Axta @Asta_nine
Joined September 2025-
Tweets45
-
Followers5
-
Following903
-
Likes2
Strix found a critical auth bypass in etcd, one of the most used open-source components in cloud infrastructure. Now published as CVE-2026-33413 (CVSS 8.8). Read the full writeup: strix.ai/blog/where-oth…
🚨 Fortinet just disclosed CVE-2026-39808 and CVE-2026-39813 - 2 critical vulnerabilities affecting FortiSandbox. No active exploitation itw reported as of yet. Scan your infrastructure to find vulnerable instances: CVE-2026-39808: github.com/rxerium/rxeriu… CVE-2026-39813: github.com/rxerium/rxeriu… CVE-2026-39808 (CVSS 9.1): An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests. CVE-2026-39813 (CVSS 9.1): A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP requests. Patches are available as per vendor advisories: fortiguard.fortinet.com/psirt/FG-IR-26… fortiguard.fortinet.com/psirt/FG-IR-26…
‼️ CVE-2025-58434 and CVE-2025-59528: Flowise Dual CVE PoC GitHub: github.com/kartik2005221/… The two vulnerabilities chain naturally: CVE-2025-58434 provides unauthenticated account takeover, which satisfies the authentication requirement for CVE-2025-59528, achieving unauthenticated RCE in a single automated run.
Tomcat JMX Proxy exposed without auth? Wrote a blog about how I got shell on a production Tomcat behind Cloudflare despite the deploy API being locked down, WAF blocking payloads, and CDN filtering template syntax. 8 dead ends. Then AccessLogValve + docBase + relaxedQueryChars + EL injection. 14 requests to RCE. Tool + nuclei template included! hackt.us/from-tomcat-jm… #bugbountytips #bugbounty
Praetorian's Khael Kugler found and disclosed a critical vulnerability in AperiSolve, the popular steganography analysis tool used widely in CTFs and the security community. 🚨 CVE-2026-34977 – CVSS 9.3 Unauthenticated RCE via command injection in the JPSeek analyzer functionality. When uploading JPEGs, a password gets interpolated directly into a bash command without sanitization — giving immediate access to the host or container. 🔧 Version 3.2.1 patched. Advisory ➡ buff.ly/sbumVHn CVE ➡ buff.ly/P0ZPpvc #CVE #OffensiveSecurity
🔨BlueHammer: When Defender Becomes the Attacker A Windows zero‑day (“BlueHammer”) flips Defender’s update workflow into a privilege escalation path. I’ve built a detection that goes beyond signatures — catching the behavioral traces this exploit leaves behind. Technical Analysis: cyderes.com/howler-cell/wi… KQL Code: github.com/SlimKQL/Detect… #CyberSecurity #BlueHammer #DetectionEngineering #DefenderXDR
Finds zero-day vulnerabilities in Windows kernel drivers using AI agents github.com/416rehman/deep…
CVE-2026-39912 - Unauthenticated account takeover on Xboard/V2Board. The loginWithMailLink endpoint returns the magic link in the API response. Two requests, zero credentials, full account access. chocapikk.com/posts/2026/xbo…
Next, Next, SYSTEM: Exploiting NSIS installer bugs to escalate privileges in Zscaler Client Connector In this blog post I show how patch gaps in Zscaler's bundled NSIS versions led to LPE.. includes PoCs and yara rule to help you find other affected s/w blog.amberwolf.com/blog/2026/apri…
Here's a video PoC for Azure Entra ID SignIn Log Bypass in action. I had to make it to help MSRC replicate it (lol). You'll see how simple this bypass was. No worries admins, Microsoft says that it was only a "Moderate" issue.
The Story of a Perfect Exploit Chain: 6 bugs that looked harmless until they became pre-auth RCE in a security appliance. 🎄✨ This write-up is a real-life hacker’s POV story. It is not a list of bugs. It is the human thought process of how an exploit chain forms. You start with one question. What does this appliance actually do with my request? From there, small wins stack into momentum until 6 bugs collapse into one pre-auth RCE. My holiday basically disappeared into this write-up… and I’m so glad it did. Happy New Year, everyone!
