Exploit Logos

Unlike other Linux LPEs, Copy Fail is a straight-line logic flaw — it needs neither a race window or a kernel-specific offset. The same 732-byte Python script roots every Linux distribution shipped since 2017.

A full iOS exploit chain and payload for iPhones running iOS versions between iOS 18.4 and 18.6.2. Exploit chains such as the one used in DarkSword enable threat actors to gain full access to a user’s device with little to no action needed from the user.

Pixnapping is a new class of attacks that allows a malicious Android app to stealthily leak information displayed by other Android apps or arbitrary websites.

An indirect prompt injection in a Google invitation is all you need to exploit Gemini for Workspace's agentic architecture.

A speculative execution attack that results from recent Apple CPUs predicting the outcome of data dependencies.

A new speculative execution attack that arises from optimizing data dependencies, as opposed to control flow dependencies.

Our work unearths a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the biggest secure element manufacturers. This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion.

The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration.

On may 16, 2024, the rabbitude team gained access to the rabbit codebase and found several critical hardcoded api keys in its code.

Kobold letters is a technique to include elements in a HTML email that appear or disappear depending on the context in which the email is viewed.

GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

SGAxe is an evolution of CacheOut, specifically targeting SGX enclaves. We show that despite extensive efforts done by Intel in order to mitigate SGX side channels, an attacker can still breach the confidentiality of SGX enclaves even when all side channel countermeasures are enabled.

By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

A family of implementation-level 5G vulnerabilities. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.

Inject My PDF allows you to inject invisible text into your PDF that will make any AI language model think you are the perfect candidate for the job.

A transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones.

GPU.zip is a new type of side channel that exposes visual data processed on the graphics processing unit (GPU). This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression.