Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
ZDNet

Microsoft: Windows 10 is hardened with these fuzzing security tools – now they're open source

Microsoft has released a new open-source security tool called Project OneFuzz, a testing framework for Azure that brings together multiple software security testing tools to automate the process of ...
Threat Post

Using Fuzzing to Mine for Zero-Days

Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in today’s security landscape. Fuzzing is a term that sounds hard to take seriously. But it ...
CSOonline

Google offers free access to fuzzing framework

Fuzzing can be a valuable tool for ferreting out zero-day vulnerabilities in software. In hopes of encouraging its use by developers and researchers, Google announced Wednesday it’s now offering free ...
ZDNet

OpenVPN taken to task after audit ignores remote code execution flaws

A researcher has revealed four dangerous bugs, among others, in OpenVPN which two recent audits of the virtual private network's code failed to find. According to security expert Guido Vranken, he ...
InfoWorld

Google’s OSS-Fuzz extends fuzzing to Java apps

Google’s open source fuzz testing project draws on Code Intelligence’s Jazzer to add support for Java and other JVM languages. Google’s open source fuzz-testing service, OSS-Fuzz, now supports ...
InfoWorld

Microsoft open-sources fuzzing test framework

Microsoft is looking to help developers continuously fuzz-test code prior to release, via the open source OneFuzz framework. Described as a self-hosted fuzzing-as-a-service platform, OneFuzz enables ...