Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Good e-Reader

Amazon Kindle Scribe users can write on sideloaded PDF

Amazon released the 5.19.2 update a couple of weeks ago, and one feature that flew under the radar concerned PDF files. In the past, the only way to annotate and edit PDF files was to use Send to ...