n0s

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI. blog.calif.io/p/mad-bugs-cla…

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets. A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic. open.substack.com/pub/calif/p/a-…

Our latest research is out! If you missed a good write-up for nice vulnerabilities, I brought you one! Enjoy the reading! @FearsOff @Cloudflare

RIP fine-tuning ☠️ This new Stanford paper just killed it. It’s called 'Agentic Context Engineering (ACE)' and it proves you can make models smarter without touching a single weight. Instead of retraining, ACE evolves the context itself. The model writes, reflects, and edits its own prompt over and over until it becomes a self-improving system. Think of it like the model keeping a growing notebook of what works. Each failure becomes a strategy. Each success becomes a rule. The results are absurd: +10.6% better than GPT-4–powered agents on AppWorld. +8.6% on finance reasoning. 86.9% lower cost and latency. No labels. Just feedback. Everyone’s been obsessed with “short, clean” prompts. ACE flips that. It builds long, detailed evolving playbooks that never forget. And it works because LLMs don’t want simplicity, they want *context density. If this scales, the next generation of AI won’t be “fine-tuned.” It’ll be self-tuned. We’re entering the era of living prompts.

@M0ngii Nice work!

Dropping my kernel exploitation notes I've been working on since I first started researching in this I'll keep updating the repo so please, let me know if there's smthg unclear or must be fixed You'll also find future writeups & challenges authored there. github.com/M0ngi/Kernel-E…

@ptrYudai Wow! Congrats!

We won 1st place in Google CTF Finals Hackceler8🏆 Thank you for the amazing game!

Just wrote a ~2.5 page blog post on Client Side Path Traversal, covering what CSPT is, why it can be so impactful, some advanced exploitation and WAF bypass techniques, and a bug which I found in a live hacking event (redacted ofc) matanber.com/blog/cspt-leve…

I'm speechless

The vulnerability is about request smuggling, looks like there is a misleading information about RCE in the description. I requested a description update for that. Sorry for any inconvenience.

I am thrilled to share my first two CVE assignments CVE-2023-50694 and CVE-2023-50693 for discovering HTTP request smuggling vulnerabilities in HTTPbeast and Jester, both written in Nim language. tenable.com/cve/CVE-2023-5… tenable.com/cve/CVE-2023-5…

@ptrYudai well done!

I wrote 70 CTF challenges this year, which is my personal record🫠 @ptr-yudai/HyL3TASfK" target="_blank" rel="nofollow noopener">hackmd.io/@ptr-yudai/HyL…

@samm0uda inspiring

I contributed with 7 web challenges for #BHMEA2023 this year, hope you like them! Congrats to @strellic for blooding today’s insane chall 🤯

Excited to launch my first browser extension, DOMLogger++! Now available for both Firefox and Chromium! 🎉 DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations 🔥 Check it out 👇 github.com/kevin-mizu/dom… 1/5

@LiveOverflow @M0ngii lol

Web Security vs. Binary Exploitation

I wasn't knowing what to do yesterday night so, I decided to create an XSS challenge 🚩 There is nothing to win, I made it just for fun! If you want to try it out, click on the link below 👇 mizu.re/challenges/xss… The final goal it to pop an alert without any interaction 🔥

CVE-2023-38831 Winrar exploit generator github.com/b1tg/CVE-2023-… #cve #infosec #pentesting

@TnMch_ @parrot409 nice wu, gg

We enjoyed playing Hacker's Playground 2023 CTF Our team was the only one to solve Flagstore2💪💡 Kudos to @parrot409 for the help✌️ mohamed-chamli.me/blog/sstf%2020…