We are the
Security Liberation Front
.
Subscribe via
our feed
or follow
@slffish
for announcements.
2026 Q1
mirror 20260408
Pixel 9 0-click exploit chain
https://infosec.place/notice/B2JlRznq9ea14XuD32
HackerBot Claw
https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
CosmicHammer: detecting naturally-occurring bitflips.
https://github.com/fuzzsociety/CosmicHammer
2025 Q4
mirror 20260112
Cross-container communication using POSIX Advisory Locks
https://h4x0r.org/funreliable
Controlled memory write with disabled denormalized floats in Chrome
https://issues.chromium.org/issues/382005099#comment19
Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition
https://tee.fail/
Nvidia UAF Kernel Bug
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
Glass Cage: Zero-Click PNG Exploit Chain for iOS 18.2.1
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
https://seclists.org/fulldisclosure/2025/Oct/1
clown cracker
sudo-rs reveals password on timeout; allows running commands as any user
Take a conceptually wrong idea (sudo) and re-write it in a sekure language only to obtain a security hole.
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-q428-6v73-fc4q
2025 Q3
mirror 20250930
SwissBorg watched $41.5M in SOL vanish through Kiln's backdoor
https://rekt.news/swissborg-rekt
Apple A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure
https://seclists.org/fulldisclosure/2025/Sep/0
https://github.com/JGoyd/Apple-Silicon-A17-Flaw
Obtaining Global Admin in every Entra ID tenant via Actor tokens
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
NPM Supply Chain Attack: What we know about it
https://www.trendmicro.com/en_us/research/25/i/npm-supply-chain-attack.html
2025 Q1
mirror 20250303
Mossad's pagers & walkie-talkies sabotage operations
No reliable details source available
https://en.wikipedia.org/wiki/2024_Lebanon_electronic_device_attacks
Hackers deployed to facilitate drug smuggling
https://www.europol.europa.eu/sites/default/files/documents/cyberbits_04_ocean13.pdf
The invalid 68030 instruction that accidentally allowed the Mac Classic II to boot
https://www.downtowndougbrown.com/2025/01/the-invalid-68030-instruction-that-accidentally-allowed-the-mac-classic-ii-to-successfully-boot-up/
LinuxPDF: Linux running inside a PDF file via a RISC-V emulator
https://github.com/ading2210/linuxpdf
CVE-2025-26465: MitM attack against OpenSSH VerifyHostKeyDNS & CVE-2025-26466: DoS against OpenSSH client/server
https://www.openwall.com/lists/oss-security/2025/02/18/1
2024 Q3
mirror 20240910
RegreSSHion — Remote unauthenticated RCE in OpenSSH
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
When Samsung meets MediaTek: the story of a small bug chain
https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
EUCLEAK
https://ninjalab.io/eucleak/
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
PassPort: Forwarding TCP ports through Passkey servers to bypass censorship
https://github.com/c-skills/passport/
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
2024 H1
mirror 20240601
XZ Utils backdoor in liblzma and JiaT75's operation
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils#latest-wiz-research-findings-as-of-april-3-2024-33
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Randar Minecraft exploit
https://github.com/spawnmason/randar-explanation
PuTTY biased ECDSA-P-521 nonces
https://www.openwall.com/lists/oss-security/2024/04/15/6
2023 Q4
mirror 20240121
Operation Triangulation: The last (hardware) mystery
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
A Study on Implementation Attacks against QKD Systems
https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Studien/QKD-Systems/Implementation_Attacks_QKD_Systems_node.html
2023 Q3
mirror 20231014
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Compromised Microsoft MSA key by Storm-0558
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
Looney Tunables: Local Privilege Escalation in glibc's ld.so (CVE-2023-4911)
https://www.openwall.com/lists/oss-security/2023/10/03/2
2023 Q2
mirror 20230706
SectorC: A C Compiler in 512 bytes
https://xorvoid.com/sectorc.html
faulTPM: Exposing AMD fTPMs' Deepest Secrets
https://arxiv.org/abs/2304.14717
https://github.com/PSPReverse/ftpm_attack
acme.sh runs arbitrary commands from a remote server
https://github.com/acmesh-official/acme.sh/issues/4659
Accidental $70k Google Pixel Lock Screen Bypass
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
2023 Q1
mirror 20230402
OpenSSH Pre-Auth Double Free CVE-2023-25136
