CVE-2026-34632 A privilege escalation vulnerability exists during the installation of Adobe Photoshop via the Microsoft Store. The vulnerable version of the installer is Photoshop_Set-Up.exe 2.11.0.30. A low-privilege user can replace files during the installation process, which may result in unintended elevation of privileges. The versions below were either tested or […]

# Hooking Windows Named Pipes During security assessments, we often see desktop applications composed of several processes. Some of them run as SYSTEM, and others run in the user session context, meaning they are unprivileged. These processes need to communicate in some way, and often use Windows Named Pipes as […]

The **Gentlemen** ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi‑OS lockers for Windows, Linux, […]

# Some notes on the security properties of the pipe_buffer kernel object Many exploits of Linux kernel vulnerabilities use the `pipe_buffer` kernel object to build strong exploit primitives. When I was experimenting with my personal project kernel-hack-drill, I discovered some interesting properties of `pipe_buffer`, which may not be described in […]

Redirecting to https://geekcon.top/whitepaper/Embodied-AI-Security-Humanoid-Robots-2604.pdf. Securing Embodied AI: A Technical White Paper on Humanoid RobotsRedirecting to https://geekcon.top/whitepaper/Embodied-AI-Security-Humanoid-Robots-2604.pdf.

# CFITSIO Fuzzing: Memory Corruptions and a Codex-Assisted Pipeline 20 Apr 2026 – Posted by Adrian Denkiewicz Have you ever wondered how those amazing space photos are taken? Are they exclusive to the big telescopes floating in space or can you take one from your backyard? What does it take […]

(c) WUNDERWUZZI 2018-2026 Disclaimer: Penetration testing requires authorization from proper stakeholders. Information on this blog is provided for research and educational purposes to advance understanding of attacks and countermeasures to help secure the Internet. | Privacy

(c) WUNDERWUZZI 2018-2026 Disclaimer: Penetration testing requires authorization from proper stakeholders. Information on this blog is provided for research and educational purposes to advance understanding of attacks and countermeasures to help secure the Internet. | Privacy

# Breaking Opus 4.7 with ChatGPT (Hacking Claude’s Memory) In this post, we explore how ChatGPT generated an adversarial image that hijacked my `Claude Opus 4.7` to invoke the memory tool and persist false memories for future chats. This matters because `Opus 4.6+` is genuinely a lot harder to attack […]

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation […]