authentication bypass for the secondscreen.gateway service, which could lead to a full device takeover:
ssd-disclosure.com/lg-webos-tv-...
A path traversal in LG webOS TV allows unauthenticated file downloads, leading to an authentication bypass for the secondscreen.gateway service, which could lead to a full device takeover:
ssd-disclosure.com/lg-webos-tv-...
LG WebOS TV Path Traversal, Authentication Bypass and Full Device Takeover - SSD Secure Disclosure
Affected Versions Vendor Response The vendor has issued an advisory SMR-SEP-2025, available at: https://lgsecurity.lge.com/bulletins/tv in regard to the below described vulnerability Credit The vulner...
ssd-disclosure.com
September 16, 2025 at 9:30 AM
🚨 New advisory was just published! 🚨
A path traversal in LG webOS TV allows unauthenticated file downloads, leading to an authentication bypass for the secondscreen.gateway service, which could lead to a full device takeover:
ssd-disclosure.com/lg-webos-tv-...
A path traversal in LG webOS TV allows unauthenticated file downloads, leading to an authentication bypass for the secondscreen.gateway service, which could lead to a full device takeover:
ssd-disclosure.com/lg-webos-tv-...
The Ultimate Ethical Hacking Competition Returns for its 8th Edition!
In 2026, the world’s top security minds will go head-to-head to exploit Windows, Linux, Chrome, firewalls & many other products - with prizes of up to $250,000 per exploit!
👉 Learn more at typhooncon.com/typhoonpwn-2...
In 2026, the world’s top security minds will go head-to-head to exploit Windows, Linux, Chrome, firewalls & many other products - with prizes of up to $250,000 per exploit!
👉 Learn more at typhooncon.com/typhoonpwn-2...
September 4, 2025 at 12:24 PM
The Ultimate Ethical Hacking Competition Returns for its 8th Edition!
In 2026, the world’s top security minds will go head-to-head to exploit Windows, Linux, Chrome, firewalls & many other products - with prizes of up to $250,000 per exploit!
👉 Learn more at typhooncon.com/typhoonpwn-2...
In 2026, the world’s top security minds will go head-to-head to exploit Windows, Linux, Chrome, firewalls & many other products - with prizes of up to $250,000 per exploit!
👉 Learn more at typhooncon.com/typhoonpwn-2...
Curious how a bug in Linux’s ipset subsystem could lead to full kernel compromise?
In our new article, we revisit CVE-2024-53141 to break down the bug, explore the memory layout, and show how it can be turned into a powerful privilege escalation.
Read it here: ssd-disclosure.com/linux-kernel...
In our new article, we revisit CVE-2024-53141 to break down the bug, explore the memory layout, and show how it can be turned into a powerful privilege escalation.
Read it here: ssd-disclosure.com/linux-kernel...
Linux Kernel netfilter: ipset: Missing Range Check LPE - SSD Secure Disclosure
Affected Versions Vendor Response Linux kernel release the patch (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f56c554eb1b56b77b3cf197a6b00922d49033d) Background The...
ssd-disclosure.com
August 11, 2025 at 9:00 AM
Curious how a bug in Linux’s ipset subsystem could lead to full kernel compromise?
In our new article, we revisit CVE-2024-53141 to break down the bug, explore the memory layout, and show how it can be turned into a powerful privilege escalation.
Read it here: ssd-disclosure.com/linux-kernel...
In our new article, we revisit CVE-2024-53141 to break down the bug, explore the memory layout, and show how it can be turned into a powerful privilege escalation.
Read it here: ssd-disclosure.com/linux-kernel...
🌪️ TyphoonCon 2026이 오는 5월 25일부터 29일까지 서울에서 개최됩니다!
현재 컨퍼런스 발표자 및 트레이닝 진행자를 모집 중입니다.
2026년 연사 라인업에 합류하고 싶으신가요?
아래 링크에서 Call for Papers & Trainings에 대한 자세한 내용을 확인해보세요.
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
현재 컨퍼런스 발표자 및 트레이닝 진행자를 모집 중입니다.
2026년 연사 라인업에 합류하고 싶으신가요?
아래 링크에서 Call for Papers & Trainings에 대한 자세한 내용을 확인해보세요.
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
Call for Training 2026 – TyphoonCon
typhooncon.com
August 5, 2025 at 7:36 AM
🌪️ TyphoonCon 2026이 오는 5월 25일부터 29일까지 서울에서 개최됩니다!
현재 컨퍼런스 발표자 및 트레이닝 진행자를 모집 중입니다.
