Vulnerability analysis, proof of concepts, and code reviews
CVE-2025-23266 (NVIDIAScape) lets you escape Docker containers and get root on the host with a 3-line Dockerfile. Affects NVIDIA Container Toolkit used by 37% of cloud environments. Plus runc CVEs that break Kubernetes isolation.
Trust Wallet's browser extension got backdoored via supply chain attack on Christmas Eve. Attackers pushed malicious code to production that drained $7M in user funds. Binance-owned wallet, developer negligence, APT-level execution.
A victim loses $50 million USDT to an address poisoning attack because wallet developers can't be bothered to implement basic checksum validation. I demonstrate how trivial it is to generate matching addresses.
React Server Components gets absolutely demolished by CVE-2025-55182. I demonstrate root RCE because apparently Meta's security team forgot about input validation.