InfosecMatter

Top 16 Active Directory vulnerabilities found during pentests (detailed post) #infosec #pentest #pentesting #hack #hacking @DirectoryRanger infosecmatter.com/top-16-active-…

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

another day, another universal linux LPE

ShinyHunters has successfully hit the big leagues. ShinyHunters successfully disrupting exams, schooling, grading, government funded research projects, dissertation work, graduations, financial aid, financial loss, potentially immigration complications, and more, has elevated this from "a silly shenanigan" to "major national security incident" and being labeled as an attack on United States critical infrastructure. If I had to guess, the FBI, NSA, CIA, DIA, CISA, ICE, and DOE are all involved due to the disruption of this. This isn't the largest extortion campaign I've seen, but this is definitely in the top ten. This is what the kids call a "Certified Hood Classic".

A few months ago, I found a Prompt Injection vulnerability on Google Tasks. It was simple, yet tricky. Google rewarded me with a $15,000 bounty for it. Here's the full story:

ShinyHunters compromised Canvas (to a currently unknown extent) which resulted in a "this system has been compromised" to over 9,000 universities. As ridiculous as that sounds, I'm not memeing. It has been speculated it is actually over 9,000 universities. ShinyHunters is having their ALPHV moment. They're now going to get attention at a serious scale outside of the information security circle.

🚨 BREAKING: New Linux zero-day "Dirty Frag" lets ANY local user become root on most major distros. The PoC is already public, half of it isn't patched yet. Discovered by researcher Hyunwoo Kim, the exploit chains two kernel bugs and sits in the same family as Dirty Pipe and Copy Fail. ▪️ CVE-2026-43284 (xfrm-ESP Page-Cache Write): patched in mainline Linux. ▪️ CVE-2026-43500 (RxRPC Page-Cache Write): NO PATCH yet. The exploit is reliable by design. Attackers don't have to win a timing race, the system won't crash and alert anyone if it fails, and it succeeds nearly every run. The embargo got broken before distros could ship fixes, so the working code is now sitting on GitHub. Confirmed working on: Ubuntu 24.04.4, RHEL 10.1, openSUSE Tumbleweed, CentOS Stream 10, AlmaLinux 10, Fedora 44.

CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572 github.com/dwisiswant0/ne…

Create a folder called (calc). Shift+Right click « Open PowerShell Window here » and boom you have a command injection. @podalirius_ found two command injection vulnerabilities in Windows Explorer's context menus, both exploitable since 9 years. ghst.ly/42ImlI6

⚡ PSSW100AVB ⚡— PowerShell Scripts With 100% AV Bypass PowerShell payloads built for AV evasion and red team research. Includes: • Reverse shells • Obfuscation techniques • Sandbox bypass concepts • AI/behavior-analysis evasion experiments Focuses on how modern payloads attempt to bypass antivirus and EDR detection mechanisms. github.com/tihanyin/PSSW1… #CyberSecurity #RedTeam #PowerShell #MalwareAnalysis

🚨 A new Linux backdoor “PamDOORa” is being sold on the cybercrime forum after its price dropped from $1,600 to $900. The PAM-based malware enables persistent SSH access, steals credentials, and tampers with authentication logs on compromised systems. Details: thehackernews.com/2026/05/new-li…

This is probably the most honest AI architecture breakdown on the internet right now. 9-layer AI production architecture services/ - RAG pipeline, semantic cache, memory, query rewriter, router. Not one file. Five. agents/ - document grader, decomposer, adaptive router. Self-correcting by design. prompts/ - versioned, typed, registered. Never hardcoded. security/ - input, content, output. Three guards not one. evaluation/ - golden dataset, offline eval, online monitor. Most people skip this entire layer and ship blind. observability/ - per-stage tracing, feedback linked to traces, cost per query. .claude/ - agent context so your AI coding assistant knows the codebase before it touches a file. The demo is one file. Production is this.

