Here is the blog post about the Node.js permission escape: blig.one/2026/03/29/n...
I would like to highlight once again that this is not considered a vulnerability per the Node.js threat model.
The fix is now public on the Node.js repo
π₯ The future of RFID hacking isnβt dead, its even more...
At #WHY2025, Kirils and I are breaking down current RFID hacking situation
No fluff. Just spilling the beans.
ποΈ 9th of August 13:00 at Andromeda
π cfp.why2025.org/why2025/talk...
RT if youβre ready.
ζη«γ§ε²‘ε±±ζ θ‘γ«θ‘γ£γ¦γγ θ²·γ£γ¦γγγγ³γ γγγγγγγ
Took me a while, but here is the full article!
If you want to see some weird URL parsing behavior, here you can find a lot of them :)
sec.leonardini.dev/blog/playing...
Disclaimer: no exploits nor vulnerabilities in this post, just some broken code
This article on Solr and its (in)security is really good π
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
For this challenge, it was necessary to abuse a discrepancy between the DOM and the rendered page in Firefox's cache handling π½
π bugzilla.mozilla.org/show_bug.cgi...
This allows to shift iframe rendering from one to another leading to a sandbox bypass π₯
π mizu.re/post/an-18-y...
@hextreeio.bsky.social π
Bro is writing malware but also a Mad Max supervillian
AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post.
Data center, desktop, mobile and embedded processors products are affected:
www.amd.com/en/resources...
Happy Friday folks! Here is a throwback to our 2nd most popular research post of 2024, "Gaining kernel code execution on an MTE-enabled Pixel 8" by Man yue Mo github.blog/security/vul...
a laptop running memtest86+, showing two errors. a wire pokes out from the lower edge of the laptop, annotated as "antenna wire". an orange cigarette/barbecue lighter sits next to it, annotated as "elite hacking tool"
Can you get root with only a cigarette lighter?
(Yes!)
www.da.vidbuchanan.co.uk/blog/dram-em...
I keep coming across all these "pseudocode" examples on Wikipedia and in academic papers, and what I don't understand is why the authors can't just learn a real programming language
Hype!
If you are interested in client-side hacking and browser quirks I strongly recommend going through this writeup by @maitai.bsky.social!
It was also cool to collab w/ him on the second chall π€πΏπ€π»
blig.one/2024/11/29/f...
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
