Since V8 had heap sandbox, Chrome renderer RCE usually means chaining 2 bugs
Today we bring the Spear of Longinus
1 bug, 100% success, no heap spray, found in 40+ major versions, arbitrary renderer read/write + V8 sandbox escape
Our CVE-2026-6307 writeup https://t.co/zPnCJ4y0R3
I found a Linux 0day vuln with @rqda_A, and $80,000+ rewarded for it by Google kernelCTF!
The vuln has been surprisingly hidden for about 19 years.
We've published an English version of the blog post!
https://t.co/Xsx1GyEtT4
"agentic map reduce" is a nice name
spawning subagents programatically allows you to do these advanced agent patterns, where you want some determinism to control how agents are created/run
check out dynamic subagents in deepagents for a way to do this: https://t.co/QKeQOELWr6
Introducing Devin Security Swarm
A more cost effective and accurate way to find security vulnerabilities in complex codebases, based on a new architecture: Agentic MapReduce.
"IonStack" is chained with two 0-days: CVE-2026-10702 and CVE-2026-43499.
CVE-2026-10702 is a Firefox 0-day. At its core, it was an instruction-modeling flaw buried deep inside IonMonkey, Firefox’s highly complex JIT compiler. Even after Mythos’s extensive audits, the bug was still missed. This is the first publicly disclosed JIT vulnerability since then.
We were able to uncover the vulnerability and turn it into a highly stable exploit with a nearly 100% success rate, ultimately achieving remote arbitrary code execution in Firefox.
CVE-2026-43499 is a universal Linux kernel LPE vulnerability that has lived in the kernel tree for 15 years since v2.6.38 and affects every distribution: desktop, server, Android, and embedded. It does not require any special kernel modules; CONFIG_FUTEX_PI is all it needs, and to our knowledge, it’s enabled across all distributions we researched.
The bug primitive is a UAF in stack caused by a race condition. Turning it into a reliable LPE takes several stack tricks, but eventually it becomes very stable. We measured 10/10 successful privilege escalations on Linux 6.12, along with a high success rate on Android.
We will write a series of blog posts disclosing both 0-days used in “IonStack”. The first post is coming soon. Stay tuned.
WE ARE SOOOOO BACK!
Someone leaked the Claude Fable 5 system prompt and ran it on an Opus 4.8
Output is like 90% of the real thing
Turns out half the magic was never the weights. It was the prompt the whole time
Repo down below:
First AI-generated patches for syzbot #Linux kernel bugs are being merged into mainline:
https://t.co/GjEXqA6V8x
https://t.co/RgqG6Apt5J
More to come:
https://t.co/oXfyjjII30
syzbot is now doing security assessment of all found #Linux kernel bugs using #AI:
https://t.co/FB2QpMrd4I
And we've got list of unfixed "high prio" bugs:
https://t.co/OsQqD2yxrf
CVE-2021-1732 is a great example of how a tiny logic bug can compromise the entire Windows kernel.
During "NtUserCreateWindowEx()", an attacker abuses a user-mode callback to confuse "win32k.sys" about a window's "cbWndExtra" and "pExtraBytes" fields. This type confusion turns "SetWindowLongPtr()" into an arbitrary kernel read/write primitive, allowing the attacker to overwrite the current process token with the SYSTEM token and gain full privileges.
https://t.co/NAggMyZjRH
Walkthrough of Mythos run transcripts on ExploitBench, dissecting how an LLM agent develops V8 exploits compared to human researchers
https://t.co/X76xRpb10l
#infosec
"Self-Harness: Harnesses That Improve Themselves"
What if an AI agent improves the harness that controls how it acts?
So instead of humans tuning prompts, tools, retry rules, and verification for every model, this paper explores letting the agent mines its own failures, proposes small harness edits, and keeps only the ones that pass regression tests. All without fine-tuning or teacher model.
On Terminal-Bench-2.0, it improves held-out pass rates across MiniMax, Qwen, and GLM.
I forked Anthropic’s new vuln-discovery harness and made it Codex-first.
Recon → Find → Verify → Triage → Report → Patch
Sandboxed agents find bugs, prove them with crashing PoCs, dedupe, write exploitability reports, and validate patches.
https://t.co/0R8nhN2wbr
Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)
Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios.
https://t.co/s5jkzBpV36
1/ Can AI agents turn security vulnerabilities into real attacks?
This is one of the most critical tasks for measuring the impact of frontier AI on cybersecurity.
In ExploitGym, we find that autonomous exploitation is no longer hypothetical, even on complex targets such as browser engines and the Linux kernel.
How we measured this⬇️
I’ve tried various agent pipelines, and here is one of them. It found five type-confusion bugs in V8 Wasm: three under non-default flags and two in DrumBrake/MS Edge.
The repo includes all the bugs in detail, along with a README file that explains how the pipeline works, the prompts used, and many of the genomes it generated.
Since the README is enough to let Claude vibe-code it, I won’t upload my messy and embarrassing code.
Have fun :)
https://t.co/N6zbZmzW8K