https://slf.fish/ SLF 2026-04-08T00:00:00Z https://slf.fish/mirror/26q1/ 2026-04-08T00:00:00Z

Pixel 9 0-click exploit chain
https://infosec.place/notice/B2JlRznq9ea14XuD32

HackerBot Claw
https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

CosmicHammer: detecting naturally-occurring bitflips.
https://github.com/fuzzsociety/CosmicHammer

]]> https://slf.fish/mirror/25q4/ 2026-01-12T00:00:00Z

Cross-container communication using POSIX Advisory Locks
https://h4x0r.org/funreliable

Controlled memory write with disabled denormalized floats in Chrome
https://issues.chromium.org/issues/382005099#comment19

Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition
https://tee.fail/

Nvidia UAF Kernel Bug
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html

Glass Cage: Zero-Click PNG Exploit Chain for iOS 18.2.1
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
https://seclists.org/fulldisclosure/2025/Oct/1

[clown cracker] sudo-rs reveals password on timeout; allows running commands as any user
Take a conceptually wrong idea (sudo) and re-write it in a sekure language only to obtain a security hole.
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-q428-6v73-fc4q

]]> https://slf.fish/mirror/25q3/ 2025-09-30T00:00:00Z

SwissBorg watched $41.5M in SOL vanish through Kiln's backdoor
https://rekt.news/swissborg-rekt

Apple A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure
https://seclists.org/fulldisclosure/2025/Sep/0
https://github.com/JGoyd/Apple-Silicon-A17-Flaw

Obtaining Global Admin in every Entra ID tenant via Actor tokens
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

NPM Supply Chain Attack: What we know about it
https://www.trendmicro.com/en_us/research/25/i/npm-supply-chain-attack.html

]]> https://slf.fish/mirror/25q1/ 2025-03-03T00:00:00Z

Mossad's pagers & walkie-talkies sabotage operations
No reliable details source available
https://en.wikipedia.org/wiki/2024_Lebanon_electronic_device_attacks

Hackers deployed to facilitate drug smuggling
https://www.europol.europa.eu/sites/default/files/documents/cyberbits_04_ocean13.pdf

The invalid 68030 instruction that accidentally allowed the Mac Classic II to boot
https://www.downtowndougbrown.com/2025/01/the-invalid-68030-instruction-that-accidentally-allowed-the-mac-classic-ii-to-successfully-boot-up/

LinuxPDF: Linux running inside a PDF file via a RISC-V emulator
https://github.com/ading2210/linuxpdf

CVE-2025-26465: MitM attack against OpenSSH VerifyHostKeyDNS & CVE-2025-26466: DoS against OpenSSH client/server
https://www.openwall.com/lists/oss-security/2025/02/18/1

]]> https://slf.fish/mirror/24q3/ 2024-09-10T00:00:00Z

RegreSSHion — Remote unauthenticated RCE in OpenSSH
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

When Samsung meets MediaTek: the story of a small bug chain
https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf

EUCLEAK
https://ninjalab.io/eucleak/
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf

PassPort: Forwarding TCP ports through Passkey servers to bypass censorship
https://github.com/c-skills/passport/

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/

]]> https://slf.fish/mirror/24h1/ 2024-06-01T00:00:00Z

XZ Utils backdoor in liblzma and JiaT75's operation
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils#latest-wiz-research-findings-as-of-april-3-2024-33
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

Randar Minecraft exploit
https://github.com/spawnmason/randar-explanation

PuTTY biased ECDSA-P-521 nonces
https://www.openwall.com/lists/oss-security/2024/04/15/6

]]> https://slf.fish/mirror/23q4/ 2024-01-21T00:00:00Z

Operation Triangulation: The last (hardware) mystery
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html

A Study on Implementation Attacks against QKD Systems
https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Studien/QKD-Systems/Implementation_Attacks_QKD_Systems_node.html

]]> https://slf.fish/mirror/23q3/ 2023-10-14T00:00:00Z

CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

Compromised Microsoft MSA key by Storm-0558
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr

Looney Tunables: Local Privilege Escalation in glibc's ld.so (CVE-2023-4911)
https://www.openwall.com/lists/oss-security/2023/10/03/2

]]> https://slf.fish/mirror/23q2/ 2023-07-06T00:00:00Z

SectorC: A C Compiler in 512 bytes
https://xorvoid.com/sectorc.html

faulTPM: Exposing AMD fTPMs' Deepest Secrets
https://arxiv.org/abs/2304.14717
https://github.com/PSPReverse/ftpm_attack

acme.sh runs arbitrary commands from a remote server
https://github.com/acmesh-official/acme.sh/issues/4659

Accidental $70k Google Pixel Lock Screen Bypass
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

]]> https://slf.fish/mirror/23q1/ 2023-04-02T00:00:00Z

OpenSSH Pre-Auth Double Free CVE-2023-25136
https://jfrog.com/blog/openssh-pre-auth-double-free-cve-2023-25136-writeup-and-proof-of-concept/

Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
https://decoded.avast.io/janvojtesek/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game/

