This blog reverse-engineers how Apple's MIE works inside the iOS 26 kernel - hardware memory tagging that mitigates buffer overflows, UaF, and type confusion with near-zero overhead: https://t.co/16Ih0F6qqF
Three pillars: type-aware allocators, Enhanced MTE with synchronous faults, and SPTM hypervisor protection that guards tag storage even with a compromised kernel.
Follow @8kSec for more iOS kernel research.
Exploiting an uninitialized stack variable on ARM64:
https://t.co/bclwnNi5I9
Function one() writes locals and returns. The bytes remain.
Function two() allocates the same frame and reads uninitialized locals, recovering previous values.
If the data is a pointer or size field, this becomes a primitive for leaking or influencing memory.
Follow @8kSec for more practical security content
Modern C2 implants use sleep masking & metamorphic code to stay hidden. We’re revealing how to unmask them using low-level runtime telemetry (ETW & CPU profiling) live in production including a POC with a lightweight sensor.
My team will be presenting our research at x33fcon:
https://t.co/qhtckSyxx5
A darknet vendor is selling a Windows RDP privilege escalation exploit for $220,000. Despite the price, Microsoft already released the fix in February 2026.
https://t.co/v7HYwKa42V
#Lazarus The attack chain begins when the victim clones the malicious repository and opens the frontend application. Doing so triggers a sequence of stagers that ultimately deploy DEV#POPPER RAT and OmniStealer. DEV#POPPER’s source code is retrieved from blockchain transaction input data, decrypted, and then executed.
https://t.co/jvpjWwGJfY
From our blog archives: Part 3 of our Pegasus malware writeup. Nearly 90% of the declared Android components ship with no code in the APK. Everything meaningful is pulled in at runtime via DexClassLoader, and heavy use of getMethod()/invoke() makes static analysis almost useless. We also reverse take_screenshot, libk, and addk.
Full writeup: https://t.co/h1Kvvgykdo
CVE-2025-29969 EventLogin
A flaw in the MS-EVEN protocol. Low-privileged users can write arbitrary files to a remote machine, effectively bypassing the need for an administrator account for remote file writes
https://t.co/o1fs5nXhFj
#dfir#blueteam#redteam#pentesting#cve #ThreatHunting
iOS kernel panic logs can tell you more than just “it crashed.” This walkthrough covers extraction, address unsliding, and symbolication — including tracing a PUAF-triggered panic back to pmap enforcement in XNU: https://t.co/iXptIG0O72
Excited to share my first Apple CVEs in ImageIO 🎉
CVE-2026-20675
CVE-2026-20634
Thanks to Apple Product Security and Trend Micro’s Zero Day Initiative (ZDI) for the coordinated disclosure
🚨New Blog Alert: iPhone 17 (A19) introduces Memory Integrity Enforcement (MIE), Apple’s hardware-backed memory tagging integrated into the kernel.We reversed the kernel to see how it actually works 👇
https://t.co/16Ih0F6qqF
Part 1 covers:
🔹A19-only, synchronous tag checks with no runtime overhead
🔹New kernel instructions (irg, stg) replacing software mitigations
🔹Hardware-level defense against tag side channels (TikTag)
🔹How kalloc_type and xzone malloc drive tag enforcement
Why it matters:
MIE changes kernel RE, crash triage, and exploit viability. Tag mismatches look like crashes, familiar heap primitives fail, and kernel caches now contain instructions most tools don’t explain yet. This blog enables you to quickly identify MIE-related code, interpret new crash signatures, and adjust exploit strategy to the new hardware reality.
👀Stay tuned for Part 2!
We are tracking a new infostealer named #DotStealer 2.0. The loader is AutoIt-based (tracked as #DotLoader), the stealer is C++.
Possesses extensive capabilities like keylogging, webcam control, sound capture, etc.
Logs are sent over Telegram + uploaded to https://t.co/dJACXxYibH.
DotLoader:
https://t.co/bwNeBIObYi
DotStealer2.0:
https://t.co/Y1ueWSKgfP
Emulator rooting isn’t just about injecting Magisk, it’s about how you set the emulator up completely for tasks that need escalated access. Quick Boot snapshots will silently undo your root changes. Most readers miss this persistence gotcha. 🔍🔥 Take a look at that part…
https://t.co/y5rIb942Ub
Dear threat hunters and malware analysts!
new web version of #matkap is back online. You can now easily hunt malicious telegram bots via https://t.co/WP9won6ozE .
And it’s completely free 😃
Merry Christmas and happy hunting!
🚨 Indirect-Shellcode-Executor Tool Exploits Windows API Vulnerability to Evade AV and EDR
Source: https://t.co/c2HCPrSbsL
A new offensive security tool developed in Rust is demonstrating a novel method for bypassing modern Endpoint Detection and Response (EDR) systems by exploiting an overlooked behavior in the Windows API.
Dubbed Indirect-Shellcode-Executor, the tool leverages the ReadProcessMemory function to inject shellcode, effectively avoiding standard API calls that security vendors monitor for malicious activity.
The core of this technique relies on research originally discovered by security researcher Jean-Pierre LESUEUR (DarkCoderSc). While ReadProcessMemory is designed to read data from a specific process, it contains an [out] pointer parameter named *lpNumberOfBytesRead.
#cybersecuritynews
The entire AV, EDR, and SOC industry is a SCAM.
Has your organization been a victim of ransomware? Start the computer in DEBUG MODE. DUH.
Then simply delete the malware. It's as simple as that.
Operation Endgame 'Season 3' has delivered a massive blow to the global cybercrime ecosystem.
Coordinated by Europol & Eurojust, the international operation successfully dismantled the infrastructure of three major malware services: the Rhadamanthys infostealer, the VenomRAT Remote Access Trojan, and the Elysium botnet.
Key operational results include over 1,025 servers taken down or disrupted, 20 domains seized, and the main suspect for VenomRAT arrested in Greece.
This dismantled infrastructure was responsible for infecting hundreds of thousands of victims, stealing millions of credentials, and compromising over 100,000 crypto wallets.
The action involved 10 countries, including the United States, United Kingdom, Germany, France, Canada, and Australia, in a unified front against cybercrime.
https://t.co/OBu6UOXLPl
🚨iOS Challenge Alert: FridaInTheMiddle
Can you outsmart a Swift app that actively hunts your Frida hooks? This one’s built with runtime detection that flags injected dylibs and debugging attempts in real time.
Your task: Keep Frida running undetected and intercept the flag argument passed to dummyFunction.
Ready to prove your iOS exploitation skills - https://t.co/7SPxOH4wX6 💥 #MobileSecurity #iOSSecurity