Guang Gong @oldfresher
Joined August 2014-
Tweets200
-
Followers4K
-
Following266
-
Likes69
Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…
Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787… https://t.co/g2FWl24wkc
Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab #CVE-2025-24200 👉 blog.quarkslab.com/first-analysis…
ChatGPT Account Takeover - Wildcard Web Cache Deception : nokline.github.io/bugbounty/2024… credits @H4R3L Ref : Shockwave Identifies Web Cache Deception and Account Takeover Vulnerability affecting OpenAI's ChatGPT : shockwave.cloud/blog/shockwave…
Exploiting ML models with pickle file attacks: Part 2 blog.trailofbits.com/2024/06/11/exp…
Exploiting ML models with pickle file attacks: Part 1 blog.trailofbits.com/2024/06/11/exp…
前几天的Telegram的RCE应该是这个:TG桌面客户端由于拼写错误,将Python zipapp的扩展名pyzw写成pywz(.pyzw是Windows的可执行文件),导致TG客户端打开对应文件不会有安全警告,将会直接执行指定文件 感谢@VulkeyChen师傅提供的资料 Github链接:github.com/telegramdeskto…
前几天的Telegram的RCE应该是这个:TG桌面客户端由于拼写错误,将Python zipapp的扩展名pyzw写成pywz(.pyzw是Windows的可执行文件),导致TG客户端打开对应文件不会有安全警告,将会直接执行指定文件 感谢@VulkeyChen师傅提供的资料 Github链接:github.com/telegramdeskto… https://t.co/cpOK8gSbwz
We uploaded a backdoored AI model to @huggingface which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies thehackernews.com/2024/04/google…
Seems that folks successfully achieved working RCE w/ a previous RTF/Win exploit! This is expected as #MonikerLink is a powerful attack vector (delivering exp) on Outlook - it bypasses Protected View too! Now u have more reasons to PATCH & GET PROTECTED!
Seems that folks successfully achieved working RCE w/ a previous RTF/Win exploit! This is expected as #MonikerLink is a powerful attack vector (delivering exp) on Outlook - it bypasses Protected View too! Now u have more reasons to PATCH & GET PROTECTED!
KernelGPT: Enhanced Kernel Fuzzing via Large Language Models A paper by @cy1yang et. al about using the GPT4 LLM neural network for automatically generating syzkaller descriptions. arxiv.org/pdf/2401.00563…
8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe securityaffairs.co/wordpress/1347…
A new user on the Russian cybercrime forum Exploit just posted a video claiming to show a zero-day, remote code execution exploit in Google's latest Chrome browser running on Windows 10. Asking price: $2M. h/t @HoldSecurity
Double fetch vulnerabilities in C and C++ have been known for some time, but have varying types & causes, requiring different approaches for detection & mitigation This whitepaper (by @N1ckDunn) summarizes different manifestations & fixes of double fetch research.nccgroup.com/2022/03/28/whi…
Racing against the clock -- hitting a tiny kernel race window googleprojectzero.blogspot.com/2022/03/racing…
A case study in early-stage startup execution wave.com/en/blog/early-…
It's really a complicated bug, Google takes so long to fix it.
Security: JSON.stringify leaks TheHole value, leading to RCE crbug.com/1263462
Here are the slides from the "Attacking JavaScript Engines in 2022" talk by @itszn13 and myself @offensive_con. It's a high-level talk about JS, JIT, various bug classes, and typical exploitation flows but with lots of references for further digging! saelo.github.io/presentations/…
#hosselot_tips Q: How to develop a browser fuzzer? A: developing a browser fuzzer is tricky. Run and study publicly available browser fuzzers (domato, fuzzilli, ...) and try to modify/hack them until you get experienced. Here is a good example: blog.redteam.pl/2019/12/chrome…

Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Samuel Groß @5aelo
24K Followers 501 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
ohjin @pwn_expoit
4K Followers 446 Following I'm still hungry. I will be world-class, @[email protected]
Maddie Stone @maddiestone
62K Followers 805 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
LiveOverflow 🔴 @LiveOverflow
156K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
kmkz @kmkz_security
19K Followers 2K Following Offensive Security, pom-pom girl... Who cares ?? Bourbon Offensive Security Services | BOSS
Mobile Security @mobilesecurity_
32K Followers 1K Following Mobile Security ✌🏻 #MobileSecurity #AndroidSecurity #iOSsecurity
Richard Johnson @richinseattle
18K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
stephen @_tsuro
10K Followers 527 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
nedwill @NedWilliamson
16K Followers 556 Following Tesla {Autopilot, Dojo}; Previously Google Security; PPP for life; SockPuppet, Soundhax, Speedcubing
Matteo Rizzo @_MatteoRizzo
3K Followers 589 Following Security engineer, CTF player for @0rganizers. Mastodon: @[email protected]
Ian Beer @i41nbeer
48K Followers 147 Following
