@whitequark dear god

@wdormann @cR0w We need to talk about your flairs... https://beep.town/@initech/115407795356788951

@da_667 use more sacred oils and incense

this story is crazy not because someone in the exploit business got a taste of their own medicine, that part should be expected. the crazy thing is that trenchant, widely considered to be one of the “good discerning western exploit shops” was leaking chrome exploits to who knows where.
https://infosec.exchange/@lorenzofb/115412729875549507

Boom! Rafal Goryl of PixiePoint Security needed two attempts but was able to get his exploit of the Phillips Hue Bridge working. He heads off to the disclosure room to provide all the details. #Pwn2Own

You can find all of the results from Day Two of #Pwn2Own Ireland at https://www.zerodayinitiative.com/blog/2025/10/22/pwn2own-ireland-2025-day-two-results - We'll be updating this blog throughout the day as results become available. #P2OIreland

The new version of the Sanitizer API is now enabled by default in @firefoxnightly!

https://developer.mozilla.org/en-US/docs/Web/API/Sanitizer
https://wicg.github.io/sanitizer-api/

Please give it a try and provide us with feedback.

OpenAI browser uses Mojo JS bindings, cool implementation.

[RSS] IBM i LIBL Autopwn: Kill the Vulnerability Class

https://blog.silentsignal.eu/2025/10/22/IBM-i-LIBL-Autopwn-Kill-the-Vulnerability-Class/

#IBMi exploits go brrr

Recapping Day One of #Pwn2Own Ireland 2025. Join @dustin_childs (and Maude) as he covers the highlights of the first day of the competition. We awarded $522,500 for 34 unique 0-day bugs, and more is to come. https://youtu.be/tiM_StSFvow

The schedule for r2con2025 is out!
It's online, plenty of awesome talks.

https://radare.org/con/2025/

Hot take: we are boiling the illiteracy frog.

I recently had the opportunity to talk about Evilginx on the Click Here podcast from The Record.

I reflected on the moral considerations surrounding the double-edged nature of developing offensive security tools.

Enjoy the Frankenstein reference 😅

https://therecord.media/evilginx-kuba-gretzky-interview-click-here-podcast

ProTip: A recommendation to enjoy more this year’s #r2con2025 as long as it's 100% online: Gather some friends with drinks and popcorn and watch the stream live together!

All the presentations are recorded, so the speakers will be available in the chat and really appreciate your live feedback in the Telegram/Discord and YouTube channels!

Impressed with the level of compatibility of the new memory-safe C/C++ compiler Fil-C (filcc, fil++; https://fil-c.org/) based on clang. Many libraries and applications that I've tried work under Fil-C without changes, and the exceptions haven't been hard to get working.

I guess Taszk tweaked their RSS a bit and a bunch of Mediatek reports fell into my reader. Some of them are old, these are from 2025:

CVE-2025-20725
CVE-2025-20726
CVE-2025-20727
CVE-2025-20678

https://labs.taszk.io/blog/archives/2025/

Our 2025-2026 internship season has started.

Check out the list of openings and apply for fun and knowledge!

https://blog.quarkslab.com/internship-offers-for-the-2025-2026-season.html

All results from Day One of #Pwn2Own Ireland 2025 can be found at https://www.zerodayinitiative.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results - This will be updated throughout the day with results. #P2OIreland

The QoS of this web server is apparently configured so that it gradually decreases my connections bandwidth so that my downloads ETA doesn't change.

While our colleagues hack live at #Pwn2Own in Cork, take a look at our newly published last year's writeup on our blog: We compromised a QNAP router to take over a networked Canon printer.
▶️ Read the findings and how we got there: https://neodyme.io/en/blog/pwn2own-2024_qhora/