-
Tweets1K
-
Followers2K
-
Following547
-
Likes135
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). github.com/xairy/kernel-e…
Interested in practical tips for using agentic LLMs for vulnerability detection? Check out this tech report from the Fuzzing Brain team, who reached the finals of AIxCC. It was a pleasure to be involved in this effort! arxiv.org/pdf/2509.07225
Pizlix: the world's first memory safe Linux distro. I'm writing the primordial README for it now and doing a final test that `./build.sh` actually works. The I'll commit it to the Fil-C repo
We have an exciting piece of vulnerability research 🕵️♂️ to share, conducted in collaboration with external researchers from VU Amsterdam. Find out more about the L1TF vulnerability, a CPU vulnerability on some Intel CPUs (Skylake and older). goo.gle/3I69VDv
Another CVE/exploit that might have worked regardless of MTE :) → github.com/asahilina/agx-… it hijacks Apple GPU firmware → GPU gains full RAM R/W. MTE only guards CPU loads/stores, GPU DMA is outside of its scope.
Another CVE/exploit that might have worked regardless of MTE :) → github.com/asahilina/agx-… it hijacks Apple GPU firmware → GPU gains full RAM R/W. MTE only guards CPU loads/stores, GPU DMA is outside of its scope.
Last weekend, I participated in corCTF and solved the Android Pwn challenge - corphone. It was a great challenge, and I learned a lot from it. Here's my write-up :) u1f383.github.io/android/2025/0…
🕵️ From noisy sinks to confirmed vulnerabilities. BCDA traces paths, extracts key conditions, and confirms exploitable bugs — fueling our self-evolving exploit agents. 👉 team-atlanta.github.io/blog/post-mlla… #DARPA #DEFCON #AICyberChallenge #Cybersecurity #LLM #GenAI #Agent #Fuzzing
New blog post: I've looked at a crash dump that covers a TCP/IP LRU cleanup DPC, which let to a potential race condition. medium.com/@Debugger/bugc…
New article by @a13xp0p0v: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel." Alexander used his pet project kernel-hack-drill to exploit a hard race condition that received the Pwnie Award 2025. swarm.ptsecurity.com/kernel-hack-dr…
OK, ChatGPT 5 admittedly surprised me in a positive way. I threw a PNG with a (small) Python AST graph at it and told it to reverse it to Python code, and it successfully did that. I have expected it to fail hard, but here we are 🤷.
The "Critical" Chrome GPU bug (CVE-2025-9478) is suspicious. Background: Google Big Sleep recently patched a bunch of high/critical issues in privileged Chrome GPU (their new AI fuzzer). I looked at the code. All the issues require such an uncommon platform functionality, it's…
Simplified intended solution for my Windows kernel challenge at HITCON CTF 2025. github.com/scwuaptx/CTF/t… If you haven’t played this challenge yet, I encourage you to try it yourself first. github.com/scwuaptx/CTF/t… Hope everyone can learn more from our CTF.