BlackLotus UEFI bootkit
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

Exploiting aCropalypse: Recovering Truncated PNGs
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html

]]> https://slf.fish/mirror/22q4/ 2023-01-22T00:00:00Z

The destruction of FTX by CZ
https://twitter.com/SBF_FTX/status/1601191234034274304

The Profanity vanity address generator bug
https://blog.safeheron.com/blog/insights/safeheron-originals/a-deep-dive-of-how-profanity-caused-wintermute-to-lose-usd160m

The Android certificates leak
https://bugs.chromium.org/p/apvi/issues/detail?id=100

]]> https://slf.fish/mirror/22q3/ 2022-09-23T00:00:00Z

Doom-in-Doom
https://github.com/kgsws/doom-in-doom

MicrocodeDecryptor
https://github.com/chip-red-pill/MicrocodeDecryptor

Custom Processing Unit
https://github.com/pietroborrello/CustomProcessingUnit

An efficient key recovery attack on SIDH + You could have broken SIDH
https://eprint.iacr.org/2022/975
https://yx7.cc/blah/2022-08-22.html

Process injection: breaking all macOS security layers with a single vulnerability
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/

]]> https://slf.fish/mirror/22q2/ 2022-07-07T00:00:00Z

"ExtraReplica" — cross-account database vulnerability in Azure PostgreSQL
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/

Exploiting Intel Graphics Kernel Extensions on macOS — Pwn2Own 2021 Safari Sandbox Escape
https://blog.ret2.io/2022/06/29/pwn2own-2021-safari-sandbox-intel-graphics-exploit/

Notes on OpenSSL remote memory corruption
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/

[idiot security prize] Idiot Security Prize
https://seclists.org/oss-sec/2022/q3/17

]]> https://slf.fish/mirror/22q1/ 2022-04-12T00:00:00Z

Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers
https://www.willsroot.io/2022/01/cve-2022-0185.html

DeFi protocol KLAYswap theft via BGP hijack
https://therecord.media/klayswap-crypto-users-lose-funds-after-bgp-hijack/

A one in a million bug in Switch kernel
https://gist.githubusercontent.com/plutooo/2aadbd4a718e269df474079dd2e584fb/raw/7b3af77b5202366c8934c88ef251f1e905967040/gistfile1.txt

Win32 MMIO kernel exploit
https://msrc-blog.microsoft.com/2022/03/22/exploring-a-new-class-of-kernel-exploit-primitive/

FORCEDENTRY: Sandbox Escape
https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html

FBI forensics of the Bitfinex hack
https://www.justice.gov/opa/press-release/file/1470211/download

Wormhole Solana bridge incident
https://rekt.news/wormhole-rekt/

]]> https://slf.fish/mirror/21q4/ 2021-12-24T00:00:00Z

How a simple Linux kernel memory corruption bug can lead to complete system compromise
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Titan M chip reverse engineering and bugs
https://github.com/quarkslab/titanm

Alpha-Rays: key extraction attacks on threshold ECDSA implementations
https://eprint.iacr.org/2021/1621.pdf

]]> https://slf.fish/mirror/21q3/ 2021-09-29T00:00:00Z

Frontrunning a scammer
https://amanusk.medium.com/frontrunning-a-scammer-95f34dd33cf8

Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt

Downlevel Driver Enabler
https://git.zx2c4.com/downlevel-driver-enabler/about/

Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
https://a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html

Autodiscovering the Great Leak
https://www.guardicore.com/labs/autodiscovering-the-great-leak/

]]> https://slf.fish/mirror/21q2/ 2021-07-06T00:00:00Z

Send My
https://github.com/positive-security/send-my

ChromeOS root privilege escalation and android-root persistence
https://bugs.chromium.org/p/chromium/issues/detail?id=1166932

Theodosius: JIT linker, mapper, obfuscator, and mutator
https://githacks.org/_xeroxz/theodosius

Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2
https://eprint.iacr.org/2021/819

GCP DHCP takeover code-exec
https://github.com/irsl/gcp-dhcp-takeover-code-exec

An EPYC escape: Case-study of a KVM breakout
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html

]]> https://slf.fish/mirror/21q1/ 2021-04-13T00:00:00Z

sudo bug
https://seclists.org/fulldisclosure/2021/Jan/79

CVE-2021-1782 XNU kernel exploit

• analysis: https://www.synacktiv.com/en/publications/analysis-and-exploitation-of-the-ios-kernel-vulnerability-cve-2021-1782.html
• PoC: https://github.com/ModernPwner/cicuta_virosa

Hunting for bugs in Windows mini filter
https://googleprojectzero.blogspot.com/2021/01/hunting-for-bugs-in-windows-mini-filter.html

One day short of a full chain

• Part 1 — Android kernel arbitrary code execution: https://securitylab.github.com/research/one_day_short_of_a_fullchain_android
• Part 2 — Chrome sandbox escape: https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx

Quantifying blockchain extractable value: How dark is the forest?
https://arxiv.org/pdf/2101.05511.pdf

nft_ptr
https://github.com/zhuowei/nft_ptr

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/

]]>