Ashish Kunwar

@thedawgyg I am down for it @thedawgyg hit me up in DM

Will give this 1 shot. I have an unpatched (but reported) Heap Buffer overflow in Chrome impacting over 80 releases (every version from late 2018 thru present). I gave the Chrome team a working POC exploit that achieved running 'id' via execlp(), but because I used the --single-thread chrome flag they rejected the exploit. A working exploit here should get about $45,000 in additional bounty (they only paid 10k for original bounty and they pau up to 55k for the RCE exploit). If anyone has experience in this and would want to try and help get this working, we could work out a split of the extra bounties (if awarded). Let me know if anyones interested. #exploitdev #exploit #0day

Triaged valid → fixed by the team → closed N/A 2 months later? That's not how it works. @Hacker0x01 mediation shouldn't take 6–7 months for a critical with confirmed PII exposure + RCE impact. Researchers deserve better.

7 / This is an open research effort. We welcome contributions on training stability, scaling experiments, loop depth analysis, and alternative attention mechanisms. If you work on recurrent transformers, MoE, or inference-time scaling we would value your involvement. Repo → github.com/kyegomez/OpenM… Discord → discord.gg/EamjgSaEQf

@Random_Robbie Good luck 🤞

Loads of H1 invited for programs today all tight as hell scopes

What do Vercel, Rockstar Games, Anthropic, and Adobe have in common? They've all been breached in the last 19 days... Vercel was this morning. Someone is currently selling their source code on BreachForums for $2 million. The attackers got in through an AI tool Vercel had wired into its own internal systems. Let that sit for a second. An AI tool was the door. Two weeks before that, Mercor lost four terabytes of data. Mercor is the $10 billion company that trains the AI models at OpenAI, Anthropic, and Meta. So now someone, somewhere, has four terabytes of whatever that looks like. Anthropic's own source code leaked the week before. Drift Protocol lost $285 million to what was essentially an AI impersonating someone on their team well enough to trick a real employee into handing over access. And that's just the AI column. The full 19-day list also includes Rockstar Games (78 million records), the LAPD (unredacted police files, witness names, medical records), McGraw-Hill, Booking .com, Kraken, Basic-Fit's one million gym members, Kelp DAO for another $293 million, and a dozen smaller ones. Anthropic caught a group of state-backed hackers earlier this year using a jailbroken version of Claude to run an entire cyberattack campaign by itself. The AI did the recon, wrote the exploit code, broke into the systems, and pulled the data. A human checked in occasionally. Thirty targets. Thousands of requests per second. No human team can move at that speed. That was Claude, with every safety guardrail Anthropic could build into it. Mythos is out there now seeded quietly to a handful of entities and OpenAI has the same. What does cybersecurity look like with that level of power open to the world?

Fake ShinyHunters ??? Some Random Threat actor Posing as ShinyHunters 🤡 and extorting Vercel

Hacked!!!! Vercel Breached , ShinyHunters selling source code and DB access Key and having access to employees accounts

🚨 We've obtained alleged chat logs between Vercel and the threat actor who is LARPing as ShinyHunters and extorting them. We also spoke to the 'real' ShinyHunters, who confirmed to us they're fake. Vercel told them they don’t want to pay fake ShinyHunters… 😂

🚨 The NSA has been confirmed to be using Anthropic's Mythos, despite Anthropic sitting on the DoD's blacklist. Access to Mythos is restricted to just 40 organizations, with Anthropic citing offensive cyber capabilities too dangerous for wider release.

🎉 After one year of teamwork, we are excited to release our 3D foundation model — LingBot-Map! Unlike DA3/VGGT, LingBot-Map is a purely autoregressive model for streaming 3D reconstruction ⚡ It achieves ~20 FPS on 518×378 resolution over sequences exceeding 10,000 frames — and beyond 🚀 Two key insights behind LingBot-Map: 🔑 Keep SLAM's structural wisdom: build Geometric Context Attention with long-context modeling while maintaining a compact streaming state 🔑 Make everything end-to-end learnable — no optimization, no post-processing Let's check out our demos 👇

Hire me and I will keep dropping 0days for u XD

There you go :) fingers crossed 🤞 I have few more in my pocket to report

@RandomDhiraj Lemme reach out to them :)

@D0rkerDevil Give a try with SSD-Disclosure it's better than ZDI (Triaging process)

Found multiple 0days in a basedband , reported to a well known broker ;) but seems that they are on resource limitations Any suggestions or any brokers ???

@tradelots @Zerodium Ooh lemme try them out , thanks !!

@D0rkerDevil @Zerodium i'm asking if you reached out to them yet since you said any suggestions of other brokers. i would image you have already tried zdi? exodus could also point you in the right direction

@tradelots @Zerodium Nope

@D0rkerDevil @Zerodium ?

@manizzler Won't mention here ;)

@D0rkerDevil Which baseband