Author: Julien R. (SoEasY) and Marin Duroyon Published: September 25, 2023 Source: https://blog.thalium.re/posts/rooting-xiaomi-wifi-routers/ Summary Researchers at Thalium documented a chain of remote code execution vulnerabilities affecting Xiaomi Wi-Fi routers built on a shared, OpenWrt-derived codebase, with the MI AIoT Router AC2350 as their primary target. The work spans three attack surfaces — LAN post-authentication, LAN … Read more
Author: yuspring Published: Gist last active May 6, 2026 Source: https://gist.github.com/yuspring/37aa22bb18cb9c2a773252fb19f6b794 Summary This GitHub Gist documents a technique for enabling root SSH access on the Xiaomi AX3000T Wi-Fi router running stock firmware version R1.0.97 (and later builds after 1.0.90). Earlier community methods relied on the xqsystem/start_binding flaw, which Xiaomi patched; the author shows that the … Read more
Author: Devesh Logendran (STAR Labs SG) Published: May 14, 2025 Source: https://starlabs.sg/blog/2025/05-breaking-out-of-restricted-mode-xss-to-rce-in-visual-studio-code/ Summary STAR Labs detailed a cross-site scripting flaw in Visual Studio Code’s Jupyter notebook error rendering that can be chained into full remote code execution. A crafted .ipynb file triggers unsanitized HTML in the “minimal error” renderer, executing JavaScript inside a VS Code … Read more
Author: Zemnmez (@Zemnmez), Google Security Research Published: December 1, 2022 Source: https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m Summary Google Security Research disclosed a critical remote code execution vulnerability (CVE-2022-41034) in Microsoft Visual Studio Code. By luring a victim into clicking a crafted link, an attacker could cause VS Code to open a remote Jupyter Notebook in a trusted context, abuse … Read more
Author: Thomas Chauchefoin (Vulnerability Researcher, Sonar) Published: March 15, 2022 Source: https://www.sonarsource.com/blog/securing-developer-tools-git-integrations/ Summary Sonar’s research team showed how a malicious Git repository can achieve arbitrary code execution simply by being opened in a developer tool or navigated to in a terminal. The trick abuses Git’s per-repository .git/config and its core.fsmonitor directive, which Git runs as … Read more
Author: Thomas Chauchefoin (Vulnerability Researcher, Sonar) Published: August 23, 2022 Source: https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/ Summary Sonar’s research team disclosed an argument injection vulnerability (CVE-2022-30129) in Visual Studio Code’s built-in Git integration. By luring a developer into clicking a crafted vscode:// URI, an attacker could smuggle dash-prefixed options into the underlying git command line and achieve arbitrary command … Read more
Author: Ammar Askar Published: May 30, 2023 Source: http://blog.ammaraskar.com/vscode-rce/ Summary Security researcher Ammar Askar disclosed a remote code execution vulnerability in Visual Studio Code that could be triggered simply by opening an untrusted folder. The flaw stemmed from an undocumented core setting, _workbench.experimentsUrl, which was never registered as a “restricted” configuration. Because of this oversight, … Read more
Author: Ammar Askar Published: June 2, 2026 Source: https://blog.ammaraskar.com/github-token-stealing/ Summary A security researcher discovered a critical vulnerability in VSCode’s webview security model that allows an attacker to steal a victim’s GitHub authentication token — which carries full access to all of their repositories — through a single malicious link. The attack targets github.dev, GitHub’s browser-based … Read more
Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet’s V8 on the Galaxy S25 Author: Hrvoje Mišetić, Jamie Hill-Daniel, William Liu (Otter Audits LLC / Crusaders of Rust Security Research Group) Published: April 1, 2026 Source: https://osec.io/blog/2026-04-01-patch-gap-to-mobile-renderer-rce/ Summary Researchers from Otter Audits LLC and the Crusaders of Rust Security Research Group demonstrated a full renderer … Read more
Exploiting Reversing (ER) series: article 04 | macOS/iOS (part 01) Author: Alexandre Borges Published: February 4, 2025 Source: https://exploitreversing.com/2025/02/04/exploiting-reversing-er-series-article-04/ Summary Security researcher Alexandre Borges has released the fourth installment of his Exploiting Reversing (ER) Series — a comprehensive, step-by-step research document series covering vulnerability research and exploit development across Windows, macOS, hypervisors, and browsers. Article … Read more
