XetraSec @xetrasec
Vulnerability Researcher | Exploit Developer | Low Level 0days Hunter /dev/null Joined June 2021-
Tweets2K
-
Followers101
-
Following485
-
Likes1K
Breaking down the patch for CVE-2025-43400, a FontParser vulnerability in the latest macOS Tahoe and iOS 26.0.1 update. The issue: A malicious font could cause an out-of-bounds write, leading to memory corruption. Let's look at the fix. 🧵
Breaking down the patch for CVE-2025-43400, a FontParser vulnerability in the latest macOS Tahoe and iOS 26.0.1 update. The issue: A malicious font could cause an out-of-bounds write, leading to memory corruption. Let's look at the fix. 🧵
Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year github.com/b1n4r1b01/n-da…
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.
A new Project Zero blogpost by @tehjh in which he writes about an interesting and little-known bug class that affected web browses, Linux and, most recently, macOS. The bug class can also be used for leaking pointer tag information in some scenarios.
A new Project Zero blogpost by @tehjh in which he writes about an interesting and little-known bug class that affected web browses, Linux and, most recently, macOS. The bug class can also be used for leaking pointer tag information in some scenarios.
Is the iPhone 17 Safe from Exploitation? (MTE breakdown) youtu.be/UVD0fbiNbnM?si…
We present appledb_rs, an open-source tool to analyze Apple IPSWs without storing full images. Extraction, indexing, API, and web interface to speed up your security research 🔍 🔗 Full article available here: synacktiv.com/en/publication… 📂 Source code: github.com/synacktiv/appl…
A technical look at @GrapheneOS Hardened Malloc, a memory allocator designed to mitigate heap corruption vulnerabilities (UAF, overflows) and break common exploit primitives. Deep dive for security researchers & exploit developers by @iksocin synacktiv.com/en/publication…
Great work from @wh1te4ever iOS 18.0-18.3.2 github.com/wh1te4ever/xnu…
How Does the iOS Kernel Copy Memory? (Virtual Memory Internals) youtu.be/0hxUEaDp1AA?si…
Oh also this, which is technically WAI but has the unfortunate side effect (because of linear map non-randomization) that instead of bypassing KASLR, you can just use 0xffffff8000010000 as your kernel base instead.... project-zero.issues.chromium.org/issues/4342697…
Another XPU/GPU exploit shows the kernel could be compromised even with 𝐌𝐓𝐄, by mapping a GPU address to any physical address. Attackers can overwrite kernel code/data & gain execution great blog by @benhawkes, loved rereading it one more time. googleprojectzero.blogspot.com/2020/09/attack…
Another XPU/GPU exploit shows the kernel could be compromised even with 𝐌𝐓𝐄, by mapping a GPU address to any physical address. Attackers can overwrite kernel code/data & gain execution great blog by @benhawkes, loved rereading it one more time. googleprojectzero.blogspot.com/2020/09/attack…
The "Great DNG Hack" story gets a bit more intriguing. In addition to CVE-2025-43300 (iOS), a separate vuln (in a separate DNG parser!) patched in Samsung's Sept 2025 update: x.com/__suto/status/…
The "Great DNG Hack" story gets a bit more intriguing. In addition to CVE-2025-43300 (iOS), a separate vuln (in a separate DNG parser!) patched in Samsung's Sept 2025 update: x.com/__suto/status/…
There's a sick linenoise article by @iximeow in @phrack 71 called "Learning An ISA By Force Of Will", where ixi goes from unknown binary blob, to manual instruction decoding, to figuring out control flow, and gives a critique of the RE'd ISA. phrack.org/issues/71/3#ar…
There's a sick linenoise article by @iximeow in @phrack 71 called "Learning An ISA By Force Of Will", where ixi goes from unknown binary blob, to manual instruction decoding, to figuring out control flow, and gives a critique of the RE'd ISA. phrack.org/issues/71/3#ar…
Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. qriousec.github.io/post/oob-angle/ by @lanleft_ + @__suto
Pixels have provided hardware memory tagging (MTE) support since the Pixel 8. GrapheneOS deployed it in production around a month after the launch of the Pixel 8 and we use it for the kernel and nearly the entire base OS. We use it for some third party apps and users can opt-in…
🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memory-in…
The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix, by Madimodi Diawara blog.quarkslab.com/patch-analysis…
My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025 a13xp0p0v.github.io/2025/09/02/ker…
The issue in WhatsApp seems to be a logic vulnerability and appears to target users who have iMessage turned off, in order to trigger the ImageIO vulnerability.
The issue in WhatsApp seems to be a logic vulnerability and appears to target users who have iMessage turned off, in order to trigger the ImageIO vulnerability.
