VXCON

VXCON agenda and run down is updated. We have additional speakers and please feel free to register, 7 more days to come. vxcon.hk

Hello X! AVTOKYO 2025 CFP and CFX pages are now online! AVTOKYO 2025 CFPとCFXのページを公開しました！ avtokyo.org/avtokyo2025/cfp avtokyo.org/avtokyo2025/cfx #avtokyo

This patch relaxes alias analysis in v8's turboshaft compiler to avoid live store elimination on unobserved nodes, the effect of which can be converted to a type confusion primitive. It's an archetypal echo of another exploit from recent years. RCE only

New 4 day Practical Drone Hacking Training @BlackHatEvents, it includes more exciting new tools such as SDRPro & SpeedyBee Drone. Early Bird ends at 23 May. See you in #BlackHat

We have another collision. Although Angelboy (@scwuaptx) from DEVCORE Research Team successfully demonstrated their privilege escalation on Windows 11, 1 of the 2 bugs he used was known to the vendor. He still wins $11,250 and 2.25 Master of Pwn points. #Pwn2Own

In a video highlight from Day Two, Qrious Secure takes on NVIDIA with a four-bug chain. youtube.com/shorts/lUYHdGs…

🎉 SECCON Beginners CTF 2025、開催日が変わりました！ 📅 新日程：7/26（土）14:00 ～ 7/27（日）14:00（JST） 🔔 予定の調整をお願いします🙏 ✅ 参加登録は【7/19（土）】スタート予定！ 🔗 詳細はこちら👇 seccon.jp/14/seccon_begi… #SECCON #CTF #CTF初心者 #ctf4b

We just published our investigation into a Cactus ransomware campaign, uncovering TOYMAKER, an IAB group using a custom backdoor LAGTOY. It’s still challenging to identify compartmentalized attacks. We’ll share our approach and solutions at @pivot_con in 2 weeks! #toymaker

Why not use Ghidra? Snarky answers aside - personal preference. I prefer @vector35’s UI choices and Pythonic API to the @NSAGov ’s design choice to use Java. And I’m fine paying for software - it creates incentives that don’t always exist in OSS.

We (me + @2igosha) have discovered a new Google Chrome 0-day that is being used in targeted attacks to deliver sophisticated spyware 🔥🔥🔥. It was just fixed as CVE-2025-2783 and we are revealing the first details about it and “Operation ForumTroll” securelist.com/operation-foru…

Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with @orange_8361, @ryan_flores, and @Marmusha answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you!

[#Zer0Con2025] - SPEAKER5⃣ 💁‍♂️ @matteomalvica - Breaking Chrome's V8: Type confusion, WASM JIT-Spraying and Heap Sandbox Evasion

Sorry for the long wait. Version 1.4.7 is being tagged. update your code: pip3 install qiling --upgrade github.com/qilingframewor…

We just published a blog titled "Enhancing LLM Code Generation with RAG and AST-based Chunking", authored by Ken Wong. lnkd.in/gPg5DCFH

medium.com/@tsang3337/vxc… Thank you so much for the sharing and summary by Eason from Firebird

Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, and an open-minded, hardcore researcher and developer. @cffsmith @BlackHatEvents

BREAKING: Someone just burnt 500 ETH (~$1,400,000) by sending it to 0x000... and wrote the following message 👇 "The bosses of Kuande Investment: Feng Xin and Xu Yuzhi used brain-computer weapons to persecute all company employees and former employees, and even they themselves…

We are thrilled to announce the winners of the 2024 Hex-Rays Plugin Contest! 🥇1st Place: hrtng 🥈2nd Place: aiDAPal 🥉3rd Place: idalib Rust bindings Check out our reviews of the winners and other notable submissions here: eu1.hubs.ly/H0gRDRn0 Huge thank you to all…

The results are in! We're proud to announce the Top ten web hacking techniques of 2024! portswigger.net/research/top-1…

All my idols 全部都是我的偶像🤩🥳 Can’t wait for the full details to be revealed 🥳🥳

vxrl.medium.com/prompt-injecti…