chromereleases.googleblog.com/2025/08/stable… [N/A][436181695] High CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep on 2025-08-04 TL;DR: Repro extremely short, bug very easily exploitable for a renderer RCE. Big Sleep is interesting indeed :)
GPT-5 just casually did new mathematics. Sebastien Bubeck gave it an open problem from convex optimization, something humans had only partially solved. GPT-5-Pro sat down, reasoned for 17 minutes, and produced a correct proof improving the known bound from 1/L all the way to…
GPT-5 just casually did new mathematics. Sebastien Bubeck gave it an open problem from convex optimization, something humans had only partially solved. GPT-5-Pro sat down, reasoned for 17 minutes, and produced a correct proof improving the known bound from 1/L all the way to… https://t.co/QJ3pdZKtzH
Chrome : WebGL DrawArrays Kernel Use-After-Free (reward: $1000) crbug.com/408093267
finally got around to writing up my windows exploit from pwn2own vancouver 2024! (plus some notes about using it on xbox) exploits.forsale/pwn2own-2024/
(CVE-2025-8901)[435139154][ANGLE][Translator] Without this validation, a shader using an inout variable can write into a memory beyond the limit set by MaxDrawBuffers when shader framebuffer fetch is enabled(OOBW) chromium-review.googlesource.com/c/angle/angle/… 👀Reported by Google Big Sleep
Some personal news: I'm thrilled to be moving back to Project Zero! Specifically I'll be joining the Big Sleep project to find vulnerabilities in JavaScript engines. We've already found and reported our first vulnerability in V8 last week: issuetracker.google.com/issues/4362107…
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 welivesecurity.com/en/eset-resear… 1/7
That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) googleprojectzero.blogspot.com/2025/08/from-c…

chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
kylebot @ky1ebot
6K Followers 319 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]
kmkz @kmkz_security
19K Followers 2K Following Offensive Security, pom-pom girl... Who cares ?? Bourbon Offensive Security Services | BOSS
Faith 🇧🇩🇦�... @farazsth98
4K Followers 319 Following Lead Cosmos Security Engineer @zellic_io, CTFer @SuperGuesser, Prev: Android Vulnerability Research @dfsec_com
Andrey Konovalov @andreyknvl
7K Followers 787 Following Security engineer at https://t.co/027VXUlgOx. Focusing on the Linux kernel. Maintaining @linkersec. Trainings at https://t.co/D5MrxmYimS.
NiNi @terrynini38514
2K Followers 588 Following Security Researcher at @d3vc0r3 / Pwn2Own Master of Pwn (Toronto 2022) / CTFer @balsnctf
ohjin @pwn_expoit
4K Followers 444 Following I'm still hungry. I will be world-class, @[email protected]
Andy Nguyen @theflow0
61K Followers 447 Following The opinions stated here are my own, not those of my company.
Axel Souchet @0vercl0k
13K Followers 547 Following ¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.
Dohyun Lee @l33d0hyun
5K Followers 532 Following mobile / browser / microarchitectural / [email protected]
KT @koczkatamas
4K Followers 927 Following Security Engineer @ Google (personal account, opinions are my own!). ex-Tresorit. Ex-captain of @SpamAndHex CTF team.
SinSinology @SinSinology
11K Followers 685 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
INSU YUN @insu_yun
2K Followers 602 Following Associate Professor (Untenured) at KAIST EE #KAIST #HackingLab #GoN
Beulah @b_mcknight34
240 Followers 3K Following
VoidSec @voidsec86
3 Followers 356 Following
Bhagirathsinh Vala @Vala9007
89 Followers 2K Following Dad first 👨👧 | Building apps (iOS & Android) | Leading engineers | Into AI, health tech & global affairs 🌍 | Caffeine-dependent lifeform ☕
Allele Security Intel... @alleleintel
734 Followers 664 Following Allele Security Intelligence is an independent company specializing in Information Security research.
Hacktivity @hacktivityconf
4K Followers 495 Following #HACKTIVITY is the longest running event of its kind in CEE region. Started and founded in 2003. Main theme: hacking, cyber&IT sec, AI,crypto, innovation.
lvzhouhang @lzhouhang
28 Followers 475 Following
Ahmed Y. Elmogy @AhmedYElmogy
41 Followers 1K Following Independent web security researcher and bug bounty hunter.
MicrosVuln @microsvuln
2K Followers 1K Following Vulnerability under the 🔬Microscope, Dating security mitigations, breaking them up in the end ...