CVE-2025-55177, an authorization bypass in WhatsApp on iOS and Mac, allowed attackers to force "content from arbitrary URL" to be rendered on a target’s device.. A zero-click vulnerability recently patched by Apple (CVE-2025-43300) was also used in the WhatsApp attack 👀
Ali Hassam @hassam_ali15203
1 Followers 8 Following
Ysraooba @Ysraooba124
17 Followers 993 Following
RosalindParker @Pl4uFD6vS6wP3
19 Followers 556 Following
adam @xstudento
0 Followers 149 Following
Budpeaq @Budpeaq4584
6 Followers 281 Following
Ouwhausuq @Ouwhausuq7873
6 Followers 283 Following
Glule @Glule8498786
27 Followers 1K Following
Slierdeq @Slierdeq006640
22 Followers 992 Following
Greg Konopelski @GregKonope91624
70 Followers 3K Following
Upleroqhir @Upleroqhir751
45 Followers 1K Following
Fweahac @Fweahac8504285
63 Followers 1K Following
MalwareX @MalwareX532974
92 Followers 1K Following
BRIAN D BROWN @BRIANDBROWN7000
73 Followers 2K Following
Mohammed | مُحَم... @u0pattern_cs
3K Followers 1K Following Mobile Security R&D by day | Saudi nationalist politician by night, whose ambition is to see his country 🇸🇦 lead the region #the_saudi_cyber_arms_company_2035
Out Of The Box Securi... @OOTBconf
291 Followers 326 Following A one-day deep dive into unconventional hacks, creative exploits, and attacks! JKT - Feb 25th 2025 BKK - Aug 20th & 21st 2025
Mosaab_💬 @iSpotVulnz
2K Followers 1K Following Software Necromancer🗄️; Low Level Dweller 👾; lvl 28 ScriptKiddie 😁 ; VR w/ EMU TEAM; CTFs & RevEng tuts w/ @Purp1eC0 ;
JudyJohnson @h2vq5GXy4UD4ZWq
73 Followers 1K Following
Tearteen @TearteeniBXK
113 Followers 7K Following
Sosuke Uchiha @Sosuke_Uchiha_
0 Followers 2K Following Admiration is the emotion furthest away from comprehension.
Lorenzo Franceschi-Bi... @lorenzofb
52K Followers 3K Following Senior reporter @TechCrunch, writing a book on Hacking Team and the industry of government spyware. ☎️ +1 917 257 1382
user @HeRo48847866457
7 Followers 297 Following
Infosec @infosec_com_br
384 Followers 4K Following
0n3 @0n315
121 Followers 1K Following
Ojaswi Kumar Mishra�... @0xojaxwi
77 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
kaanezder @kaanezder
810 Followers 937 Following physics & low level stuff a.k.a aventador (daily account @psyduccckkkk)
Josh @Jblk1337
0 Followers 472 Following
Cs Shankar @csshankar121
27 Followers 2K Following
Cathy @cathy_anderson_
330 Followers 3K Following
0xLite@Ha @AzyzChayeb
886 Followers 7K Following
akash_offsec @akashoffsec
386 Followers 2K Following Security Researcher🧑💻 | Bug Hunter | Penetration Tester
soaphorn seuo @soaphornseuo
3K Followers 7K Following
CamillePollitt @R52v81h6HQdrQ96
76 Followers 7K Following
Naman Devnani @naman_devnani
419 Followers 7K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE | COL
Jacqueline @b_jacqueline19
244 Followers 3K Following
The Coffee Guy @T_CoffeeGuy
278 Followers 3K Following Café-adicto, Jazz,Blues,Bossa Nova. Café de todos los sabores y tamaños. Cortometrajes,Teatro,Cultura y Valores.☕
David F. Riggins @7angelspublish
153 Followers 649 Following ☆ There are some people who, if they don't already know, you can't tell 'em. ○Yogi Berra○
DarrylThurber @DarrylThur84224
47 Followers 2K Following
DEFION Research Labs @defionlabs
1K Followers 1 Following We are the security research division of DEFION Security
DARKNAVY @DarkNavyOrg
2K Followers 50 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
DawnSecurityLab @dawnseclab
1K Followers 6 Following Dawn Security Lab focusing on system & iOT security https://t.co/H2vUNhaVd0
Tim Becker @tjbecker_
2K Followers 349 Following Security Researcher at @theori_io. Flag capturer at @PlaidCTF. Cryptography enjoyer.
PagedOut @pagedout_zine
5K Followers 9 Following Paged Out! is a free magazine about programming, hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other amazing topics.
Pakistan Observer @PakObsOfficial
15K Followers 5 Following Independent coverage of conflict, defense, and strategic affairs. For Media inquiries: [email protected]
Iran Observer @IranObserver0
708K Followers 142 Following ☫ || Iran News || Geopolitics || non-state affiliated ||
Rei Kawa @kawarei0
506 Followers 215 Following
M1n@Cris @minacrissDev_
6K Followers 7K Following iCloud OFF Exploit by SN owner, First iCloud Bypass(Wifi+GSM), iCloud Relock exploit, iOS Programmer ||
Hossein Lotfi @hosselot
6K Followers 60 Following Vulnerability researcher at ZDI (views are my own). Check #hosselot_tips for vulnerability research tips. 'A machine never faults. It reflects human's faults.'
