Journey to Root, Episode I: The Maglev King
Welcome to the first installment of our series on AI-assisted browser bug hunting and exploit development. We will walk you through a Google Chrome exploit chain, from the V8 JavaScript engine in the renderer to the GPU process. We demonstrate the full chain on Windows, and for the GPU compromise we also show a novel technique on Linux, where the mitigations are tougher to defeat.
Demo (with BEATS!): https://t.co/Jx8aAp1sMi
Full write-up: https://t.co/s0XRxLIGDL
Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
Full story: https://t.co/AmKMGUmWPt
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.
https://t.co/Cv8M69i1Mk
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets.
A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic.
https://t.co/IxURrHpBT0
In Singapore, @okx and HackerOne brought an elite team of security researchers together for a live hacking event focused on one thing: building trust through real-time collaboration.
This was security in action—fast-paced, transparent, and deeply human. Researchers tested live systems. Teams worked side by side. Vulnerabilities were uncovered and addressed when it mattered most.
When trust is built in real time, everyone wins.
#H165 #TogetherWeHitHarder
@ElS1carius After digging deeper, I found the root cause in lua-nginx-module, which Kong is built on. Still, I believe Kong should have investigated further, as I found the issue easily exploitable across multiple companies using their products!
🚨HTTP Request Smuggling in lua-nginx-module!🚨
This affects major proxies like Kong GW, OpenResty, Apache APISIX and many more👀
Check it out: https://t.co/G9juMax7zk
Big thanks to @albinowax for his awesome research and for answering all my questions!
#bugbounty#bugbountytips