#exploit
#Fuzzing
#AppSec
A Fuzzy Escape - A tale of vulnerability research on hypervisors (CVE-2025-30712)
https://bughunters.google.com/blog/5800341475819520/a-fuzzy-escape-a-tale-of-vulnerability-research-on-hypervisors
// The research uncovered critical VM escape vulnerabilities in QEMU and VirtualBox through static analysis and fuzzing, including a buffer overflow and an integer overflow enabling arbitrary code execution
⭐️ @Zerosec_team
#Fuzzing
#AppSec
A Fuzzy Escape - A tale of vulnerability research on hypervisors (CVE-2025-30712)
https://bughunters.google.com/blog/5800341475819520/a-fuzzy-escape-a-tale-of-vulnerability-research-on-hypervisors
// The research uncovered critical VM escape vulnerabilities in QEMU and VirtualBox through static analysis and fuzzing, including a buffer overflow and an integer overflow enabling arbitrary code execution
⭐️ @Zerosec_team
Google
Blog: A Fuzzy Escape - A tale of vulnerability research on hypervisors
This blog post describes the journey of discovering a VM escape bug with the goal of demystifying the security research process and demonstrating how persistence and pivoting can lead to achieving successful exploitation.
❤2🔥2
In_Browser_LLM_Guided_Fuzzing.pdf
3.7 MB
"In-Browser LLM-Guided Fuzzing for Real-Time Prompt Injection Testing in Agentic AI Browsers", 2025.
]-> Complete fuzzing platform
// LLM based agents integrated into web browsers offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks. We present a novel fuzzing framework that runs entirely in the browser and is guided by an LLM to automatically discover such prompt injection vulnerabilities in real time. We demonstrate that our in-browser LLM-guided fuzzer can effectively uncover prompt injection weaknesses in autonomous browsing agents while maintaining zero false positives in detection
#AIOps
#Fuzzing
#WebApp_Security
⭐️ @Zerosec_team
]-> Complete fuzzing platform
// LLM based agents integrated into web browsers offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks. We present a novel fuzzing framework that runs entirely in the browser and is guided by an LLM to automatically discover such prompt injection vulnerabilities in real time. We demonstrate that our in-browser LLM-guided fuzzer can effectively uncover prompt injection weaknesses in autonomous browsing agents while maintaining zero false positives in detection
#AIOps
#Fuzzing
#WebApp_Security
⭐️ @Zerosec_team
❤2👍2
AI_for_AppSec_and_OffSec.pdf
7.5 MB
#AIOps
#Fuzzing
#Offensive_security
"AI for AppSec and Offensive Security: From Automation to Autonomy", BSides Berlin, 2025.
]-> AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
⭐️ @RadvanSec
#Fuzzing
#Offensive_security
"AI for AppSec and Offensive Security: From Automation to Autonomy", BSides Berlin, 2025.
]-> AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
⭐️ @RadvanSec
👍6❤2