The glibc cycle continues lol..
Unsafe -> implement safety features -> safety features slow -> circumvent safety features in order to get speed -> unsafe
https://t.co/G0g5ZLtVNj
Zyxel has published 2 CVEs for some vulns I found :D
CVE-2025-13943: Authenticated command injection in log export CGI
CVE-2025-13942: Unauthenticated command injection in UPnP daemon
I will blog about this in the coming months. Meanwhile, exploits here: https://t.co/CbVHekdN5q
I have finally achieved remote code execution!!! I ended up using the arbitrary read primitive and overwritting some function pointers.
Also, mediatek acknowledged the vuln, so I will be releasing a very cool blog about this when the vuln is disclosed :D
I'm excited to finally share Chronomaly, a kernel exploit for Android and Linux kernels 5.10.x using CVE-2025-38352.
As a reminder, please patch your Android devices if you haven't already!
I recommend getting some 🍿 before reading this post 👀
All links in the thread below:
Lucid is alive! it's fuzzing its first real target and found it's first 0day already, an 00B read. had to patch it to keep fuzzing. this + some modifications is going to be blog post 1 in a series about iterating on the fuzzer until it's vastly improved.