CVE-2026-28910: Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps Using Archive Utility: mysk.blog/2026/05/19/c... #macOS #exploitation #infosec #informationsecurity #vulnerability #cve #exploit

FatGid+4: A four-byte type, an eight-byte stride, one root shell. fatgid.io #vulnerability #exploit #cybersecurity #informationsecurity #freebsd

New Age of Collisions: Reading Arbitrary Files Pre-Auth as root in cPanel (CVE-2026-29205): (blog) slcyber.io/research-cen... (tool) github.com/assetnote/cp... #cve #vulnerability #cybersecurity #informationsecurity #authentication

Kernel-Exploit-Dojo: github.com/mito753/Kern... #kernel #ctf #informationsecurity #infosec #exploitation #cybersecurity #vulnerability

How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection: s4dbrd.github.io/posts/how-ke... #reverseengineering #informationsecurity #cybersecurity #game #windows #kernel #debugging

Today I am releasing the nineth article in the Exploiting Reversing Series (ERS), which I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/04/28/e... Enjoy the reading and have an excellent day. #exploit #exploitdevelopment

Malwoverview 8.0.1 is available: github.com/alexandrebor... To update it: python -m pip install -U malwoverview #threathunting #malware #cve #vulnerability #cybersecurity #informationsecurity #incidentresponse

The Exploiting Reversing Series (ERS) currently features 945 pages of exploit development based on real-world targets: exploitreversing.com In the coming weeks, I will publish new articles covering exploration in areas such as Windows, Chrome, iOS/macOS, and hypervisors. #exploit #exploitation

CFPsec is program to list Call For Papers or upcoming Hacking/Security Conferences based on cfptime.org website. github.com/alexandrebor... To install it: python -m pip install -U cfpsec #cybersecurity #informationsecurity #conferences

The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/31/e... #exploit #exploitation

Before dropping my next article (ERS_08), I’ve updated the ERS 06 article (rev C.1): exploitreversing.com/2026/02/11/e... This revision features a refined ALPC exploit with a new stage and an extended cleaner stage, ensuring a stable exit and preventing system crashes. #exploitation

Malwoverview v8.0 (codename: Revolutions) has been released: github.com/alexandrebor... To install its complete version: pip install malwoverview[all] #threathunting #malware #vulnerability #ai #informationsecurity #cybersecurity #cve

Exploiting Reversing (ER) series: article 07 | Exploitation Techniques | CVE-2024-30085 (part 01) exploitreversing.com/2026/03/04/e... Enjoy your reading and have an excellent day. #exploit #vulnerability #cve #exploitation #infosec #informationsecurity #windows

I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/02/11/e...

The sixth article in the Exploiting Reversing Series (ERS), "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", a 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver, is available: exploitreversing.com/2026/02/11/e... #exploit #vulnerability

This presentation remains the go-to reference for learning the inner workings of the IDA Pro Hex-Rays decompiler: (video) www.youtube.com/watch?v=T-Yk... (article) i.blackhat.com/us-18/Thu-Au... #decompiler #reverseengineer #informationsecurity #cybersecurity

[Cryptodev-linux] Page-level UAF exploitation: nasm.re/posts/crypto... #linux #cybersecurity #informationsecurity #uaf #exploitation #vulnerability

TP-Link ER605 DDNS Pre-Auth RCE: Chaining CVE-2024-5242, CVE-2024-5243, CVE-2024-5244: oobs.io/posts/er605-... #exploit #vulnerability #rce #informationsecurity #cybersecurity #infosec

Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem: ethz.ch/content/dam/... #cybersecurity #redteam #informationsecurity #threathunting #exploitation #infosec

Malwoverview 7.0 has been released: github.com/alexandrebor... This version introduces a new vulnerability-focused approach, and the first feature is NIST support, which allows listing and searching for registered vulnerabilities. #vulnerabilities #cve #cybersecurity #informationsecurity

Malwoverview 7.0 has been released: github.com/alexandrebor... This version introduces a new vulnerability-focused approach, and the first feature is NIST support, which allows listing and searching for registered vulnerabilities. #vulnerabilities #cve #cybersecurity #informationsecurity

Phantom Grid: Phantom Grid is an enterprise-grade, kernel-level active defense system that transforms Linux servers into a controlled, deceptive attack surface. github.com/haidang-info... #kernel #linux #honeypot #informationsecurity #cybersecurity #defense #ebpf