Had noted elevated honeypot activity towards the WEB-INF pathway and while some of these may not be related to CVE-2025-68645, for reference here are all the paths targetting WEB-INF/web.xml from the past 7 days. /CDGServer3/ClientAjax payload: command=downclientpak&InstallationPack=../WEB-INF/web.xml&forward=index.jsp /SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.. /costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.. /faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.. /h/rest?javax.servlet.include.servlet_path=/WEB-INF/web.xml /myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.. /secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.. /service/~webrt/nc.uap.lfw.file.action.DocServlet payload: pageId=login&disp=/WEB-INF/web.xmlpageId=login&disp=/WEB-INF/web.xml
CVE-2025-68645 poc http://127.0.0.1/h/rest?javax.servlet.include.servlet_path=/WEB-INF/web.xml #CVE
🚨 Critical (CVSS 10) tagged CVE-2025-52691 affecting SmarterMail software I've created a script to detect vulnerable instances: github.com/rxerium/CVE-20… Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. While the vulnerability affects SmarterMail versions Build 9406 and earlier, the CSA advises users and administrators of affected product versions to update to SmarterMail version Build 9413 immediately: csa.gov.sg/alerts-and-adv…
This PoC was made by the author within 10 minutes using Cursor 🔥 x.com/i/status/20049…
MongoBleed (CVE-2025-14847) - Unauthenticated Memory Leak PoC github.com/joe-desimone/m… By @dez_ #bugbountytips #bugbounty #cybersecurity
ℹ️ Note: A wide range of online services are currently experiencing disruptions due to a technical issue affecting Cloudflare's global network; incident not related to country-level internet disruptions or filtering
"New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs" published by @0x0v1. #EndClientRAT, #Kimsuky, #DPRK, #CTI 0x0v1.com/endclientrat/
There's a lot going on in the AI threats space, and we're psyched to share a little sampling of our view into how actors are leveraging AI to bolster capabilities across a range of adversary use cases. Give it a gander & enjoy direct-to-VT malware links :D cloud.google.com/blog/topics/th…
“I Paid Twice” Phishing Campaign Targets Booking.com infosecurity-magazine.com/news/i-paid-tw…
Doctor Web exposed Android.Backdoor.Baohuo.1.origin, a malware hiding in a Telegram X clone. It uses a Redis database for C2, infects 58K+ devices, and steals crypto wallet info from the clipboard. #TelegramBackdoor #RedisC2 #AndroidMalware #Baohuo securityonline.info/first-ever-and…
Parsa Niknejat @Parsaniknejat
1 Followers 66 Following
Judd Kuphal @JuddKuphal72413
89 Followers 5K Following
amirpayamani @amirpayamani
2K Followers 2K Following Cyber security engineer🕸️Penetration tester🕷️Bug hunter
The Hacker News @TheHackersNews
1.7M Followers 2K Following The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Exploit Database @ExploitDB
217K Followers 9 Following The Exploit Database – ultimate archive of #Exploits, #Shellcodes & Security #Papers/#eZines
0day Exploit Database... @inj3ct0r
48K Followers 2 Following #0day #Exploit #Vulnerability #Vulnerabilities #PrivilegeEscalation #ShellUpload #Shell #RCE #XSS #SQLi #Shellcode
AEMSecurity @AEMSecurity
9K Followers 2K Following Husband + Father | Penetration Tester / Hacker | Interested in Security - Bugbounty - Vulnerability/Exploit Research CVE-2016-0956, CVE-2013-6674, CVE-2014-2018
Apostolos Giannakidis @cyberApostle
578 Followers 2K Following ProdSec. Vulnerability research. Exploit mitigation. Software. Open minded but skeptical.
Curt Fielding @_CField
285 Followers 790 Following Vulnerability research/exploit dev. Search and Rescue. Mountain runner, skier, climber.
flyic @Flyic
415 Followers 188 Following Moony Li, Virtualization & Kernel Vulnerability hunt and exploit for Windows,OSX,Android,iOS. SandBox system development and research. Buddhist of 阿弥陀佛
durakiconsulting LLC @dcsec_us
805 Followers 3 Following We are a premier information security consulting firm specializing in information security, vulnerability research and #0day exploit development. #infosec
dunadan @udunadan
1K Followers 87 Following An open-eyed man falling into the well of weird warring state machines. I talk about reverse engineering, vulnerability research and exploit development.
Maher Azzouzi @maherazz2
1K Followers 412 Following
Aaron Kobayashi @ASKobayashi
184 Followers 93 Following Loving Husband, Proud Father, Exodus Intelligence Vulnerability Researcher / Exploit Developer
phakeobj @phakeobj
447 Followers 293 Following Security Researcher; Vulnerability Research and Exploit Development Mastodon: https://t.co/jUCg3DVAV2
Incredity @Incredity_Intel
717 Followers 1 Following Setting the standard for trust and integrity in zero-day vulnerability and exploit intelligence exchange. 📅 Book a meeting https://t.co/rwZuhUuZ7V
CVE.report @CVEreport
2K Followers 7 Following https://t.co/g798XHB0Ba #0day #Exploit #Vulnerability #Exploits #Vulnerabilities #ZeroDay Tracking the latest CVE Vulnerabilities
Zero Day Engineering ... @zerodayengine
2K Followers 50 Following Zero Day Engineering Supplies • Private Intelligence: @zerodayalpha • Community: https://t.co/ASQmvN9Jz4
Zero Day Engineering @zerodayalpha
11K Followers 1 Following State-of-the-art vulnerability research & exploit intelligence • @alisaesage @zerodaytraining
Mr. OS @ksg93rd
3K Followers 1K Following To catch an adversary you must become one. Always deliver more than expected !!!!!! All post are educational purposes only. prompt Library ⬇️ URL
SSD Secure Disclosure @SecuriTeam_SSD
24K Followers 2 Following SSD provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. [email protected]
Netanel Rubin @na7irub
2K Followers 2 Following A vulnerability researcher with several significant findings under his belt.
