DARKNAVY's banner

DARKNAVY

@DarkNavyOrg • 4,901 subscribers

Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.

Shorts

Hi TrendAI Zero Day Initiative OpenAI, asking for the rules of Pwn2Own26 Coding Agent directory, particularly the "interact with ... repository" If a user opens someone else's git repo using CodeX App with default permissions and is immediately RCE’d, does this fall within the threat model? :)

Hi TrendAI Zero Day Initiative OpenAI, asking for the rules of Pwn2Own26 Coding Agent directory, particularly the "interact with ... repository" If a user opens someone else's git repo using CodeX App with default permissions and is immediately RCE’d, does this fall within the threat model? :)

87,465 views

Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details:

Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details:

13,143 views

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

278,618 views • 8 months ago

We obtained root privilege on the S26 (Exynos 2600 Chipset), the latest flagship smartphone from Samsung. To our knowledge, this is the first root exploit for Exynos S26 since Samsung removed bootloader unlocking option in One UI 8. It is exploitable from APP context, so we make a cmd wrapper app for demo👇(1/n)

We obtained root privilege on the S26 (Exynos 2600 Chipset), the latest flagship smartphone from Samsung. To our knowledge, this is the first root exploit for Exynos S26 since Samsung removed bootloader unlocking option in One UI 8. It is exploitable from APP context, so we make a cmd wrapper app for demo👇(1/n)

31,621 views • 24 days ago

We implemented an exploit for RediShell (CVE-2025-49844). While doing so, we discovered that the publicly available PoC incorrectly uses loadstring to trigger the Redis UAF. Kudos to Wiz for the interesting findings!

We implemented an exploit for RediShell (CVE-2025-49844). While doing so, we discovered that the publicly available PoC incorrectly uses loadstring to trigger the Redis UAF. Kudos to Wiz for the interesting findings!

41,402 views • 7 months ago

While reproducing the iOS ITW CVE-2025-43300 ( we accidentally triggered another old DNG image parsing vulnerability. The analysis is still ongoing.

While reproducing the iOS ITW CVE-2025-43300 ( we accidentally triggered another old DNG image parsing vulnerability. The analysis is still ongoing.

23,619 views • 9 months ago

Remember we pwning the #Cypherock X1 Vault earilier this year? Time to share some new findings and the story behind how and why we crafted a brand new "NO BOUNTY" wallet 🧵

11,984 views • 8 months ago

No more content to load