🚨Wiz Research update: MCP Auto-Execution: From Git Clone to Cloud Compromise.
This let malicious repos run code and steal AWS credentials without consent via workspace MCP configs.
Attackers could compromise cloud envs. Fixed in language server 1.65.0 (CVE-2026-12957). wiz.io/blog/amazon-q-…
Onelogon: Taking over Active Directory Accounts via Netlogon🔑
We analyzed Netlogon, bypassed the Zerologon patch, resulting in a full auth bypass. An attacker can leverage this to compromise computer accounts, or even the entire AD. Non-standard config must be present tho 🧵
I just wrote a new blog on bypassing CA policies in Entra ID that have a resource exclusion, and why you probably want to enable baseline enforcement if you have such policies. Enjoy!
dirkjanm.io/bypassing-cond…
‼️🚨 Critical remote code execution in libssh2, the SSH client library embedded in countless tools: CVE-2026-55200, rated CVSS 9.2 by VulnCheck. Every version up to and including 1.11.1 is affected.
It's an out-of-bounds heap write in ssh2_transport_read(), which fails to bound-check the SSH packet_length field. A malicious or MITM'd SSH server can send oversized packets to corrupt memory and run code on the connecting client.
No known exploitation yet and it's not in CISA's KEV. Fix: move to a build that includes commit 7acf3df (PR #2052), and inventory anything that links libssh2 for SSH, SCP, or SFTP.
We've been working on something for a while.
The talks your blue team doesn't want you to see.
🔴 Red Teaming. Initial Access. AD. Cloud & Web exploitation.
📍 Paris - Le Dernier Étage
📅 March 19–20, 2027
entrypoint.fr
CFP and additional details coming soon.
You won’t believe what’s next for Android!
Tune in to the The Android Show | I/O Edition May 12 at 10 am PT for a look at the future.
Set a reminder at Android.com/io-2026 and be the first to know 🗓️ #TheAndroidShow
To help protect Signal users from phishing and social engineering attacks, we’ve introduced additional confirmations and educational messaging in the app to help people better detect fraudulent profiles, especially message requests from scammers posing as Signal.
More changes are on the way.
Last week happened the THCon 2026 CTF. A huge congrats to all our participants, especially the winners of this year on-site CTF :
- 🥉 1984 (@UT3PaulSabatier)
- 🥈 FlagaDOS (@ITrust_CyberSec)
- 🏅 Old Tokenz (various companies)
The CTF has ended, we thank you all 2134 players for taking part in it (except those that DoSed the infra 😅). Here is the leaderboard.
Happy hacking until next year (and this time we'll make sure the infra holds on for 2000 people rather than the 500 of last year 😅).
And that's a wrap for THCon 2026.
Thanks again to all our sponsors, speakers, participants organizers and everyone else who contributed to make this day unique !
Remember that the CTF startes tomorrow on ctf.thcon.party, see you there or see you next year 👨💻
THCon 2026 has started. We are experiencing a technical difficulty regarding the stream.
The talks are still recorded so you'll be able to replay them.
2K Followers 750 FollowingSoftware Developer and Saxophonist from Norway • Creator of @gohugoio • More code at https://t.co/KrMUUL4zgs • Photos: https://t.co/vGDaZ4CsBz
231K Followers 6K FollowingFounder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
297K Followers 147 FollowingWe bring out the best in every business. | Privacy Statement: https://t.co/aceUYW4DWh
Personal attacks, harassment, private info, or threats will be removed.
3K Followers 412 FollowingSecurity Researcher @AikidoSecurity. Previously @SecCodeWarrior, co-founder at Adversaryio & Principal Security Engineer/Partner @thesyndis. Opinions all my own
23K Followers 489 FollowingBlue Teamer in Disguise. Blog at https://t.co/spa33ybIVL. SANS Netwars Champion. Former community manager and founder of the Offsec community for @offsectraining
4K Followers 34 FollowingI'm a security researcher who uses this platform to share my projects and research. Opinions are my own.
https://t.co/UiWgKq40sV
4K Followers 204 Followingai + security + alpha
CEO @theori_io / @xint_official → building the world's best AI hacker
9x DEF CON CTF winner
CMU CS '11 | founded PPP & MMM
2K Followers 6K FollowingPentester | MD (Intensivist & Healthcare Simulation in another life) |
Infosec, Geopolitics, Defense, Hybrid warfare, DCS, Gaming, Metal
Opinions are my own