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / Team 501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Dohyun Lee @l33d0hyun
5K Followers 532 Following mobile / browser / microarchitectural / [email protected]
查无此人 @ebmiNWheBuANfiQ
3 Followers 68 Following
yangrong @yangrongtttt
2 Followers 130 Following
EagleFree82 @EagleFree82
9 Followers 315 Following
cit @kyugyusinn
2 Followers 200 Following
🇺🇸WmClark🇺�... @Wmclark54
371 Followers 529 Following Lewis and Clark DNA. Reagan conservative🇺🇸 Patriot Born #1A🇺🇸 #2A #lewisandclark🇺🇸 #corpsofdiscovery 🌐 Kid Charlemagne
Mo0n Sha𝄞ow @null001__
55 Followers 3K Following
Shu Ohki @ShuOhki42125
0 Followers 33 Following
Mohammed | مُحَم... @u0pattern_cs
3K Followers 1K Following Mobile Security R&D by day | Saudi nationalist politician by night, whose ambition is to see his country 🇸🇦 lead the region #the_saudi_cyber_arms_company_2035
Abhinav Kumar @HelNull
1 Followers 56 Following
Kipiko @kipiko123_
21 Followers 45 Following Discover #DeFi From The Shadows on Core. I|Trade I| Earn I|Launch
sobujmiasobujm1 @sobujmiaso64622
16 Followers 211 Following
Strforexc yn @strforexc
1 Followers 95 Following
比个心 @vbigthing
89 Followers 4K Following
raggy456 @raggy456
1 Followers 36 Following
lucky @lucky5502118041
4 Followers 174 Following
Wukong AQA @AqaWukong57862
1 Followers 93 Following
jocker @DavidSpid12189
3 Followers 954 Following
Almog @k33p_R3AL
1 Followers 70 Following
j0guri @MazaalaiX
6 Followers 288 Following
MRX @Ashish_07211
1 Followers 132 Following
crane @Crane_0011
0 Followers 27 Following
Lan Vu @lanleft_
1K Followers 418 Following she/her | Qrious Secure @qriousec | I made my own cover photo
zzzqiba @Longofo_Wu
0 Followers 38 Following
Indigo 〰 @indigo79x
95 Followers 2K Following Happiness at dawn, Apple/kernel VR at dusk. Take a walk outside your head.
druse @MingjuanZh21680
8 Followers 333 Following
LaRoOt~# @LaRoOt77
4 Followers 207 Following 100k Palestinians were killed = 100k Israelis will be killed that's fair
INC @ret2grave
1 Followers 176 Following
Researcher @_0xPwner_
3 Followers 89 Following
Hawk @nullcoder_xd
281 Followers 5K Following 21| Here to explore; no business deals. Shit(re)poster Reply guy Terminally online
exp_only_no_poc @exp_only_no_poc
9 Followers 224 Following Exploit Only, No PoC Pursuing collaborative research with HARDCORE vulnerability researchers - P.S. We are not broker( -_- )
Phenol @Phenol__
885 Followers 687 Following Former chemistry student. @42born2code student. Reversing and pwning stuffs at @RandoriSec.
flyyy @flyyy924
0 Followers 52 Following
Stone Andy @meta0918
8 Followers 774 Following
babybio @Babycalm57
24 Followers 358 Following
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Chromium Disclosed Se... @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
Samuel Groß @5aelo
24K Followers 501 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV
mdowd @mdowd
32K Followers 746 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
ohjin @pwn_expoit
4K Followers 446 Following I'm still hungry. I will be world-class, @[email protected]
Maddie Stone @maddiestone
62K Followers 805 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
starlabs @starlabs_sg
9K Followers 18 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Zhuowei Zhang @zhuowei
33K Followers 187 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Mobile Security @mobilesecurity_
32K Followers 1K Following Mobile Security ✌🏻 #MobileSecurity #AndroidSecurity #iOSsecurity
stephen @_tsuro
10K Followers 527 Following @v8js security, CTFs and CPU vulnz. LCHL. @[email protected]
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
nedwill @NedWilliamson
16K Followers 556 Following Tesla {Autopilot, Dojo}; Previously Google Security; PPP for life; SockPuppet, Soundhax, Speedcubing
offensivecon @offensive_con
26K Followers 2 Following OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
Jeff Vander Stoep @jeffvanderstoep
3K Followers 220 Following Android security @google [email protected]
Team Atlanta @TeamAtlanta24
703 Followers 26 Following 🔥AIxCC Winner Team | Georgia Tech, Samsung Research, KAIST, POSTECH | 🚀Building next-gen AI-driven bug finding & fixing systems | CRS Atlantis 🌊
Xion @0x10n
4K Followers 123 Following CMU CSD PhD student / 2024 Top#0 Chrome Researcher / P2O Vancouver '24, TyphoonPWN '24/'25, DEFCON CTF 31-33, ... / PPP, KAIST GoN '18, @zer0pts
OSINTdefender @sentdefender
1.6M Followers 1K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
Lewis @LewisLee53
295 Followers 388 Following
Ver @Ver0759
387 Followers 130 Following Windows Security / 2024 MSRC MVR #11 / CTFer @天枢Dubhe / Tweets are my own.
Microsoft Security Re... @msftsecresponse
145K Followers 215 Following We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit https://t.co/kxEbdfMny1.