Achieving remote code execution in LangSmith Playground using unsafe template formatting: lab.ctbb.show/research/lan... #webapp #exploit #exploitation #infosec #informationsecurity #cybersecurity #ai

Dangling pointers, fragile memory – from an undisclosed vulnerability to a Pixel 9 Pro escalation: dawnslab.jd.com/Pixel_9_Pro_... #android #vulnerability #eop #cybersecurity #infosec #informationsecurity #cve

CVE-2025-32432: Unauthenticated Remote Code Execution in Craft CMS: www.opswat.com/blog/cve-202... #exploitation #cms #vulnerability #cybersecurity #informationsecurity #cve

Blind trust: what is hidden behind the process of creating your PDF file? swarm.ptsecurity.com/blind-trust-... #vulnerability #cve #exploitation #infosec

MongoBleed explained simply: bigdata.2minutestreaming.com/p/mongobleed... #exploit #exploitation #cve #vulnerability #mongodb #informationsecurity #infosec

From Coverage to Causes: Data-Centric Fuzzing for JavaScript Engines: (paper) arxiv.org/pdf/2512.18102 (project) github.com/KKGanguly/Da... #fuzzing #vulnerability #javascript #exploitation #llm

Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack: klezvirus.github.io/posts/Callba... #cybersecurity #infosec #windows #reverseengineering #programming

Announcing hardware-accelerated BitLocker: techcommunity.microsoft.com/blog/windows... #crypto #cybersecurity #infosec #informationsecurity #hacking #bitlocker

$5 Prompt Finds $2,418 Vulnerability: new-blog.ch4n3.kr/llm-found-se... #cybersecurity #vulnerability #infosec #informationsecurity #bug

A look at an Android ITW DNG exploit: projectzero.google/2025/12/andr... #android #exploit #vulnerability #cybersecurity #informationsecurity

godap: A complete TUI for LDAP. github.com/Macmod/godap #ldap #cybersecurity #informationsecurity #hacking #redteam

Extending Kernel Race Windows Using '/dev/shm': faith2dxy.xyz/2025-11-28/e... #kernel #linux #exploitation #cybersecurity #infosec #informationsecurity

A look at an Android ITW DNG exploit: googleprojectzero.blogspot.com/2025/12/a-lo... #android #exploit #vulnerability #zeroclick #exploitation #mobilesecurity

React2Shell Exploits on GitHub: www.vulncheck.com/blog/react2s... #react2shell #exploit #exploitation #cybersecurity #cve #vulnerability #nodejs

No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE; modzero.com/en/blog/no-l... #exploitation #cve #rce #rop #aslr #arm #iot

This is a really interesting project: it allows you to track all Windows releases/updates, KBs, interact with the file systems associated with them, and even download files.: oswatcher.github.io/frontend/ #windows #kb #updates #security #research

N-Able Windows Software Probe Remote Code Execution: www.securifera.com/blog/2025/12... #dotnet #vulnerability #windows #hacking #exploitation #infosec #informationsecurity

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478): slcyber.io/research-cen... #exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

This vulnerability was the inspiration for the first step of the Panel challenge we played during last week’s Grehack CTF But we found a dumb bypass 😎

Linux Kernel Explorer: reverser.dev/linux-kernel... #linux #kernel #programming #sourcecode #informationsecurity

MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper: pberba.github.io/security/202... #macOS #infosec #applescript #cybersecurity #exploitation #hacking

Living Off the Land: Windows Post-Exploitation Without Tools: xbz0n.sh/blog/living-... #cybersecurity #windows #hacking #hacking #informationsecurity

Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757): slcyber.io/research-cen... #oracle #authentication #vulnerability #rce #informationsecurity #infosec #cybersecurity #cve

Microsoft ms-photos URI NTLM Leak: github.com/rubenformati... #microsoft #infosec #vulnerability #leak #ntlm #windows

Rehabilitating Registry Tradecraft with RegRestoreKey: www.preludesecurity.com/blog/rehabil... #infosec #windows #cybersecurity #edr #callback

Introducing HCLI: The Modern Command-Line Interface for IDA: hex-rays.com/blog/introdu... #idapro #interface #ida #hcli #reverseengineering

Injection for an athlete: swarm.ptsecurity.com/injection-fo... #android #vulnerability #exploitation #application #cybersecurity

Living in the Namespace - ft. unshare(): hackmd.io/@0xmadvise/r... #linux #vulnerability #cybersecurity #exploit #exploitation