Holy shit, CVE-2024-4367
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF https://t.co/8iGYjkcE3Z#infosec

— H4x0r.DZ🇩🇿 (@h4x0r_dz) May 9, 2024

Man who kept his boat besides his house was ordered from the city to put up a fence to hide the boat from view. So he built the fence and hired someone to paint it. pic.twitter.com/wrkQh6RjXn

— Doug Aoki (@Nantanreikan) May 9, 2024

Possibly a first: Prosecutors have IDed the latest Jan. 6 suspect by looking at images on his wife's Poshmark account: https://t.co/Un8Pk8COHE pic.twitter.com/XbOBfsIFOH

— Kyle Cheney (@kyledcheney) May 10, 2024

I'm preparing a long blog post atm. This will take some time to be written and also depends on Microsoft providing a patch. It'll follow the same style as https://t.co/WCRYaKo56R so hopefully a good candidate for .NET code audits for beginners. Fingers crossed.

— frycos (@frycos) May 11, 2024

(Gaslighting my reader) as I have argued consistently throughout this essay,

— John Attridge (@John_Attridge) May 12, 2024

Player 2 has entered the ring.

A new Chinese pwn2own style competition is now public. The list of targets is interesting, lots of edge devices and even Kaspersky. https://t.co/FQJU1dZo9R

— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) May 12, 2024

So here’s me giving my book Philosophy of Cybersecurity to the renowned cybersecurity thought leader (and haxor) @thegrugq. Thank you for a professional exchange of views! pic.twitter.com/OxKg6x3AhZ

— Lukasz Olejnik (@lukOlejnik) May 12, 2024

Recently modified code and sanitizer instrumentation seem to be among the most effective heuristics for target selection in directed #fuzzing according to this recent SoK by Weissberg et al. LLMs show much promise for target selection, too.

📝 https://t.co/Lr7jjNDXKj pic.twitter.com/yw1T3jJIkq

— Marcel Böhme👨‍🔬 (@mboehme_) May 12, 2024