Chaithu @ant4g0nist
2K Followers 256 Following Building building || Vulnerability Research || fuzzing artist || 🦀 + security
Dillon Franke @dillon_franke
1K Followers 398 Following Fuzzing, MacOS, vuln research @Google. Jesus Follower
Jack Rhysider 🏴... @JackRhysider
165K Followers 4K Following Creator of @DarknetDiaries. Tell me a good hacker story. 💻🔦⤵️🐰🕳️ Discord: https://t.co/qxanMuJ5X2
deepsec.cc @deepsec_cc
261 Followers 0 Following
Kiprey @Kipreyyy
970 Followers 59 Following Web3 Sec researcher & Hacking for fun. DM in discord @kipreyyy. Blackhat USA 23&24 Asia 25 Speaker / 2023-2024 Top Chrome VRP Researcher / Zer0con 24 Speaker.
sakura @eternalsakura13
8K Followers 190 Following Lead Security Researcher @zellic_io. 2022-2024 Top 3 Chrome VRP. 2023 Top 2 Facebook Whitehat. 2025 MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con speaker.
Trail of Bits @trailofbits
35K Followers 256 Following We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
AJ @justandrijana
600 Followers 402 Following Janai researcher. AJ around the world. RCEPECT. CEO of SAFA Team.
Out Of The Box Securi... @OOTBconf
291 Followers 326 Following A one-day deep dive into unconventional hacks, creative exploits, and attacks! JKT - Feb 25th 2025 BKK - Aug 20th & 21st 2025
Donncha Ó Cearbhaill @DonnchaC
6K Followers 5K Following Head of Security Lab at @AmnestyTech - Hunting spyware and unlawful surveillance targeting civil society (He/Him) - Fedi: @[email protected]
eShard @eshard
2K Followers 331 Following Beyond testing tools, solutions that deliver expertise. 🌐 Chip & binary security testing https://t.co/1dUvkjLR8L https://t.co/BCMLXCF49H
TheRealClarity @imnotclarity
611 Followers 31 Following Sometimes maybe good sometimes maybe shit jailbreak developer
rev.ng @_revng
5K Followers 4 Following Building the next generation decompiler. Binary analysis is a dish best served static.
ZygoSec @ZygoSec
1K Followers 1 Following Education platform for acquiring skills in modern vulnerability research & software exploitation
SinSinology @SinSinology
12K Followers 685 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Lorenzo Franceschi-Bi... @lorenzofb
52K Followers 3K Following Senior reporter @TechCrunch, writing a book on Hacking Team and the industry of government spyware. ☎️ +1 917 257 1382
RE//verse @REverseConf
3K Followers 26 Following A conference for all things in the reverse engineering universe... https://t.co/X54VHq2eD4
Eclypsium @eclypsium
2K Followers 211 Following A supply chain security platform that builds trust in every device.
Qrious Secure @qriousec
1K Followers 3 Following Debugger is main vehicle to satisfy our boundless Qriousity. A non-profit 🇻🇳 hackers' club driven by passion.
Dohyun Lee @l33d0hyun
5K Followers 531 Following mobile / browser / microarchitectural / [email protected]
LaurieWired @lauriewired
106K Followers 285 Following researcher @google; serial complexity unpacker; https://t.co/Vl1seeNgYK ex @ msft & aerospace
Huy Nguyen @Little_34306
17K Followers 281 Following Contact email: [email protected], others platform: https://t.co/qY3jaBjkDn
Jack Maginnes 🏴... @_stigward
1K Followers 597 Following Professional bug creator and side-project abandoner | @exploitsclub | prev VR w/ @interruptlabs
jonpalmisc @jonpalmisc
708 Followers 296 Following iOS exploits, (de)compilers, etc. — https://t.co/Tdx9Z5i1Ks
Gyorgy Miru (Gym) @gymiru
670 Followers 284 Following In kernel space no one can hear you scream! The Android kernel guy at SAFA Team, proud @SpamAndHex dropout. We are hiring: https://t.co/UPcIOeusrM
CODE BLUE @codeblue_jp
6K Followers 625 Following CODE BLUE 2025: International cybersecurity conference 📆 Training: 11/16-17 |Conference: 11/18-19 📢 参加登録受付中!Now Accepting Registrations! HP https://t.co/blERauRf35
kaanezder @kaanezder
810 Followers 937 Following physics & low level stuff a.k.a aventador (daily account @psyduccckkkk)
binerdd @binerdd
1K Followers 976 Following Jaewon Min, Senior Vulnerability Researcher; These are my views not my employers. @[email protected]Trends for United States
You might like
