CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025).
POC for CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch
A web concept for a zero click user experience
Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, exploiting WebKit (CVE-2025-24201) and Core Media (CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction.
The Phantom Whisper is a sophisticated, production-grade Python orchestration framework designed to deploy zero-click exploits with surgical precision.
GitHub repository for a tool that detects and filters malicious prompts before they are entered into a Retrieval-Augmented Generation (RAG) database, ensuring data integrity and security.
Add a description, image, and links to the zero-click topic page so that developers can more easily learn about it.
To associate your repository with the zero-click topic, visit your repo's landing page and select "manage topics."