A great week with a diverse mix of content to please everyone!
🎶 Streaming Zero-Fi Shells to Your Smart Speaker
An engaging write-up on the work involved in the SOHO flavour of Pwn2Own: Streaming Zero-Fi Shells to Your Smart Speaker.
🎥 Netflix Vulnerability: Dependency Confusion in Action
Netflix wasn’t too chill with its dependencies: Dependency Confusion in Action.
📲 iOS Research Docker Environment
Everything you need to set up your iOS hacking environment: iOS Research Docker Environment.
< Escaping ‘<’ and ‘>’ in Attributes – How It Helps Protect Against Mutation XSS
A big change in the XSS world, with more details on the upcoming escaping of < and > in attributes: Escaping ‘<’ and ‘>’ in Attributes – How It Helps Protect Against Mutation XSS.
🛤️ Code Audit on Ruby on Rails for the Open Source Technology Improvement Fund
A security review of Ruby on Rails v8.0.1 performed by X41 (PDF): Rails Audit Final Report.
🪞 NTLM Reflection Is Dead, Long Live NTLM Reflection! – An In-Depth Analysis of CVE-2025-33073
An excellent deep-dive from the Synacktiv team on CVE-2025-33073: NTLM Reflection Is Dead, Long Live NTLM Reflection.
Related Blog Posts