\ @g620_hd278_
0 Followers 1K Following
Yeongjin Jang (blue90... @blue9057
2K Followers 3K Following Principal Engineer at #SamsungResearchAmerica. Member of #TeamAtlanta. DEF CON CTF Winner. My tweets do not reflect the view of Samsung/SRA. A sponsor of 🐻
Jich @Jich_
7 Followers 289 Following InfoSec wannabe. Always busy looking at 14,000,605 possibilities
Abhinav Kumar @HelNull
2 Followers 56 Following
Advance-sec @advance_sec0
797 Followers 707 Following Advance-sec platform: is one of the top leaders in research and acquisition of vulnerabilities and 0day exploits. Email: [email protected] Wire: @advance_sec
Alan @Alan1144908
2 Followers 317 Following
P I M P @PIMP149078
33 Followers 1K Following
Huy Nguyễn @HuyNg1273273
0 Followers 4 Following
比个心 @vbigthing
90 Followers 4K Following
0xTen @_0xTen
1K Followers 852 Following android/linux kernel @vigilant_labs • prev blockchain @osec_io • ctf/pwn @cor_ctf + @eltctfbr
Scott Bauer @ScottyBauer1
3K Followers 605 Following I find 0 days. Android/Linux Kernel/Crap written in C. Will trade 0 days for bottles of DRC
d4rkc0nd0r @d4rkc0nd0r
258 Followers 546 Following
combab0 @combab0
588 Followers 6K Following
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer.
hamaccount @hamaccount
19 Followers 2K Following
Victor4XCTF @Victor4Xctf
1 Followers 380 Following
f3YK2MDZ3CRKeQD @f3YK2MDZ3CRKeQD
0 Followers 75 Following
陈维政 @SB6lvoZjVL83942
0 Followers 1 Following
no_r0llback @0xmadvise
1K Followers 402 Following “architectural flaws overlooked by their creators” @Google
v6r @V6R__
3K Followers 491 Following
nil @nilripper
25 Followers 432 Following (gdb) set domain = "VR|XD" (gdb) call (void)ud2::crew(@0xud2, &⛧)
bik0t @bik0t
22 Followers 582 Following
Amalia Radoi @AmaliaRado56600
6 Followers 359 Following
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
cts🌸 @gf_256
61K Followers 836 Following Co-founder and hacker @zellic_io & @pb_ctf | https://t.co/nlNai6iiMP | 24 Intern @egirl_capital slow to reply to DMs
starlabs @starlabs_sg
9K Followers 18 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Chromium Disclosed Se... @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
kylebot @ky1ebot
6K Followers 319 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]
Ivan Fratric 💙💛 @ifsecure
18K Followers 207 Following Security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Ptrace Security GmbH @ptracesecurity
58K Followers 867 Following Empowering IT Security Professionals through Hands-On Online Courses.
Faith 🇧🇩🇦�... @farazsth98
4K Followers 319 Following Lead Cosmos Security Engineer @zellic_io, CTFer @SuperGuesser, Prev: Android Vulnerability Research @dfsec_com
simo @_simo36
7K Followers 116 Following
Samuel Groß @5aelo
24K Followers 501 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
SSD Secure Disclosure @SecuriTeam_SSD
24K Followers 2 Following SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. [email protected]
ohjin @pwn_expoit
4K Followers 444 Following I'm still hungry. I will be world-class, @[email protected]
Zero Day Engineering @zerodaytraining
8K Followers 1 Following State-of-the-Art Vulnerability Research & Training • @alisaesage
Alisa Esage Шевч�... @alisaesage
38K Followers 101 Following Independent Hacker, Sovereign Builder, Solo Business Owner • @zerodaytraining • Pronounced ‘is edge’
Wil Gibbs @cl4sm
541 Followers 241 Following @ASU Sefcom PhD Student | @Shellphish Captain Emeritus | AIxCC Shellphish Team Lead | pwn and rev is where it’s at | 日本語🤏
Yeongjin Jang (blue90... @blue9057
2K Followers 3K Following Principal Engineer at #SamsungResearchAmerica. Member of #TeamAtlanta. DEF CON CTF Winner. My tweets do not reflect the view of Samsung/SRA. A sponsor of 🐻
Security Bug Aggregat... @BugsAggregator
1K Followers 1 Following Aggregate Chromium disclosed security bugs.
emma @carrot_c4k3
4K Followers 281 Following cyber torture pioneer. bug bounty billionaire. most controversial pwn2own winner (contested). en🇺🇸/ru🇰🇿. she/her 🏳️⚧️
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
Tim Becker @tjbecker_
2K Followers 350 Following Security Researcher at @theori_io. Flag capturer at @PlaidCTF. Cryptography enjoyer.
