/ **security-research** Public # ChatGPT Agent – XSS on file://home/oai/redirect.html ## Package ChatGPT Agent (OpenAI) ## Affected versions SaaS ## Patched versions None ## Description ### Summary ChatGPT’s Agent mode can use a browser inside a remote VM (just like Operator). `file:///home/oai/redirect.html` is a file available in the remote VM […]

# Windows Internals: Secure Calls – The Bridge Between NT and SK ## Introduction As many are aware, without the presence of Hyper-V on modern Windows systems – kernel-mode is the “highest privilege boundary” in terms of the OS. Because the kernel is responsible for privileged operations (like memory-management) a […]

Researcher **Published:** 03 September 2025 at 14:46 UTC **Updated:** 03 September 2025 at 14:46 UTC Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and server logic. For a visual […]

# ksmbd – Fuzzing Improvements and Vulnerability Discovery (2/3) 02 Sep 2025 – Posted by Norbert Szetei ## Introduction This is a follow-up to the article originally published here. Our initial research uncovered several unauthenticated bugs, but we had only touched the attack surface lightly. Even after patching the code […]

# ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System Taesoo Kim, HyungSeok Han, Soyeon Park, Dae R. Jeong, Dohyeok Kim, Dongkwan Kim, Eunsoo Kim, Jiho Kim, Joshua Wang, Kangsu Kim, Sangwoo Ji, Woosun Song, Hanqing Zhao, Andrew Chin, Gyejin Lee, Kevin Stevens, Mansour Alharthi, Yizhuo Zhai, Cen Zhang, Joonun […]