@thezdi To be clear the vuln does exist in the client-side code. During the disclosure process Telegram described that all stickers are validated server-side therefore exploitability is significantly narrower than my initial scoring reflected.
Low-Level Software Security for Compiler Developers
If you ever wanted a textbook-style guide to memory safety bugs, undefined behavior, exploit mitigations, side channels, etc.
All in one spot, this free book is it:
https://t.co/XfY21Uzen1
“Each of the newly disclosed Citrix NetScaler flaws has the potential to lead to service disruption and compromise of the host system.” — Jimi Sebree, @Horizon3Attack Researcher
Yesterday, Citrix disclosed three new vulnerabilities in NetScaler ADC and Gateway, including CVE-2025-7775, a zero-day already under active exploitation. While these affect similar components as #CitrixBleed, Jimi emphasizes they are not related — but they are just as serious. More details in @DarkReading: https://t.co/SImEK9tiVA
🚨 There's now a Rapid Response test in #NodeZero for CVE-2025-7776, discovered by Jimi. Confirm you're not exploitable at https://t.co/ap5w3LO5sh
#OffensiveSecurity #cybersecurity #infosec
We don’t talk about it much, but @Horseman and I also tackle some hard problems on the software eng side too. We’ve built the post-exploitation and implant orchestration framework the last few years here.
Take a look at some of that work James wrote up: https://t.co/ha3csgb0Nm
Our latest blog looks at CVE-2025-20188, an arbitrary file upload in #Cisco IOS XE Wireless Controllers due to a hardcoded credential.
https://t.co/XTG5PmnoVh
2023 MVR Swag drop just landed!
Congratulations to all of the other talented researchers that made the list. Shoutout @msftsecresponse for recognizing these efforts and sending out this gear 🔥
CVE-2023-38600: @hosselot tells the story of an innocent #Apple#Safari copyWithin gone (way) outside. Read all of the details of this now-patched integer underflow remote code execution bug at https://t.co/KPlZqsOLU2
Part 2 of the blog describing the #Firefox bug used by @_manfp at #Pwn2Own Vancouver is live. @hosselot continues looking at the code execution bug with sandbox escape that won $100K at the event. Read the details (and watch the video demo) at https://t.co/9m2tw7PmiR
In our latest #MindShaRE blog, @izobashi describes how he uses the #IONinja tool from @tibbo for reverse engineering and software analysis. Read the details at https://t.co/3O82CTFUHV