Team Atlanta @TeamAtlanta24
702 Followers 26 Following 🔥AIxCC Winner Team | Georgia Tech, Samsung Research, KAIST, POSTECH | 🚀Building next-gen AI-driven bug finding & fixing systems | CRS Atlantis 🌊
Offensive AI Con @OffensiveAIcon
662 Followers 14 Following The first con dedicated to exploring the offensive use of AI. Agenda: https://t.co/OnaPkgpS5T Oct 5-8, 2025 | Oceanside, CA #OffensiveAICon
deepsec.cc @deepsec_cc
258 Followers 0 Following
Rolf Rolles @RolfRolles
14K Followers 357 Following Static reverse engineering, deobfuscation, program analysis and formal verification, training, mathematics, compilers, functional programming, etc.
Gerrard Tai @gerrard_tai
270 Followers 522 Following vuln research and pwn | ex csgo pro for team "Counter-Terrorists"
Kevin Colley @kjcolley7
69 Followers 39 Following Product Security Engineer. Former President of @HackUCF. I like iOS jailbreaking, game modding, CTF competitions, and snowboarding.
Renan Rios @hyhy_100
223 Followers 290 Following Weeb bounty hunter 🇧🇷, 2024 Top 20 Chrome VRP Researcher. Interested in browser/kernel security, GFX and AI driven text games. Miqu!
watchTowr @watchtowrcyber
9K Followers 14 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
kiddo @kiddo_pwn
968 Followers 390 Following Independent Security Researcher | Pwn2Own (24🇮🇪 / 25🏎️)
TyphoonCon🌪️ @typhooncon
8K Followers 4 Following TyphoonCon is an annual all Offensive Security Conference, taking place May 25-39, 2026 in Seoul, South Korea 🌪️
Volodya @volodiyah
615 Followers 448 Following Security Engineer interested in Program Analysis with applications in (de)obfuscation, antivirus evasion or vulnerability research.
SinSinology @SinSinology
11K Followers 685 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Kevin2600 @Kevin2600
11K Followers 57 Following
HBh25Y @HBh25Y
55 Followers 301 Following
peterpan0927@infosec.... @Peterpan980927
2K Followers 353 Following Mobile Security Researcher @starlabs_sg
Danis Jiang @danis_jiang
3K Followers 1K Following Yuhao Jiang / former ctfer @ Vidar-Team / Security Researcher @ Ant Group Light-Year Security Lab / GeekPwn 2022 / Pwnie Awards 2023 / Tianfu Cup 2023
Crowdfense @crowdfense
3K Followers 1K Following Crowdfense is the world-leading research hub and acquisition platform for zero-day exploits and vulnerability research. We offer the highest bounties
Man Yue Mo @mmolgtm
5K Followers 78 Following Security researcher at GitHub Security Lab. Tweets/views/opinions are my own.
REverse_Tactics @Reverse_Tactics
798 Followers 2 Following Software reverse engineering & vulnerability discovery company.
luckyu @uuulucky
576 Followers 233 Following
exploits.club @exploitsclub
2K Followers 111 Following A VR, RE, and Exploit Dev weekly newsletter | Join the club Contact: [email protected]
GEEKCON @GEEKCONTOP
531 Followers 62 Following Initiated by DARKNAVY. New @GeekPwn. Globally unmatched security geek event, promoting the visualization & measurable value of security ecosystem capabilities.
1377 High-yield Nukes @buptsb
2K Followers 1K Following
zeze ⛈️ @zeze7w
212 Followers 368 Following @TeamT5_Official Research Engineer / @HacksInTaiwan Staff
DARKNAVY @DarkNavyOrg
2K Followers 50 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
SYSPWN @syspwnx
267 Followers 29 Following SysPWN : A place to learn more about Vulnerability Research and make yourself ready for world-class hacking competitions
Rado RC1 @RabbitPro
5K Followers 659 Following Exploitation, hardware, embedded, reverse engineering, automotive security. Pwn2Own Master of Pwn Flashback team (@FlashbackPwn).