• Thalium

    Company: Thalium Website: https://blog.thalium.re/ Overview Thalium is a cybersecurity research team that is part of the Thales group. Based in Rennes, France, the team focuses on threat intelligence, vulnerability research, and red team tool development, and publishes technical security research on its blog. Products & Services As presented on its site, Thalium’s public work centres…

  • Rooting Xiaomi WiFi Routers

    Author: Julien R. (SoEasY) and Marin Duroyon Published: September 25, 2023 Source: https://blog.thalium.re/posts/rooting-xiaomi-wifi-routers/ Summary Researchers at Thalium documented a chain of remote code execution vulnerabilities affecting Xiaomi Wi-Fi routers built on a shared, OpenWrt-derived codebase, with the MI AIoT Router AC2350 as their primary target. The work spans three attack surfaces — LAN post-authentication, LAN…

  • Enable SSH on XiaoMI Router(AX3000T) new Version R1.0.97

    Author: yuspring Published: Gist last active May 6, 2026 Source: https://gist.github.com/yuspring/37aa22bb18cb9c2a773252fb19f6b794 Summary This GitHub Gist documents a technique for enabling root SSH access on the Xiaomi AX3000T Wi-Fi router running stock firmware version R1.0.97 (and later builds after 1.0.90). Earlier community methods relied on the xqsystem/start_binding flaw, which Xiaomi patched; the author shows that the…

  • Breaking Out of Restricted Mode: XSS to RCE in Visual Studio Code

    Author: Devesh Logendran (STAR Labs SG) Published: May 14, 2025 Source: https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/ Summary STAR Labs detailed a cross-site scripting flaw in Visual Studio Code’s Jupyter notebook error rendering that can be chained into full remote code execution. A crafted .ipynb file triggers unsanitized HTML in the “minimal error” renderer, executing JavaScript inside a VS Code…

  • Visual Studio Code: Remote Code Execution (CVE-2022-41034)

    Author: Zemnmez (@Zemnmez), Google Security Research Published: December 1, 2022 Source: https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m Summary Google Security Research disclosed a critical remote code execution vulnerability (CVE-2022-41034) in Microsoft Visual Studio Code. By luring a victim into clicking a crafted link, an attacker could cause VS Code to open a remote Jupyter Notebook in a trusted context, abuse…

  • Securing Developer Tools: Git Integrations

    Author: Thomas Chauchefoin (Vulnerability Researcher, Sonar) Published: March 15, 2022 Source: https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/ Summary Sonar’s research team showed how a malicious Git repository can achieve arbitrary code execution simply by being opened in a developer tool or navigated to in a terminal. The trick abuses Git’s per-repository .git/config and its core.fsmonitor directive, which Git runs as…

  • Securing Developer Tools: Argument Injection in Visual Studio Code

    Author: Thomas Chauchefoin (Vulnerability Researcher, Sonar) Published: August 23, 2022 Source: https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/ Summary Sonar’s research team disclosed an argument injection vulnerability (CVE-2022-30129) in Visual Studio Code’s built-in Git integration. By luring a developer into clicking a crafted vscode:// URI, an attacker could smuggle dash-prefixed options into the underlying git command line and achieve arbitrary command…

  • VSCode Remote Code Execution advisory

    Author: Ammar Askar Published: May 30, 2023 Source: http://blog.ammaraskar.com/vscode-rce/ Summary Security researcher Ammar Askar disclosed a remote code execution vulnerability in Visual Studio Code that could be triggered simply by opening an untrusted folder. The flaw stemmed from an undocumented core setting, _workbench.experimentsUrl, which was never registered as a “restricted” configuration. Because of this oversight,…

  • 1-Click GitHub Token Stealing via a VSCode Bug

    Author: Ammar Askar Published: June 2, 2026 Source: https://blog.ammaraskar.com/github-token-stealing/ Summary A security researcher discovered a critical vulnerability in VSCode’s webview security model that allows an attacker to steal a victim’s GitHub authentication token — which carries full access to all of their repositories — through a single malicious link. The attack targets github.dev, GitHub’s browser-based…

  • Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet’s V8 on the Galaxy S25

    Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet’s V8 on the Galaxy S25 Author: Hrvoje Mišetić, Jamie Hill-Daniel, William Liu (Otter Audits LLC / Crusaders of Rust Security Research Group) Published: April 1, 2026 Source: https://osec.io/blog/2026-04-01-patch-gap-to-mobile-renderer-rce/ Summary Researchers from Otter Audits LLC and the Crusaders of Rust Security Research Group demonstrated a full renderer…