[~]$ whoami?

Hi, I’m Sachin (@cyfun). I’m a budding security researcher with interests in threat hunting, reverse engineering, pwning, web and network security.

CVE-2025-32324: Android ActivityManagerShellCommand Authentication Bypass Leading to LaunchAnyWhere

Deep analysis of CVE-2025-32324, a critical authentication bypass vulnerability in Android’s ActivityManagerShellCommand …...

 · 12 min read

eBPF JIT Compiler Internals: Understanding Constant Blinding Implementation

Deep dive into eBPF’s constant blinding mechanism - a security defense against JIT-spray attacks in the Linux kernel....

 · 16 min read

How Attackers Are Weaponizing OAuth to Silently Take Over Microsoft Outlook Accounts

Investigation into sophisticated OAuth phishing campaigns targeting Microsoft Outlook accounts that bypass traditional …...

 · 7 min read