Latest Insights

The June 2026 Security Update Review

June 09, 2026
Dustin Childs

Read Full Article
Testing for Truthiness: Exploiting Improper Checks
March 09, 2018

Testing for Truthiness: Exploiting Improper Checks

VMware Exploitation through Uninitialized Buffers
March 01, 2018

VMware Exploitation through Uninitialized Buffers

Pushing WebKit's Buttons with a Mobile Pwn2Own Exploit
February 12, 2018

Pushing WebKit's Buttons with a Mobile Pwn2Own Exploit

One man's patch is another man's treasure: A tale of a failed HPE patch
February 06, 2018

One man's patch is another man's treasure: A tale of a failed HPE patch

Automating VMware RPC Request Sniffing
January 19, 2018

Automating VMware RPC Request Sniffing

The ZDI 2017 Retrospective
January 04, 2018

The ZDI 2017 Retrospective

A Matching Pair of Use-After-Free Bugs in Chakra asm.js
December 22, 2017

A Matching Pair of Use-After-Free Bugs in Chakra asm.js

VMware’s Launch escape SYSTEM
December 21, 2017

VMware’s Launch escape SYSTEM

Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting
December 20, 2017

Invariantly Exploitable Input: An Apple Safari Bug Worth Revisiting

Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch
December 19, 2017

Apache Groovy Deserialization: A Cunning Exploit Chain to Bypass a Patch