hungtt28 @hungtt28
Independent bug hunter Joined January 2015-
Tweets667
-
Followers1K
-
Following831
-
Likes2K
Pwning V8CTF with a 0day in Chrome thanks to Phi untagging. Read here: kqx.io/post/cve-2026-…
I’ve tried various agent pipelines, and here is one of them. It found five type-confusion bugs in V8 Wasm: three under non-default flags and two in DrumBrake/MS Edge. The repo includes all the bugs in detail, along with a README file that explains how the pipeline works, the prompts used, and many of the genomes it generated. Since the README is enough to let Claude vibe-code it, I won’t upload my messy and embarrassing code. Have fun :) github.com/qriousec/colon…
I originally prepared this bug for Pwn2Own Berlin. A few days before the contest, a CVE got assigned. So, here is my technical analysis and exploitation strategy for CVE-2026-40369: a 12-byte kernel increment, exploitable both as an LPE and SBX. voidsec.com/cve-2026-40369…
@M4x_1997 4/4: Last but not least CVE-2026-40369 - Windows Kernel Arbitrary Increment primitive reachable from any browser sandbox renderer process This one was rejected from Pwn2Own and closed anyway yesterday :( My exploit is here - blogpost will be soon: github.com/orinimron123/C…
What The Claude: Browser Edition, episode 2. This time: Bug 2024918. A phi node, SpiderMonkey's JIT pipeline, Wasm GC scalar replacement, escape analysis, and one wrong equality check. Let’s dive in. github.com/str8outtaheap/…
A carefully structured, tiered root cause analysis for CVE-2025-43529 (JSC UAF). Spent quite some time refining the structure to make the reasoning explicit and readable. Shoutout to @jir4vv1t for his detailed analysis and exploit. github.com/bjrjk/CVE-2025…
iOS 26.1 Safari StoreBarrierInsertionPhase missing Upsilon escape to uaf proof-of-concept github.com/jir4vv1t/CVE-2…
Had a lot of fun reversing Coruna over the last couple weeks and decided it would be worth to write it all up before I forget - so enjoy :) littlelailo.github.io/writeups/corun…
Our newest team member @streypaws just dropped his first blog post! He peered into CVE-2026-0899, from patch to arbitrary r/w primitives No, it is not April Fool's joke from us starlabs.sg/blog/2026/04-c…
Stop asking LLMs to “find vulns.” Start using them to understand code. @Sw4mp_f0x walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes. Check it out: ghst.ly/4rA3uJd
Reverse engineering Claude's CVE-2026-2796 exploit red.anthropic.com/2026/exploit/
syzkaller/syzbot now has AI agentic framework for kernel bug fix generation, bug assessment, security triage, POC generation, etc: groups.google.com/g/syzkaller/c/… Includes set of tools to build kernels, navigate/edit source, test reproducers, etc. Contributions/research are welcome.
Read the full article here: spidermonkey.dev/blog/2025/10/2…
[452605804][reward: $20000] V8 Sandbox Bypass: Wasm streaming compilation cache confusion via "double streaming" crbug.com/452605804
[454485895][reward: $50000] Incorrect Optimization of ArrayConstructor by Maglev Leads to Creation of Malformed JSArray Objects crbug.com/454485895
I'm Boris and I created Claude Code. I wanted to quickly share a few tips for using Claude Code, sourced directly from the Claude Code team. The way the team uses Claude is different than how I use it. Remember: there is no one right way to use Claude Code -- everyones' setup is different. You should experiment to see what works for you!
[450328966] V8: Type Confusion in LoadSuperIC crbug.com/450328966
[451355210][reward: $20000] V8 Sandbox Bypass: AAW/PC control via OOB builtin in SharedFunctionInfo crbug.com/451355210
.@trailofbits released our first batch of Claude Skills. Official announcement coming later. github.com/trailofbits/sk…
Pham Khanh @rskvp93
2K Followers 373 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019, 2020, 2021.
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 30 y/o Bug Bounty Hunter and Red Team Lead at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Bien 🇻🇳 @bienpnn
5K Followers 613 Following A weeb that loves crashing software | @qriousec & @seasecresponse & @ProjectSEKAIctf | アイマス最高 | @rinka_linca 推し
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
Andy Nguyen @theflow0
69K Followers 445 Following The opinions stated here are my own, not those of my company.
huyna @huyna89
742 Followers 945 Following
Nguyen The Duc @ducnt_
3K Followers 392 Following Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @Verichains ۞ Pwn2Own 2023 ۞@vnsec squad ۞ 💰https://t.co/wuyz6IfAbA ۞ nano 💻
h0mbre @h0mbre_
16K Followers 661 Following # Exploit Reliability Engineer # Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD # Avi: https://t.co/3fsQfVprCf
codecolorist@infosec.... @CodeColorist
6K Followers 1K Following
LamScun @LamScun
2K Followers 822 Following Researcher of mobile and web security issues. It's safer in the forest than on the internet.
Ngoc Trần @NgocTrn88192890
8 Followers 508 Following
h4x0rg33k @h4x0rg33k
63 Followers 663 Following
Ongia Noel @NoelOngia8195
0 Followers 100 Following
Kha Nguyễn @Kha29112003
0 Followers 7 Following
MR_Dave @The_mrDave
3 Followers 243 Following
dang @dang43971723
0 Followers 59 Following
msim @_msimonelli
36 Followers 130 Following
Giuseppe Calì @_gcali
326 Followers 164 Following I like to take apart stuff to understand how it works. When I'm lucky, it even turns on afterwards. Pwn2Own Tokyo '26
NotThing @Merisnotreal
11 Followers 581 Following
suta @suta1579303
0 Followers 29 Following
kaijieguigui @kaijieguigui
985 Followers 160 Following Former Vulnerability Research / Exploit Dev TyphoonPWN🌪️ / TianfuCup🐼 / Pwn2Own💎 💻MSRC MVR Top 100 / Chrome VRP Top 50
🐼 @0x5368696e
7 Followers 177 Following Malware development, Redteamer, Offensive Security Consultant
Huong Nguyen @__hgngn
1 Followers 42 Following
null sec @bynullsec
0 Followers 66 Following
逼逼社 @bibishe225334
10 Followers 376 Following
Abdennour AB @AbdennourTrad
5 Followers 194 Following
Hao Tran (noah) @TranLyNhatHao
19 Followers 663 Following Working on blockchain security & program analysis Security Researcher at @cyberjutsu_io
Trusted Token @TrustedToken
164 Followers 7K Following
norwloading @silentlwalker
3 Followers 212 Following
0xaeced @dec_eax
1K Followers 637 Following
pt200 @_pt200
283 Followers 138 Following Cyber Security Engineer - Bug Bounty Hunter - Flysec Co-Founder (https://t.co/UwFfLMDys7)
chu hong @hong_chu84544
0 Followers 43 Following
Emerjux @emerjux
7 Followers 244 Following Engineer running grid bots, light clients & AI agents on the same machine. Web3 × MiCA × systems. No hype, just infrastructure.
john doesh @doesh_john65688
8 Followers 773 Following
Janlele91 🇻🇳 @janlele91
1K Followers 493 Following Full-time Penetration Tester | Bug Bounty Hunter https://t.co/lBJ46w8kxv | https://t.co/VTy6puacun
AISecHub @AISecHub
9K Followers 7K Following 🚀 AISecHub | AI & Cybersecurity | Securing AI systems, and sharing insights on emerging challenges | https://t.co/YeYtqq5tJC
Xa la @Xalahehe
6 Followers 474 Following
Cygnus Talent @CygnusTalent
0 Followers 33 Following
Shreyas Penkar @streypaws
697 Followers 465 Following Vulnerability Researcher | Android & Chrome | Work @starlabs_sg
Bernhard Mueller @muellerberndt
26K Followers 2K Following Information Theory Researcher at Pragma Research https://t.co/JFv5NMNrG6
Samantha Lockman @LockmanSam66194
115 Followers 5K Following
tcpuim @threshmin
0 Followers 65 Following
TrendAI Zero Day Init... @thezdi
89K Followers 16 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
starlabs @starlabs_sg
10K Followers 18 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Pham Khanh @rskvp93
2K Followers 373 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019, 2020, 2021.
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 30 y/o Bug Bounty Hunter and Red Team Lead at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Haifei Li @HaifeiLi
9K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
0xor0ne @0xor0ne
91K Followers 508 Following Cybersecurity | Reverse Engineering | Vulnerability Research | Embedded & Silicon Security | My Tweets, My Opinions :)
Bien 🇻🇳 @bienpnn
5K Followers 613 Following A weeb that loves crashing software | @qriousec & @seasecresponse & @ProjectSEKAIctf | アイマス最高 | @rinka_linca 推し
Project Zero Bugs @ProjectZeroBugs
37K Followers 0 Following A bot that posts the latest blog posts and disclosures from Google's Project Zero
Samuel Groß @5aelo
25K Followers 524 Following Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
ϻг_ϻε @steventseeley
23K Followers 557 Following Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. An adept in the making.
Andy Nguyen @theflow0
69K Followers 445 Following The opinions stated here are my own, not those of my company.
ohjin @pwn_expoit
4K Followers 453 Following I'm still hungry. I will be world-class, @[email protected]
Alex Plaskett @alexjplaskett
14K Followers 585 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
huyna @huyna89
742 Followers 945 Following
Ivan Fratric 💙💛 @ifsecure
19K Followers 209 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Yarden Shafir @yarden_shafir
25K Followers 318 Following A circus artist with a visual studio license
Mathias Bynens @mathias
65K Followers 1K Following ♥ JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n.
itewqq @lyq_sqsp
2K Followers 686 Following Security researcher @DarknavyOrg. CTF player @0ops_ctf. Somehow got a PhD on hardware stuff @SJTU1896. Opinions/Shitposts are my own.
canyie 残页 @canyie2977
1K Followers 204 Following 脑袋里只装了棉花糖的凄惨残页 Android 开发&安全研究 20岁大二学生前中职 所有使用或曾经使用过 blockchain 的人会被屏蔽 https://t.co/JXDB06hG9M https://t.co/8r7kqyERQV https://t.co/Js3e2AU7S4
Chaitanya @ant4g0nist
2K Followers 278 Following Building building || Vulnerability Research || fuzzing artist || 🦀
msim @_msimonelli
36 Followers 130 Following
the tiny corp @__tinygrad__
75K Followers 189 Following We make tinygrad; sell tinybox for the GPU middle class. Our mission is to commoditize the petaflop.
