Windows Exploitation Techniques: Winning Race Conditions with Path Lookups
This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately
Read More
Security
03
Thinking Outside The Box [dusted off draft from 2017]
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended
Read More
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much.
Read More
Cybereason Nails 2025 MITRE ATT&CK® Enterprise Evaluation
Flawless detection and protection against the industry’s most rigorous adversary emulation, proving Cybereason’s real-world effectiveness BlogRead More
Read More
CVE-2025-46294 | Claris FileMaker Server up to 22.0.3 IIS Short Filename Enumeration information disclosure
A vulnerability classified as problematic was found in Claris FileMaker Server up to 22.0.3. Affected is an unknown function of
Read More
CVE-2025-68146 | tox-dev filelock up to 3.20.0 on Python UnixFileLock/WindowsFileLock os.open toctou (GHSA-w853-jp5j-5j7f)
A vulnerability, which was classified as problematic, has been found in tox-dev filelock up to 3.20.0 on Python. Affected by
Read More
CVE-2025-68142 | facelessuser pymdown-extensions up to 10.16.0 pymdownx.blocks.caption redos (GHSA-r6h4-mm7h-8pmq)
A vulnerability, which was classified as problematic, was found in facelessuser pymdown-extensions up to 10.16.0. Affected by this issue is
Read More
CVE-2025-46295 | Claris FileMaker Server up to 22.0.3 Apache Commons Text code injection
A vulnerability has been found in Claris FileMaker Server up to 22.0.3 and classified as critical. This affects an unknown
Read More
CVE-2023-53902 | WebsiteBaker 2.13.3 GET /admin/media/delete.php path path traversal (Exploit 51554 / EDB-51554)
A vulnerability was found in WebsiteBaker 2.13.3 and classified as critical. This vulnerability affects unknown code of the file /admin/media/delete.php
Read More
CVE-2023-53894 | Dulldusk phpfm 1.7.9 weak authentication (Exploit 51594 / EDB-51594)
A vulnerability was found in Dulldusk phpfm 1.7.9. It has been classified as critical. This issue affects some unknown processing.
Read More