Juan Pablo Perata @cxzero

Interesting- What LLM vuln research looks like claroty.com/team82/researc…

Success/Collision! David Tae & Louis Hur of Out Of Bounds targeted Ollama, hitting a one-vulnerability collision with a previous attempt and earning $28,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin

Project Nightfall is live! Our globally renowned CTF starts today and runs for the next 5 days. Join the global leaderboard to test your skills in ICS, AI, and Web security. Check out the challenge teasers below for a look at the high-stakes scenarios you'll face. Sign up and start playing today > okt.to/1QBOar

keyboard_arrow_left Previous keyboard_arrow_right Next

Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin

There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ #oppo

Did you know Claude models have a "magic string" to test when a model refuses to respond? If that string enters prompt context, it can be abused to break LLM workflows until context is reset. It's the EICAR test string of the AI age. Details: hackingthe.cloud/ai-llm/exploit…

I read through the Claude Code leaked source, and I found that a big part of its “write secure code” story comes down to a single line in a prompt. No, really. This is the line: Be careful not to introduce security vulnerabilities such as command injection, XSS, SQL injection, and other OWASP top 10 vulnerabilities. If you notice that you wrote insecure code, immediately fix it. Prioritize writing safe, secure, and correct code. That is not a joke. Claude Code is supposed to automate a huge chunk of software engineering work. We are talking about a tool people increasingly treat like an autonomous developer, and the built-in security posture for the code it writes appears to be: please try not to write vulnerable code. Wow. I feel much safer already. What makes this more interesting is that Anthropic clearly did put real engineering effort into other parts of security. The leaked source shows concrete protections around what Claude Code itself is allowed to do: permissions, sandboxing, shell hardening, sensitive path protections, SSRF controls. So this is not a story of “they forgot security.” It is a story of where they implemented it. They seem to have put much more engineering into controlling the agent’s behavior than into verifying whether the software it produces is actually secure. And that is a huge distinction. Because a coding agent can be careful with your machine and still make terrible security decisions about auth, dependency trust, tenant isolation, migrations, or application logic. That is the part I think security people should pay attention to. When you look at AI coding tools, the question is not just: “does it have security features?” The real questions are: - what is enforced by code - what is optional - what is just a prompt That tells you where the actual security boundary is. And in Claude Code, at least from the leaked source, that boundary looks a lot closer to containing the agent than to ensuring secure output. Full write-up down.

After much trial and error, proud to show off tweak injection on iOS 18; possibly for the first time ever? DarkSword injection into SpringBoard on iPhone 15 Pro Max running 18.6.2 🎉

A new module just got merged into NetExec: get-scriptpath📜 This module queries all users for the scriptpath attribute. If you have privileges over one of these scripts (or they e.g. try to mount a network share) you can compromise this user on their next login. Made by @0xwyndo

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw Vulnerability detection script available here: github.com/rxerium/rxeriu… Patches are available as per Citrix's advisory: support.citrix.com/support-home/k…

Collecting ADCS data with NetExec🔥 Thanks to the addition of CertiHound, developed and implemented by 0x0Trace, we can now collect ADCS data using the --bloodhound collector of NetExec. As before, the data is exported as JSON files that can be imported directly into BloodHound.

Netexec has some really nice NFS capabilities. I found a some weird behavior in one of them, which turned out to be a bug that just got patched. Let's walk through it. youtube.com/watch?v=WVWPgO…

Data Exfiltration in Google Gemini via... phone call? Link in comments:

One year ago I decided to automate my bug bounty workflows and let automation run 24/7 to discover targets and find security vulnerabilities. In the blog post I describe approach that I took, difficulties and earnings from this project 🤑 brzozowski.io/bug-bounty/202…

This is quality research on an under-appreciated request smuggling vector, check it out!

sebsrt @s3bsrt

4 months ago

I’ve been digging into HTTP Trailers and found some new smuggling techniques: sebsrt.xyz/blog/trailing-…

4 106 416 42K 347

🚨 New podcast episode! Very fun and educational chat with @watchtowrcyber's Ryan Dewhurst @ethicalhack3r! Great conversation about discovering the magic of computers, the constant acceleration of threats, and how to adapt and survive as a defender. youtu.be/5WznmQpJnj4?si…

Claude Code/Codex is powerful for one-off tools but it's scary how quickly you lose context when relying on vibe coding - definitely makes patching bugs/vulns more challenging in the long run.

x.com/i/article/1997…

This is streamingly exciting github.com/lachlan2k/Reac…