2026년 연사 라인업에 합류하고 싶으신가요?
아래 링크에서 Call for Papers & Trainings에 대한 자세한 내용을 확인해보세요.
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
현재 컨퍼런스 발표자 및 트레이닝 진행자를 모집 중입니다.
2026년 연사 라인업에 합류하고 싶으신가요?
아래 링크에서 Call for Papers & Trainings에 대한 자세한 내용을 확인해보세요.
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
🌪️ TyphoonCon 2026 is set for May 25-29 in Seoul!
Our Call for Papers and Call for Training are now open. Interested in joining our 2026 lineup? Get all the details here:
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
Our Call for Papers and Call for Training are now open. Interested in joining our 2026 lineup? Get all the details here:
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
August 4, 2025 at 8:11 AM
🌪️ TyphoonCon 2026 is set for May 25-29 in Seoul!
Our Call for Papers and Call for Training are now open. Interested in joining our 2026 lineup? Get all the details here:
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
Our Call for Papers and Call for Training are now open. Interested in joining our 2026 lineup? Get all the details here:
Call for training: typhooncon.com/call-for-tra...
Call for papers: typhooncon.com/call-for-pap...
💻Have you read our recent publication?
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem: ssd-disclosure.com/ssd-advisory...
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem: ssd-disclosure.com/ssd-advisory...
SSD Advisory - Linux Kernel Pipapo Set Double Free LPE - SSD Secure Disclosure
Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a spec...
ssd-disclosure.com
July 28, 2025 at 8:04 AM
💻Have you read our recent publication?
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem: ssd-disclosure.com/ssd-advisory...
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem: ssd-disclosure.com/ssd-advisory...
Want to learn about Chrome exploitation and the role of WASM in it?
In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution.
Read it here: ssd-disclosure.com/an-introduct...
In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution.
Read it here: ssd-disclosure.com/an-introduct...
An Introduction to Chrome Exploitation - WebAssembly Edition - SSD Secure Disclosure
Introduction WebAssembly extends the native code surface of Chrome in ways that are both powerful and risky. Unlike JavaScript, WASM modules are compiled directly into machine code via a streamlined p...
ssd-disclosure.com
July 16, 2025 at 8:46 AM
Want to learn about Chrome exploitation and the role of WASM in it?
In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution.
Read it here: ssd-disclosure.com/an-introduct...
In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to remote code execution.
Read it here: ssd-disclosure.com/an-introduct...
🚨 New advisory was just published! 🚨
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. This can be leveraged to achieve local privilege escalation: ssd-disclosure.com/ssd-advisory...
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. This can be leveraged to achieve local privilege escalation: ssd-disclosure.com/ssd-advisory...
SSD Advisory - Linux Kernel Pipapo Set Double Free LPE - SSD Secure Disclosure
Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a spec...
ssd-disclosure.com
July 8, 2025 at 11:25 AM
🚨 New advisory was just published! 🚨
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. This can be leveraged to achieve local privilege escalation: ssd-disclosure.com/ssd-advisory...
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. This can be leveraged to achieve local privilege escalation: ssd-disclosure.com/ssd-advisory...
💻 Have you read our recent publications?
ISPConfig Authenticated Remote Code Execution:
ssd-disclosure.com/ssd-advisory...
Kerio Control Authentication Bypass and RCE:
ssd-disclosure.com/ssd-advisory...
ISPConfig Authenticated Remote Code Execution:
ssd-disclosure.com/ssd-advisory...
Kerio Control Authentication Bypass and RCE:
ssd-disclosure.com/ssd-advisory...
SSD Advisory - ISPConfig Authenticated Remote Code Execution - SSD Secure Disclosure
Summary The analysis conducted on the product: ISPConfig version: 3.2 build: 12p1 was carried out using the official installation package. The analysis identified primarily design flaws in the user cr...
ssd-disclosure.com
July 1, 2025 at 9:46 AM
💻 Have you read our recent publications?
ISPConfig Authenticated Remote Code Execution:
ssd-disclosure.com/ssd-advisory...
Kerio Control Authentication Bypass and RCE:
ssd-disclosure.com/ssd-advisory...
ISPConfig Authenticated Remote Code Execution:
ssd-disclosure.com/ssd-advisory...
Kerio Control Authentication Bypass and RCE:
ssd-disclosure.com/ssd-advisory...
🚨 New advisory was just published! 🚨
Kerio Control has a design flaw leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands: ssd-disclosure.com/ssd-advisory...
Kerio Control has a design flaw leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands: ssd-disclosure.com/ssd-advisory...
