0 views collected around this technical thread.
The award‑winning ICSE2025 paper introduces CDFuzz, a lightweight custom dictionary technique that dramatically improves coverage and vulnerability discovery in grey‑box fuzzing, and a live session will dissect its design, validation, and impact on software security testing.
A security research team created a counterfeit VSCode extension in half an hour, demonstrated how easily malicious code can be injected and distributed through the VSCode Marketplace, and revealed that dozens of high‑value companies, security firms and even a national court were compromised, highlighting critical gaps in extension vetting and supply‑chain protection.
The article provides a comprehensive technical walkthrough of the Hyper‑V DirectX component, detailing its architecture, virtual GPU configuration, attack surface, and step‑by‑step exploitation of four critical CVEs (CVE‑2022‑21918, CVE‑2021‑43219, CVE‑2022‑21912, CVE‑2022‑21898) with code snippets and debugging insights.
This article expands on the author's BlueHat Shanghai 2019 presentation, summarizing Office‑related 0‑day and 1‑day vulnerabilities discovered between 2010 and 2018, categorizing them by component and type, and providing extensive references, analysis notes, and exploitation guidance for security researchers.