Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the _Graphics Device Interface (_ commonly known as `GDI`) in Windows. We promptly reported this issue to Microsoft and they fixed the vulnerability starting with _OS Build 26100.4202_ in the KB5058499 update preview released on May 28th 2025. […]

# yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) > Note from editor: Before we begin, a big welcome to McCaulay Hudson, the newest member of the watchTowr Labs team with his inaugural blog post! Welcome to the mayhem, McCaulay! Today is the 8th of November 1996, and we’re thrilled […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

# Quantum readiness: Hybridizing key exchanges Following our previous article on signatures hybridization, this article covers the basics of hybridizing your key exchanges to ensure maximal security of your data. Looking to improve your skills? Discover our **trainings** sessions! Learn more. More urgently than digital signature schemes, the way we […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

# Exploit Development: Unveiling Windows ARM64 Pointer Authentication (PAC) > This blog post is from the original post I made on the Prelude Security blog. The original can be found here. ## Introduction Pointer Authentication Code, or PAC, is an anti-exploit/memory-corruption feature that signs pointers so their use (as code […]

On March 31, 2025, Apple released iOS 18.4, reportedly fixing 76 vulnerabilities. One of those vulnerabilities was in IOGPUFamily, a kernel driver responsible for handling communication with the GPU. Apple describes the issue as an out-of-bounds write: > IOGPUFamily > > Impact: An app may be able to cause unexpected […]

**DARKNAVY**, headquartered in Singapore and Shanghai, is an independent cybersecurity research and services organization. We are pioneers in **AVSS** (Adversarial Vulnerability Scoring System) and **quantitative security**, as well as the founding team behind the international hacking competition GEEKCON. Founded upon the legacy of KeenTeam, established in 2011 and globally recognized […]