SSD Advisory - Kerio Control Authentication Bypass and RCE - SSD Secure Disclosure
Summary An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product u...
ssd-disclosure.com
June 24, 2025 at 1:54 PM
🚨 New advisory was just published! 🚨
Kerio Control has a design flaw leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands: ssd-disclosure.com/ssd-advisory...
Kerio Control has a design flaw leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands: ssd-disclosure.com/ssd-advisory...
🚨 New advisory was just published! 🚨
ISPConfig contains design flaws in the user creation and editing functionality, which allow a client user to escalate their privileges to superadmin. : ssd-disclosure.com/ssd-advisory...
ISPConfig contains design flaws in the user creation and editing functionality, which allow a client user to escalate their privileges to superadmin. : ssd-disclosure.com/ssd-advisory...
SSD Advisory - ISPConfig Authenticated Remote Code Execution - SSD Secure Disclosure
Summary The analysis conducted on the product: ISPConfig version: 3.2 build: 12p1 was carried out using the official installation package. The analysis identified primarily design flaws in the user cr...
ssd-disclosure.com
June 10, 2025 at 9:29 AM
🚨 New advisory was just published! 🚨
ISPConfig contains design flaws in the user creation and editing functionality, which allow a client user to escalate their privileges to superadmin. : ssd-disclosure.com/ssd-advisory...
ISPConfig contains design flaws in the user creation and editing functionality, which allow a client user to escalate their privileges to superadmin. : ssd-disclosure.com/ssd-advisory...
Submit your pfSense, Sophos & KerioControl vulnerabilities at: ssd-disclosure.com/submit/
June 5, 2025 at 1:20 PM
Submit your pfSense, Sophos & KerioControl vulnerabilities at: ssd-disclosure.com/submit/
🌪️ TyphoonCon 2025 has officially wrapped up and it was an incredible experience, all thanks to YOU!
Shoutout to our attendees, crew, and sponsors for bringing the energy and making it an unforgettable event!
Stay tuned... TyphoonCon 2026 is already in the works, and we can't wait to see you there!
Shoutout to our attendees, crew, and sponsors for bringing the energy and making it an unforgettable event!
Stay tuned... TyphoonCon 2026 is already in the works, and we can't wait to see you there!
May 31, 2025 at 1:25 AM
🌪️ TyphoonCon 2025 has officially wrapped up and it was an incredible experience, all thanks to YOU!
Shoutout to our attendees, crew, and sponsors for bringing the energy and making it an unforgettable event!
Stay tuned... TyphoonCon 2026 is already in the works, and we can't wait to see you there!
Shoutout to our attendees, crew, and sponsors for bringing the energy and making it an unforgettable event!
Stay tuned... TyphoonCon 2026 is already in the works, and we can't wait to see you there!
🌪️ Last but not least! Closing Remarks and TyphoonPWN winners with SSD Secure Disclosure's Aviram Jenik and Noam Rathaus
May 30, 2025 at 8:13 AM
🌪️ Last but not least! Closing Remarks and TyphoonPWN winners with SSD Secure Disclosure's Aviram Jenik and Noam Rathaus
🌪️ Closing the day with @scannell_simon desyncing the planet
May 30, 2025 at 7:33 AM
🌪️ Closing the day with @scannell_simon desyncing the planet
🌪️ Up next, Assaf Morag is unveiling the invisible pathways to breaching AWS accounts
May 30, 2025 at 6:33 AM
🌪️ Up next, Assaf Morag is unveiling the invisible pathways to breaching AWS accounts
🌪️ SOS! Thai Nguyen & Chuong Nguyen are showing us how to discover and exploit 0-days from 1-days at scale
May 30, 2025 at 6:08 AM
🌪️ SOS! Thai Nguyen & Chuong Nguyen are showing us how to discover and exploit 0-days from 1-days at scale
🌪️ Now on stage, NeoTheone is showing us how to steal a drone!
May 30, 2025 at 3:36 AM
🌪️ Now on stage, NeoTheone is showing us how to steal a drone!
🌪️ Up next, we’re attacking debug modules in the Android ecosystem with Lewei Qu
May 30, 2025 at 3:04 AM
🌪️ Up next, we’re attacking debug modules in the Android ecosystem with Lewei Qu
🌪️ Now on stage at TyphoonCon 2025: just having fun with binary polynomials with Arnau Gàmez i Montolio
May 30, 2025 at 2:01 AM
🌪️ Now on stage at TyphoonCon 2025: just having fun with binary polynomials with Arnau Gàmez i Montolio