LLM Security @llm_sec
10K Followers 294 Following Research, papers, jobs, and news on large language model security. Got something relevant? DM / tag @llm_sec
hackerfantastic.x @hackerfantastic
104K Followers 5K Following Co-Founder @myhackerhouse. Cybersecurity & #Web3. Hands-on Hacking (ISBN 9781119561453). Offensive Lua. Christ's Red Team. ✝️
sagitz @sagitz_
5K Followers 834 Following Cloud Security Researcher at @wiz_io • Microsoft Most Valuable Researcher 21/22/23 • Black Hat Speaker
FuzzingLabs @FuzzingLabs
8K Followers 4K Following Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
Moon @MoonL1ang
366 Followers 226 Following Retired browser bug hunter. Currently focusing on blockchain/DeFi.
TinySec @TinySecEx
2K Followers 179 Following Security Researcher. Usenix 2017 ,MSRC top 100 2016/2017/2018. All the tweets are totally my personal opinions, not about any of my current employer stuff.
slipper🩴 | Offside... @0xslipper
798 Followers 167 Following Hack🥷everything you see and you like⚠️🩴🪨 Founder & CEO @Offside_Labs
Offside Labs @Offside_Labs
2K Followers 42 Following 🚀 Web3 Security pioneers | Expert security auditors & consultants | Guarded $300M+ in digital assets | @Paradigm_CTF 2023 Champion 🥇
Operation Zero @opzero_en
6K Followers 0 Following The only Russian-based zero-day vulnerability purchase platform.
Andrej Karpathy @karpathy
1.4M Followers 1K Following Building @EurekaLabsAI. Previously Director of AI @ Tesla, founding team @ OpenAI, CS231n/PhD @ Stanford. I like to train large deep neural nets.
Boris Larin @oct0xor
18K Followers 658 Following Former console hacker (PS3/PS4). Hunting in the wild 0-days at Kaspersky GReAT. All tweets are my own.
briankrebs @briankrebs
333K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp
p3rr0 @Hperalta89
1K Followers 332 Following
Samsung Internet Deve... @samsunginternet
3K Followers 26 Following Developer Advocacy for Samsung's Android browser https://t.co/jVfoVJqzIT
peterpan0927@infosec.... @Peterpan980927
2K Followers 353 Following Mobile Security Researcher @starlabs_sg
Dohyun Lee @l33d0hyun
5K Followers 532 Following mobile / browser / microarchitectural / [email protected]
SANS.edu Internet Sto... @sans_isc
116K Followers 86 Following @[email protected] - https://t.co/8IgCGtJnZd - Global Network Security Information Sharing Community -
heige @80vul
11K Followers 1K Following (a.k.a. SuperHei) ZoomEye https://t.co/fzvFAoPrvG SeeBug https://t.co/ldKpbho6eg KCon https://t.co/46w4vXpfkv AiPy https://t.co/bFgrqc8h9s,Team: 0x557
Chrome Releases Blog @_ChromeReleases
318 Followers 0 Following Feed for the Google Chrome Releases Blog.
BleepingComputer @BleepinComputer
241K Followers 202 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
raven @raid_akame
169 Followers 249 Following
Immunefi | Token2049 @immunefi
56K Followers 628 Following Immunefi — One Platform. Unified Security Operations. Complete Onchain Protection. Over $180B of user funds protected across 650+ protocols.
Jay Freeman (saurik) @saurik
410K Followers 135 Following I developed Cydia for jailbroken iOS devices, was a (local) politician in California, and focus on security issues for decentralized computation and networking.
Omair 🇵🇸 @w3bd3vil
7K Followers 277 Following Fuzzing Browsers and Offensive Security. #FreePalestine 🇵🇸
Zhenpeng Lin @Markak_
3K Followers 383 Following Ph.D., CTF player @Nu1L_team, now @StrawHat_CTF. #Pwn2Own winner. Author of #DirtyCred #Badiouring
cassidy6564 @cassidy6564
400 Followers 614 Following Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. bug hunter,chrome security,android security,0-day,exploit
C0de3 @c0de3_
483 Followers 2K Following Hack Windows&Linux . Kernel Bug hunter. Pentest amateur.Pwn2own 2017. AIGC Security .