About
Kazuma Matsumoto
Security engineer working in offensive security, independently conducting vulnerability research on open-source software and widely deployed applications. This blog documents my findings and analysis.
Work Experience
Current
GMO Cybersecurity by Ierae, Inc.
-
Offensive Security Department, Advanced Assessment Section (May 2026–)
Web application penetration testing and adversarial evaluation of large language models (LLMs).
-
Assessment Service Department (Aug 2024 – Apr 2026)
Identifying vulnerabilities across web applications, mobile APIs, and HTTP-layer anti-cheat mechanisms in mobile games.
Previous
Ministry of Defense, Japan (2024)
- Served as Technical Officer at the Self-Defense Forces Cyber Defense Command under the Joint Staff.
CVEs
| CVE | Target | Type |
|---|---|---|
| CVE-2026-20943 | Microsoft Office | Click-to-Run elevation of privilege |
| CVE-2025-23358 | NVIDIA App | Installer privilege escalation |
| CVE-2026-22561 | Anthropic Claude Desktop | Installer privilege escalation |
| CVE-2026-25075 | strongSwan | Integer underflow in EAP-TTLS AVP parser |
| CVE-2026-32854 | LibVNCServer | Null pointer dereference in HTTP proxy handlers |
| CVE-2026-5720 | miniupnpd | Integer underflow in SOAPAction header parsing |
| CVE-2026-28525 | SWUpdate | Integer underflow in multipart upload parser |
Interests
- AI security
- AI-assisted code analysis
- Web application security
- Windows internals
- Linux internals
Links
- GitHub: y637F9QQ2x
- LinkedIn: Kazuma Matsumoto