I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/02/11/e...

The sixth article in the Exploiting Reversing Series (ERS), "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", a 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver, is available: exploitreversing.com/2026/02/11/e... #exploit #vulnerability

This presentation remains the go-to reference for learning the inner workings of the IDA Pro Hex-Rays decompiler: (video) www.youtube.com/watch?v=T-Yk... (article) i.blackhat.com/us-18/Thu-Au... #decompiler #reverseengineer #informationsecurity #cybersecurity

[Cryptodev-linux] Page-level UAF exploitation: nasm.re/posts/crypto... #linux #cybersecurity #informationsecurity #uaf #exploitation #vulnerability

TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244: oobs.io/posts/er605-... #exploit #vulnerability #rce #informationsecurity #cybersecurity #infosec

Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem: ethz.ch/content/dam/... #cybersecurity #redteam #informationsecurity #threathunting #exploitation #infosec

Malwoverview 7.0 has been released: github.com/alexandrebor... This version introduces a new vulnerability-focused approach, and the first feature is NIST support, which allows listing and searching for registered vulnerabilities. #vulnerabilities #cve #cybersecurity #informationsecurity

Malwoverview 7.0 has been released: github.com/alexandrebor... This version introduces a new vulnerability-focused approach, and the first feature is NIST support, which allows listing and searching for registered vulnerabilities. #vulnerabilities #cve #cybersecurity #informationsecurity

Phantom Grid: Phantom Grid is an enterprise-grade, kernel-level active defense system that transforms Linux servers into a controlled, deceptive attack surface. github.com/haidang-info... #kernel #linux #honeypot #informationsecurity #cybersecurity #defense #ebpf

Achieving remote code execution in LangSmith Playground using unsafe template formatting: lab.ctbb.show/research/lan... #webapp #exploit #exploitation #infosec #informationsecurity #cybersecurity #ai

Dangling pointers, fragile memory – from an undisclosed vulnerability to a Pixel 9 Pro escalation: dawnslab.jd.com/Pixel_9_Pro_... #android #vulnerability #eop #cybersecurity #infosec #informationsecurity #cve

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: www.opswat.com/blog/cve-202... #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve

Blind trust: what is hidden behind the process of creating your PDF file? swarm.ptsecurity.com/blind-trust-... #vulnerability #cve #exploitation #infosec

MongoBleed explained simply: bigdata.2minutestreaming.com/p/mongobleed... #exploit #exploitation #cve #vulnerability #mongodb #informationsecurity #infosec

From Coverage to Causes: Data-Centric Fuzzing for JavaScript Engines: (paper) arxiv.org/pdf/2512.18102 (project) github.com/KKGanguly/Da... #fuzzing #vulnerability #javascript #exploitation #llm

Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack: klezvirus.github.io/posts/Callba... #cybersecurity #infosec #windows #reverseengineering #programming

Announcing hardware-accelerated BitLocker: techcommunity.microsoft.com/blog/windows... #crypto #cybersecurity #infosec #informationsecurity #hacking #bitlocker

$5 Prompt Finds $2,418 Vulnerability: new-blog.ch4n3.kr/llm-found-se... #cybersecurity #vulnerability #infosec #informationsecurity #bug

A look at an Android ITW DNG exploit: projectzero.google/2025/12/andr... #android #exploit #vulnerability #cybersecurity #informationsecurity

godap: A complete TUI for LDAP. github.com/Macmod/godap #ldap #cybersecurity #informationsecurity #hacking #redteam

Extending Kernel Race Windows Using '/dev/shm': faith2dxy.xyz/2025-11-28/e... #kernel #linux #exploitation #cybersecurity #infosec #informationsecurity

A look at an Android ITW DNG exploit: googleprojectzero.blogspot.com/2025/12/a-lo... #android #exploit #vulnerability #zeroclick #exploitation #mobilesecurity

React2Shell Exploits on GitHub: www.vulncheck.com/blog/react2s... #react2shell #exploit #exploitation #cybersecurity #cve #vulnerability #nodejs