Aobo Wang @M4x_1997
405 Followers 815 Following
Giuseppe Calì @_gcali
326 Followers 164 Following I like to take apart stuff to understand how it works. When I'm lucky, it even turns on afterwards. Pwn2Own Tokyo '26
s1r1us (mohan) @S1r1u5_
14K Followers 2K Following aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}
Qualys @qualys
34K Followers 4K Following The leading provider of disruptive cloud-based security, compliance and IT solutions.
Out of Bounds @oobs_io
312 Followers 1 Following
YingMuo @YingMuo
247 Followers 206 Following Rookie Security Researcher. Focus on IoT and learning macOS Security.
riptide @0xriptide
10K Followers 3K Following CEO & co-founder @therealgregoai | host of @bountyhunt3rz podcast | top ranked whitehat on @immunefi https://t.co/vWgt74lyXu
Awesome Google VRP Wr... @gvrp_writeups
3K Followers 0 Following Automatically tweeting new writeups from the GitHub repository "awesome-google-vrp-writeups".
littlelailo @littlelailo
7K Followers 217 Following interested in RE and pwning stuff | hacking *OS atm
Attack and Defense @attackndefense
1K Followers 8 Following @[email protected] - Mozilla's Security Internals for Security Engineers, Security Researchers, and Bug Bounty Hunters.
impostor @impost0r_
2K Followers 423 Following prompt engineer for binaries | reverse engineer, exploit developer, equally bad at both | https://t.co/FJ88dlQw7W | mastodon: @[email protected] former s.c
Yuu @anzuukino2802
490 Followers 256 Following Intern @Verichains | CTF player (Web) for @Infobahn_ctf / AFK
RyotaK @ryotkak
11K Followers 660 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
ggwhyp @ggwhyp
857 Followers 145 Following
Xchg Labs @xchglabs
962 Followers 32 Following Vulnerability research and reverse engineering lab tackling the hardest problems in government and commercial security.
metnew @v_metnew
3K Followers 385 Following
kaijieguigui @kaijieguigui
985 Followers 160 Following Former Vulnerability Research / Exploit Dev TyphoonPWN🌪️ / TianfuCup🐼 / Pwn2Own💎 💻MSRC MVR Top 100 / Chrome VRP Top 50
NiNi @terrynini38514
3K Followers 643 Following Security Researcher at @d3vc0r3 / Pwn2Own Master of Pwn (Toronto 2022) / CTFer @balsnctf
🐼 @0x5368696e
7 Followers 177 Following Malware development, Redteamer, Offensive Security Consultant
pr0cf5 @pr0cf51
2K Followers 840 Following Generating AI slop @QED_Audit ex. @TeamAtlanta24, @osec_io, @georgiatech
Luan Herrera @lbherrera_
3K Followers 439 Following
guyru @guyru_
2K Followers 554 Following Vulnerability research, cryptography, FOSS, finance and random stuff. Leading @cellebrite's iOS research.
stratan @5tratan
547 Followers 959 Following Product @TashitaSoftSec. Security research on the side.
Javi T. @javi_teje
99 Followers 115 Following Vulnerability Researcher and Founder of @TashitaSoftSec
PwnFuzz @pwnfuzz
237 Followers 1 Following Advanced exploitation techniques, reverse engineering insights, and cutting-edge security research. From zero-day discovery to sophisticated exploit development
tincho 🪷 @tinchoabbate
13K Followers 146 Following ethereum security @theredguild - creator of https://t.co/yxPFXuP6gt
theredguild @theredguild
4K Followers 0 Following A guild of security researchers, educators and advocates working for the public benefit of the Ethereum ecosystem.
ele7enxxh @ele7enxxh
943 Followers 48 Following Google Bughunter 2022 #1, Qualcomm Hackerone 2022 #1, Android Chip Security Reward Hackerone 2022 #1, Android/IoT/Vehicles security researcher
Nebula Security @nebusecurity
3K Followers 3 Following AI research and tooling that finds vulnerabilities before attackers do
Zellic @zellic_io
18K Followers 18 Following Security reviews and research that keep winners winning. We apply unmatched hacking talent to secure critical software for the most innovative teams.
Chaofan Shou @Fried_rice
69K Followers 2K Following
Trends for United States
You might like
