Luis Vacas de Santos

Claude code source code has been leaked via a map file in their npm registry! Code: …a8527898604c1bbb12468b1581d95e.r2.dev/src.zip

Releasing KslKatz. Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver. github.com/S1lkys/KslKatz

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw Vulnerability detection script available here: github.com/rxerium/rxeriu… Patches are available as per Citrix's advisory: support.citrix.com/support-home/k…

Thanks to Azox, it is now possible to use psexecsvc (github.com/sensepost/susi…) through a socks proxy like ntlmrelayx allowing executing system commands via a trusted service, as NT System, and evading EDR's. Also thanks to @HackAndDo for his fixes :D

KslDump - Extraction of credentials from PPL-protected LSASS using only Microsoft-signed components github.com/andreisss/KslD…

@Nikaiw @m19o__ Niceeeee

meet VMkatz, github.com/nikaiw/VMkatz

🚨 DIABETES CURE… OR THE BEGINNING OF A MEDICAL REVOLUTION? For over a century, diabetes has meant daily injections, constant monitoring, and a lifetime of management. But now, scientists in China and researchers at Vertex Pharmaceuticals in the United States have done something shocking, they used stem cells to create new insulin-producing cells and transplanted them into real patients. And here’s the twist… Some people with Type 1 diabetes started making their own insulin again. No pump. No syringe. Just living cells doing their job. It’s not a full cure yet. Trials are still small, and long-term results are unknown. But for the first time, medicine isn’t just managing diabetes, it’s trying to rebuild the pancreas itself. Science fiction? Not anymore..

403 Bypass List Tags: #BugBounty #WebSecurity #EthicalHacking #bypass_403

🚨 CVE-2026-2006: Vulnerability Alert Critical Remote Code Execution via Malicious PL/Python UDF! An attacker with CREATE privilege can define a PL/Python user-defined function containing arbitrary Python code that executes with the privileges of the PostgreSQL server process (typically 'postgres' user), enabling full remote code execution on the database host. Full Vulnerability Details & Analysis at DarkEye: 🔗 darkeye.org/vuln/cve/CVE-2… 🔍 Identify Targets via ZoomEye: Filter: vul.cve="CVE-2026-2006" Search Dork: app="PostgreSQL DB" Exposure: 3M+ instances identified globally. ZoomEye Search Link: 👉 zoomeye.ai/searchResult?q… #PostgreSQL #RCE #PLPython #PrivilegeEscalation #DBSecurity @darkeye_team

#Paramspider fetches archived URLs for domains from Wayback Machine, filters useless ones, and supports bulk input, streaming, proxies, and parameter placeholders. 🔥🔥Credit: @0xAsm0d3us repo link: github.com/devanshbatham/…

Más de 1.800 servidores Windows comprometidos por el malware BADIIS en una campaña masiva de envenenamiento SEO blog.elhacker.net/2026/02/mas-de…

Google patches critical zero-day CVE-2026-2441. Attackers are exploiting this CSS use-after-free flaw in the wild. Update to Chrome 145 immediately. #Chrome #ZeroDay #CVE20262441 #CyberSecurity #InfoSec #PatchNow #BrowserSecurity securityonline.info/critical-alert…

🚨403 Bypass Payloads ⚙️ ✅Download - t.me/brutsecurity/2… #CyberSecurity #BugBounty #EthicalHacking #Infosec #BrutSecurity

@HackingTeam777 Senkiu por la promo

Notepad RCE (CVE-2026-20841) is getting a lot of attention. This is part of the content provided through our subscription. Check out our simple analysis and judge for yourself.😀 github.com/patchpoint/CVE… #notepad #RCE

🚨 Microsoft Office Word 0-day Vulnerability Actively Exploited in the Wild Source: cybersecuritynews.com/microsoft-offi… A critical zero-day vulnerability in Microsoft Word, tracked as CVE-2026-21514, was disclosed on February 10, 2026, allowing attackers to bypass essential security protections. CVE-2026-21514 exploits a weakness in how Microsoft Word handles security decisions based on untrusted inputs, categorized as CWE-807. The vulnerability specifically bypasses Object Linking and Embedding (OLE) mitigations implemented by Microsoft to protect users from malicious COM/OLE controls. These OLE controls enable documents to embed and interact with external objects. However, improper validation allows attackers to circumvent protective measures. #cybersecuritynews #vulnerability

"[...] WAFs can often be bypassed with payload obfuscation or other evasion techniques, indicating a gap in the ruleset or how it's applied." Read more: blackhillsinfosec.com/bypassing-wafs… By: @buxdabomb Collaborator: @su_rabb1t Published: 10/15/2025

‼️ CVE-2025-1974: Kubernetes IngressNightmare Vulnerability CVSS: 9.8 PoC: github.com/hakaioffsec/In… PoC Published: March 26th, 2026

200 IQ teamwork 🔥