No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE; modzero.com/en/blog/no-l... #exploitation #cve #rce #rop #aslr #arm #iot

This is a really interesting project: it allows you to track all Windows releases/updates, KBs, interact with the file systems associated with them, and even download files.: oswatcher.github.io/frontend/ #windows #kb #updates #security #research

N-Able Windows Software Probe Remote Code Execution: www.securifera.com/blog/2025/12... #dotnet #vulnerability #windows #hacking #exploitation #infosec #informationsecurity

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478): slcyber.io/research-cen... #exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF But we found a dumb bypass 😎

Linux Kernel Explorer: reverser.dev/linux-kernel... #linux #kernel #programming #sourcecode #informationsecurity

MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper: pberba.github.io/security/202... #macOS #infosec #applescript #cybersecurity #exploitation #hacking

Living Off the Land: Windows Post-Exploitation Without Tools: xbz0n.sh/blog/living-... #cybersecurity #windows #hacking #hacking #informationsecurity

Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757): slcyber.io/research-cen... #oracle #authentication #vulnerability #rce #informationsecurity #infosec #cybersecurity #cve

Microsoft ms-photos URI NTLM Leak: github.com/rubenformati... #microsoft #infosec #vulnerability #leak #ntlm #windows

Rehabilitating Registry Tradecraft with RegRestoreKey: www.preludesecurity.com/blog/rehabil... #infosec #windows #cybersecurity #edr #callback

Introducing HCLI: The Modern Command-Line Interface for IDA: hex-rays.com/blog/introdu... #idapro #interface #ida #hcli #reverseengineering

Injection for an athlete: swarm.ptsecurity.com/injection-fo... #android #vulnerability #exploitation #application #cybersecurity

Living in the Namespace - ft. unshare(): hackmd.io/@0xmadvise/r... #linux #vulnerability #cybersecurity #exploit #exploitation

Making Serialization Gadgets by Hand - .NET: www.vulncheck.com/blog/making-... #dotnet #infosec #deserialization #hacking #programming #exploit #exploitation

Mojo GPU Puzzles: puzzles.modular.com/introduction... #crypto #gpu #python #infosec #informationsecurity #programming

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices: unit42.paloaltonetworks.com/landfall-is-... #exploitation #spyware #rce #infosec #cybersecurity #mobilesecurity #samsung #android #rce #vulnerability

Evading Elastic EDR's call stack signatures with call gadgets: offsec.almond.consulting/evading-elas... #edr #hacking #evasion #cybersecurity #informationsecurity #windows #programming #elastic

Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer: starlabs.sg/blog/2025/11... #cybersecurity #exploitation #printer #exploit #vulnerability

How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia: techcrunch.com/2025/11/03/h... #exploit #exploitation #zeroday #infosec #informationsecurity #cybersecurity

Operation South Star: 0-day Espionage Campaign Targeting Domestic Mobile Phones: ti.qianxin.com/blog/article... #exploitation #exploit #threathunting #infosec #vulnerability #mobile #0day #dfir

The cryptography behind electronic passports: blog.trailofbits.com/2025/10/31/t... #crypto #informationsecurity #cybersecurity #cryptography

WSUS Deserialization Exploit in the Wild (CVE‑2025‑59287): research.eye.security/wsus-deseria... #windows #cve #exploit #cybersecurity #vulnerability #exploitation

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236): slcyber.io/assetnote-se... #infosec #cybersecurity #deserialization #rce #exploit #exploitation #cve

Key IOCs for Pegasus and Predator Spyware Cleaned With iOS 26 Update: iverify.io/blog/key-ioc... #cybersecurity #infosec #pegasus #ios #spyware #dfir #digitalforensics #threathunting

Implementing a Persistent Key-Value Store in a Tamper-Resistant Device for SGX Enclave Applications: dl.acm.org/doi/abs/10.1... #sgx #cybersecurity #dataprotection #enclave #informationsecurity

Complete WebSocket Traffic Control with advanced proxy, simulation, and blocking capabilities: github.com/law-chain-ho... #websocket #proxy #cyberattack #webapp #infosec #cybersecurity