بَيْرَق @typing0x
724 Followers 515 Following #eJPT #eCDFP #eWAPT #OSCP #CRTP Vulnerability researcher
Andrea Sindoni @invictus1306
895 Followers 95 Following Exploit Developer & Vulnerability Researcher - Former Android Tech Lead at @XI_Research
Tyrone 🎩 @TyroneSoftware
961 Followers 22 Following 📈 Swing Trader | 💻 Software Developer |🕵️♂️ Vulnerability Researcher
nt!PopGetDope @ntpopgetdope
1K Followers 1K Following vulnerability researcher: basebands, fault injection, semiconductors, cats. theres 2 SEMs in my living room... '02 Toyota MR-S (2ZZ-GE) '90 Honda VFR400R NC30
chris fitch @chris_fitch
1K Followers 1K Following Researcher: vulnerability, financial and essential services, and intervention - works with Money Advice Trust and Personal Finance Research Centre, Uni Bristol
Olasunkanmi Habeeb Ok... @sunkiehabeeb
547 Followers 2K Following Researcher: #HumboldtScholar #DAADClimapAfricaScholar #ClimateChange, #Vulnerability, #RiskAssessment #InformalSettlement #Adaptation #UrbanPlanner
Yannis Smaragdakis @YSmaragdakis
1K Followers 182 Following Program analysis, prog. langs researcher. Dedaub co-founder. My crypto/vulnerability activity is on @dedaub, not on this account. DO NOT DM HERE, not checking.
David Korczynski @Davkorcz
1K Followers 257 Following researcher @ADALogics | Software security, fuzzing, vulnerability analysis, AI, open source. | CS PhD from @CompSciOxford
Nuri Çilengir @ncilengir
637 Followers 525 Following Vulnerability Researcher @trendyoltech, ex @prodaft, @pentestblog
Omri Herscovici @omriher
1K Followers 265 Following Developer, Hacker & Lover | Security Researcher at @Intel | Former @_CPResearch_ Vulnerability Research TL | Opinions are non-existent
Shirley A. Howe @ShirleyAHowe
370 Followers 1K Following PhD | Climate researcher: resilience, vulnerability, justice, Ireland's islands | @icarus_maynooth @maynoothgeog @GSI_pecn @Climate_Circus
Amit d @_AmitDori_
240 Followers 583 Following Senior Security Researcher @ Microsoft MORSE. Computer stuff all around, Car Hacking and Vulnerability Research Private account: my views and not my employer's
Sachin J. Shah @sachinjshah
2K Followers 704 Following Physician-researcher @MGH_DGIM and @MGH_CASI. Aging research, individualized decision making, high stakes decisions, prognosis, vulnerability, wannabe runner
Harel @H4R3L
2K Followers 454 Following Professional Vulnerability Developer | Wannabe Security Researcher
Sergey Toshin @_bagipro
7K Followers 187 Following Ranked as the #1 security researcher for Google Play Security Rewards Program. The founder of @OversecuredInc Android and iOS vulnerability scanners
Jordi Chancel @J_Chancel
897 Followers 236 Following Independent Security Researcher ❖ Vulnerability Hunter ❖ Software Developer ❖ Bug Bounty Hunter ❖ Web-Browser Security Research Enthusiast.
Ban @0xBigBan
825 Followers 110 Following Binary reverser, Hacker, Vulnerability researcher, Cyber security analyst
ZoomEye @zoomeye_team
12K Followers 501 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Altimor @ssbmaltimor
452 Followers 234 Following Software Engineer Game Developer ML and Artificial Life Vulnerability Researcher Co-creator of SSBM 1.03 with @ssbmhax (Rest In Peace)
Chackal (Esdras DAGO) @Chackal__
1K Followers 975 Following "Vulnerability researcher" doing Bug Bounty on free time (https://t.co/j46EMrTT5T) Also doing some Reverse on many targets but find no vuln 😒
Muhammad Daffa @daffainfo
2K Followers 498 Following My opinions are my own | Vulnerability Researcher @ spiderSilk | CTF Player @ HCS and L3ak
James Horseman @JamesHorseman2
1K Followers 116 Following Vulnerability Researcher | Attack Engineer @horizon3ai
Ignis @ahakcil
2K Followers 281 Following Ata Hakcil Mad Scientist | ML/AI researcher | Vulnerability Researcher || 🐒 ||You might like
