Marcus Hutchins 

@[email protected]
80.6K Followers
92 Following
48 Posts
Cybersecurity
Websitehttps://marcushutchins.com
Security Bloghttps://malwaretech.com
Marcus Hutchins 1d ago

I think it’s hilarious that I now have my first CVE because I got annoyed with an unresponsive vendor and just posted the zero day exploit I was trying to report to them on my GitHub πŸ˜†

https://nvd.nist.gov/vuln/detail/CVE-2026-49494

NVD - CVE-2026-49494

Marcus Hutchins Jun 3

ComoDoS - Exploiting a Remote Kernel Zero-Day Vulnerability in Comodo Internet Security

How an IP parsing vulnerability makes it possible to remotely crash systems with a single TCP/IP packet

https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html

Marcus Hutchins Jun 3

It's been a while since I did a vulnerability research article. How about a little DoS zero-day as a treat?

https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html?1

ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security

Sometimes firewall stops attackers, sometimes attackers stop firewall. analyzing a zero-day vulnerability in Comodo Internet Security's Firewall driver.

Marcus Hutchins May 29

My thoughts on Microsoft's threat to prosecute researchers for dropping zero day exploits

https://www.youtube.com/watch?v=gCkfWo5rie8

Microsoft Wants To Throw Researcher In Jail

YouTube
Marcus Hutchins May 23
Slowly setting up my video/livestream studio again. The amount of tech required for even a half decent experience is crazy
Marcus Hutchins May 8
Will HarrisMay 7
Try out the early alpha of Process Isolation in Chrome 138. chrome://flags/#enable-process-isolation-ui then chrome://settings/system for the switch. Read known issues https://issues.chromium.org/issues?q=hotlistid:8036290%20status:open and report bugs! Especially interested in App-Compat bugs.
Chromium

Marcus Hutchins May 7
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
Marcus Hutchins May 5
I built an AI that autonomously finds zero day exploits https://www.youtube.com/watch?v=BLqRiL_GY3A
I Built an AI That Builds Zero Day Exploits

YouTube
Marcus Hutchins Apr 30
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
Marcus Hutchins Apr 22

I spent nearly 4 months investigating the inner workings of a North Korean state-sponsored hacking group. Here's what I found:

- The group used generative AI tools to aid in almost every part of their operations.

- They exfiltrated 26,584 cryptocurrency wallets from victim systems, with a combined value totaling as much $12 million dollars.

- In several cases, the threat actors set up entire front companies to lure in developers via fake job posting, then infected them with malware.

- The threat actors successfully pulled off a supply-chain attack by compromising a VS Code extension developer's system.

πŸ”— Full article: https://expel.com/blog/inside-lazarus-how-north-korea-uses-ai-to-industrialize-attacks-on-developers/