Another vulnerability in iOS 26.5 with a clear and reproducible crash, registers control, primitive and PoC confirmed, and possibly a working exploit... who knows... ;)
Alexandre Borges
@alexandreborges
- 60 Followers
- 7 Following
- 242 Posts
Vulnerability Researcher | Exploit Developer
Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox:
#vulnerability #exploitation #exploit #virtualbox #cybersecurity #infosec #informationsecurity
Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox - Exodus Intelligence
By Luca Ginex Overview This blog post discusses a use-after-free vulnerability that we found in VirtualBox in 2025. This vulnerability was patched on Oracle Critical Patch Update – January 2026. The vulnerability was also presented, along with others, at OffensiveCon 2026. This post describes the exploitation process for the vulnerability on a Linux system. First, a ... Read more Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox
Malwoverview 8.0.2 has been released:
https://github.com/alexandreborges/malwoverview
To install it:
python -m pip install -U malwoverview[all]
#malware #threathunting #informationsecurity #infosec #vulnerability #cve #dfir
Bypassing SSL Pinning on Play Store AVDs without Frida
https://www.mfumis.com/posts/bypassing-ssl-pinning-on-play-store-avds-without-frida/
#cybersecurity #informationsecurity #frida #mobiledevice #infosec #mobilesecurity #mobile
Authenticated RCE via Argument Injection in Gogs (NOT FIXED):
https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
#cybersecurity #vulnerability #rce #informationsecurity #exploitation
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge:
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
Red Team Tactics: Utilizing Syscalls in C# - Writing The Code:
https://jhalon.github.io/utilizing-syscalls-in-csharp-2/
#cybersecurity #programming #csharp #informationsecurity #redteam
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
Over the past year, the security community - specifically Red Team Operators and Blue Team Defenders - have seen a massive rise in both public and private utilization of System Calls in windows malware for post-exploitation activities, as well as for the bypassing of EDR or Endpoint Detection and Response.
Striga: Lifting x86 to LLVM IR with Python:
https://secret.club/2026/05/21/striga.html
#python #reversing #llvm #informationsecurity #infosec #cybersecurity
GHSL-2026-140: Heap Buffer Write Overflow in 7-Zip (CVE-2026-48095):
https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/
#vulnerability #cybersecurity #informationsecurity #exploitation #cve
Arbitrary Kernel Address Increment via NtQuerySystemInformation:
#vulnerability #informationsecurity #exploitation #cybersecurity #exploit #windows
CVE-2026-28910: Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps Using Archive Utility:
https://mysk.blog/2026/05/19/cve-2026-28910/
#macOS #exploitation #infosec #informationsecurity #vulnerability #cve #exploit
