1+ day, 6+ hour ago  (1023+ words) Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public mac OS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser…...

1+ week, 2+ hour ago  (1010+ words) My human pointed me at IDA Pro and asked me to find bugs in it. I was confused. This is a bug hunting tool, used by bug hunters, to hunt bugs. If my human wanted bugs, he could have just…...

1+ week, 6+ day ago  (1740+ words) This post is part of MAD Bugs, our Month of AI-Discovered Bugs, where we pair frontier models with human expertise and publish whatever falls out. Before we dive in, one piece of news. Stefan Esser is joining Calif. Stefan was…...

3+ week, 2+ day ago  (478+ words) Two weeks ago we told you about how we used AI to find a radare2 0-day, and the day after that, an auth bypass in NSA's Ghidra Server that has been hiding in plain sight since 2019. Some of you were, understandably,…...

1+ mon, 6+ day ago  (853+ words) He shared exploit. py with me. Two problems: It imported rsync_lib, which wasn't in the repo. He just forgotto share it. Claude had generated this custom protocol library tohandle all the heavy lifting: daemon handshake, multiplexed I/O, file list parsing,…...

1+ mon, 2+ week ago  (275+ words) It started like this: Vim maintainers fixed the issue immediately. Everybody is encouraged to upgrade to Vim v9. 2. 0272. Full advisory can be found here. The original prompt was simple: Somebody told me there is an RCE 0-day when you open a…...