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/
BlackLotus UEFI bootkit
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
2022 Q4
mirror 20230122
The destruction of FTX by CZ
https://twitter.com/SBF_FTX/status/1601191234034274304
The Profanity vanity address generator bug
https://blog.safeheron.com/blog/insights/safeheron-originals/a-deep-dive-of-how-profanity-caused-wintermute-to-lose-usd160m
The Android certificates leak
https://bugs.chromium.org/p/apvi/issues/detail?id=100
2022 Q3
mirror 20220923
Doom-in-Doom
https://github.com/kgsws/doom-in-doom
MicrocodeDecryptor
https://github.com/chip-red-pill/MicrocodeDecryptor
Custom Processing Unit
https://github.com/pietroborrello/CustomProcessingUnit
An efficient key recovery attack on SIDH + You could have broken SIDH
https://eprint.iacr.org/2022/975
https://yx7.cc/blah/2022-08-22.html
Process injection: breaking all macOS security layers with a single vulnerability
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
2022 Q2
mirror 20220707
"ExtraReplica" — cross-account database vulnerability in Azure PostgreSQL
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Exploiting Intel Graphics Kernel Extensions on macOS — Pwn2Own 2021 Safari Sandbox Escape
https://blog.ret2.io/2022/06/29/pwn2own-2021-safari-sandbox-intel-graphics-exploit/
Notes on OpenSSL remote memory corruption
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
idiot security prize
Idiot Security Prize
https://seclists.org/oss-sec/2022/q3/17
2022 Q1
mirror 20220412
Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers
https://www.willsroot.io/2022/01/cve-2022-0185.html
DeFi protocol KLAYswap theft via BGP hijack
https://therecord.media/klayswap-crypto-users-lose-funds-after-bgp-hijack/
A one in a million bug in Switch kernel
https://gist.githubusercontent.com/plutooo/2aadbd4a718e269df474079dd2e584fb/raw/7b3af77b5202366c8934c88ef251f1e905967040/gistfile1.txt
Win32 MMIO kernel exploit
https://msrc-blog.microsoft.com/2022/03/22/exploring-a-new-class-of-kernel-exploit-primitive/
FORCEDENTRY: Sandbox Escape
https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html
FBI forensics of the Bitfinex hack
https://www.justice.gov/opa/press-release/file/1470211/download
Wormhole Solana bridge incident
https://rekt.news/wormhole-rekt/
2021 Q4
mirror 20211224
How a simple Linux kernel memory corruption bug can lead to complete system compromise
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
Titan M chip reverse engineering and bugs
https://github.com/quarkslab/titanm
Alpha-Rays: key extraction attacks on threshold ECDSA implementations
https://eprint.iacr.org/2021/1621.pdf
2021 Q3
mirror 20210929
Frontrunning a scammer
https://amanusk.medium.com/frontrunning-a-scammer-95f34dd33cf8
Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
Downlevel Driver Enabler
https://git.zx2c4.com/downlevel-driver-enabler/about/
Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
https://a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html
Autodiscovering the Great Leak
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
2021 Q2
mirror 20210706
Send My
https://github.com/positive-security/send-my
ChromeOS root privilege escalation and android-root persistence
https://bugs.chromium.org/p/chromium/issues/detail?id=1166932
Theodosius: JIT linker, mapper, obfuscator, and mutator
https://githacks.org/_xeroxz/theodosius
Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
https://eprint.iacr.org/2021/819
GCP DHCP takeover code-exec
https://github.com/irsl/gcp-dhcp-takeover-code-exec
An EPYC escape: Case-study of a KVM breakout
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
2021 Q1
mirror 20210413
sudo bug
https://seclists.org/fulldisclosure/2021/Jan/79
CVE-2021-1782 XNU kernel exploit
analysis
https://www.synacktiv.com/en/publications/analysis-and-exploitation-of-the-ios-kernel-vulnerability-cve-2021-1782.html
PoC
https://github.com/ModernPwner/cicuta_virosa
Hunting for bugs in Windows mini filter
https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html
One day short of a full chain
Part 1 — Android kernel arbitrary code execution
https://securitylab.github.com/research/one_day_short_of_a_fullchain_android
Part 2 — Chrome sandbox escape
https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx
Quantifying blockchain extractable value: How dark is the forest?
https://arxiv.org/pdf/2101.05511.pdf
nft_ptr
https://github.com/zhuowei/nft_ptr
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
