Had some fun with new usbliter8 bootrom exploit. Got root shell yesterday by booting custom iOS 27.0b2 firmware on iPhone 11 Pro.
Honestly, it's not practical for daily use. For some reason, baseband, Wi-Fi, and USB connections are completely broken.
GhostLock (CVE-2026-43499) is a 15yr old kernel 0-day we used in IonStack full chain exploit.
Everything around you, as long as it runs Linux, from IoT to mobile to desktop, is affected.
Read how we won $92,337 bug bounty with GhostLock and see our exploit on Github. Link below
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: https://t.co/bwn0sximKZ
😢TyphoonPWN 2026 Unpwned😢
Found a bug in the "ipTime Router WAN PreAuth Remote Code Execution" category ($10,000) using an LLM and reported it in February for TyphoonPWN 2026. Unfortunately, it was patched in March before the event.
#TyphoonCon26
https://t.co/ILTHGKQnfT
Last year, on a vacation, @S1r1u5_ and I were discussing about the human need for validation and how most things we do can be tied to it, consciously or subconsciously.
Mohan asked, Would you still be doing what you do (hacking, publishing blogs, competing, etc.) if no one was there to see it? At that time, my answer was "yeah, probably?"
Today, the world has somewhat come to that. All the things you thought gave you validation are now norms. Things you once took pride in can be replicated in a few prompts. I mean, people are dropping 0days everyday now, and there's an unlikely chance of your blog getting reads so there goes that validation. So would you still do it on your own? For your own sake and sanity?
My answer is a confident yes now.
In the last couple of months, I've seen models find bugs autonomously or sometimes with just a bit of a hunch from me, but sharing these bugs publicly hasn't been rewarding. And not in the sense of likes or reach alone, I've just been less motivated overall. I have a few blogs sitting in my queue, and what I'm noticing is I keep procrastinating, because there's not much authenticity to my own work in them, and I don't have the enthusiasm to share the same story again, how the model found this and that. I think if you really love the game, sooner or later, you have to come to terms with the fact that to stay sane, you need to go back to that problem-solving phase, otherwise it gets pretty depressing. As much as I love watching LLMs find bugs, it feels soulless at times.. all this is a signal to me that I can't function like this in the long run. It makes me feel dopamine-deprived, and I need to be hacking shit on my own..
Now, when I say "on my own", I don't mean no AI, AI bad. No, not at all.. There's a big difference between using an LLM as an accelerator in your work vs delegating your understanding to it. From a long-term pov, the former is the only path imo, and even then, the mind map you build on your own is very different from the one you'd end up with leaning on LLMs. The dopamine hit isn't even close to figuring shit out on your own.
Seeing how AI is making 0days the norm and CTFs no longer the same.. The question is more real now than ever. Would you still sit down and hack stuff even when no one's watching, knowing people might be on top of the leaderboard via AI, just for the love for the game?
Well, that escalated quickly.
There’s been a wave of claims by cheaters about Vanguard “bricking” their PCs, so let’s clear that up: Vanguard does not damage hardware or disable your devices.
The photo we posted is a picture of cheat hardware devices that are sold explicitly for cheating in VALORANT (not normal PCs or PC components). Through our latest updates, Vanguard now makes those devices worthless for VAL, but does not in any way brick PCs or PC components or PC software.
Our latest update enforces standard platform security features, like the Input-Output Memory Management Unit (IOMMU), on accounts identified as using Direct Memory Access (DMA) cheating devices. These protections are already part of modern systems and when enabled, they block DMA cheat devices (such as those shown in the photo) from accessing memory in downstream applications, like our games.
If a cheat setup continues attempting to cheat after those protections are enabled, the system may generate hardware faults or instability. This is expected behavior under IOMMU when attempts are made to read protected memory.
Disabling IOMMU allows the cheat device to function again, but IOMMU will still be required to play our games. This means the cheat device won’t work with our games, but your PC isn’t “bricked.” We would not, and cannot, impact your PC’s functionality in any other fashion.
This functionality only applies to systems attempting to use DMA cheat devices, and players who are not using DMA-based cheat setups are not affected.
We’ll keep investing in anti-cheat to protect competitive integrity, and we’ll keep being as transparent as possible about how those systems work.
🏴☠️ I can finally share a VMware 0day I discovered that led to CVE-2026-41702 (LPE as root). Funny enough, I found the bug in my hotel room after the second day of attending Csaba Fitzl (@theevilbit) & Gergely Kalman (@gergely_kalman) training at Zer0con.
https://t.co/mG55Ksc4gE
Confirmed! Hyunwoo Kim (@v4bel) chained a use-after-free and uninitialized memory bug to escalate privileges on Red Hat Enterprise Linux for Workstations in the fourth round, earning $5,000 and 2 Master of Pwn points. #Pwn2Own#P2OBerlin
Confirmed! Siyeon Wi used an integer overflow bug to escalate privileges on Microsoft Windows 11 in the fourth round, earning $7,500 and 3 Master of Pwn points. #Pwn2Own#P2OBerlin
It's official! Ben Koo (@kiddo_pwn) of Team DDOS used a use-after-free bug to escalate privileges on Red Hat Enterprise Linux for Workstations in the second round, earning $10,000 and 1 Master of Pwn point. #Pwn2Own#P2OBerlin
Confirmed! Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points. Full win! #Pwn2Own#P2OBerlin