10 GitHub repos that distill the world's smartest people into AI you can run on your laptop. In 2026, the greatest minds of our time became installable. Bookmark this list — you will not see anything stranger this year. 1. andrej-karpathy-skills A single markdown file distilling Andrej Karpathy's wisdom on AI coding. 109K+ stars. The most starred single-file repo in GitHub history. Repo → github.com/forrestchang/a… 2. MemPalace Milla Jovovich, the Resident Evil actress, co-built this AI memory system using Claude Code. Near-perfect score on the LongMemEval benchmark. Repo → github.com/MemPalace/memp… 3. autoresearch Karpathy's own research automation framework. 23K stars in three days. The closest thing to having Karpathy as your research partner. Repo → github.com/karpathy/autor… 4. awesome-claude-code The canonical playbook for Claude Code, the AI coding tool used inside FAANG, OpenAI, and Anthropic. Repo → github.com/hesreallyhim/a… 5. SuperClaude Framework The complete Claude Code methodology distilled into a deployable framework. Personas, commands, prompts, workflows. Repo → github.com/SuperClaude-Or… 6. AI-Agents-for-Beginners Microsoft's free 12-lesson course on building AI agents. Real code, real exercises, real production patterns. Repo → github.com/microsoft/ai-a… 7. awesome-llm-apps 106K+ stars. The most comprehensive collection of working AI applications on GitHub. Repo → github.com/Shubhamsaboo/a… 8. mattpocock/skills TypeScript wizard Matt Pocock's daily coding workflow, open-sourced. Planning, TDD, architecture, git guardrails. Repo → github.com/mattpocock/ski… 9. hermes-agent The self-evolving AI agent. Extracts skills from every conversation and gets smarter the more you use it. Repo → github.com/NousResearch/h… 10. qlib Microsoft's full quant investment platform. The brain of a hedge fund analyst, free to clone. Repo → github.com/microsoft/qlib Here's the wildest part: A Hollywood actress, a Stanford AI legend, a TypeScript world-class teacher, and Microsoft's research division all just open-sourced their thinking. You don't need to be Karpathy. You don't need to be Milla Jovovich. You don't need a degree, a PhD, or a team. You need a laptop, a weekend, and these 10 repos. The greatest minds of our time are now installable. Most people will scroll past this. The ones who don't will compound. Save this before you forget. 100% free. 100% open source.

Turns Claude into a specialized reconnaissance operator github.com/elementalsouls…

A developer just found the internet’s biggest loophole. Port 53. The one port every firewall, school network, airport WiFi, hotel router, and ISP is forced to keep open. Because the second DNS breaks… the internet breaks with it. Now a developer turned that loophole into an encrypted tunnel called MasterDnsVPN. Instead of using normal VPN protocols that firewalls instantly fingerprint and block… it hides traffic inside ordinary DNS requests. To the network, it just looks like normal DNS activity. Meanwhile, your traffic keeps flowing underneath. Why this repo is blowing up: → Uses a custom low-overhead ARQ system built specifically for unstable DNS paths → Sends packets through multiple resolver routes at once for higher reliability under packet loss → Auto-detects the best DNS payload size possible to squeeze out maximum speed → Supports AES, ChaCha20, and multiple encryption modes out of the box → Includes a built-in SOCKS5 proxy so browsers and apps work instantly No subscription. No monthly VPN fee. No bloated clients. Just configure your DNS records, add the encryption key, and run the binary. Windows, Linux, macOS, ARM64 all supported. And unlike most VPN protocols… this one survives on networks where OpenVPN, WireGuard, and Shadowsocks get killed instantly. GitHub repo: github.com/masterking32/M… MIT licensed. 100% open source.

❗️ Linux is having a brutal week. Another local to root privilege escalation vulnerability just dropped: "Copy Fail 2: Electric Boogaloo." This is the third Linux LPE in a row, after Copy Fail and Dirty Frag. The PoC is public on GitHub. There is still no coordinated patch. openwall.com/lists/oss-secu…

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io

Advanced DNS tunneling VPN for censorship bypass github.com/masterking32/M…

imhex lets you drop an aes decryptor into a node graph and the disassembly view shows you the decrypted instructions free, open source, every os. werwolv ships

DeadMatter Extracts LSASS credentials from memory dumps. Lightweight. Can be used to bypass AV/EDR. Usually is paired with DumpIt as both of them don't need GUI. Tested with Microsoft Defender and Kaspersky hackers-arise.com/digital-forens… @three_cube @_aircorridor #edr #apt #redteam

🚨BREAKING: The fiber cable sitting in your wall has been secretly listening to you. And researchers just proved it. Security researchers from Hong Kong Polytechnic University and the Chinese University of Hong Kong presented a fully working attack at NDSS Symposium 2026 turning ordinary fiber optic internet cables into hidden, undetectable microphones. No laser bugs. No physical implants. No drilling through walls. Just the broadband cable already sitting in your living room or office. How It Actually Works: Optical fibers are sensitive to tiny vibrations. When sound waves travel through the air, they cause microscopic changes in the shape of the fiber. These changes alter the light signals traveling inside the cable. By watching these changes with a Distributed Acoustic Sensing system linked to one end of the cable, an attacker can recreate the original sound wave from the other end even over distances greater than 50 meters. Sound hits fiber. Fiber vibrates. Light shifts. AI reconstructs your conversation. No microphone. No bug. No trace. Why This Is Different From Everything Before: This attack transforms standard FTTH telecom fiber cables into passive, undetectable listening devices invisible to RF scanners and immune to ultrasonic jammers. Your traditional counter-surveillance gear will not work. The Device They Built: The researchers engineered a custom Sensory Receptor a hollow cylinder with 15 meters of optical fiber wound around it. Critically, this device can be disguised as an ordinary optical fiber box the same type routinely installed in homes and offices during FTTH deployments making it virtually indistinguishable from legitimate networking equipment. It looks exactly like what your ISP already installed. Who Is Most At Risk: → Corporate offices with FTTH connections → Government buildings and embassies → Law firms, banks, and financial institutions → Anyone having sensitive conversations near a fiber cable The Takeaway: Fiber optic cables have long been considered inherently secure. Resistant to RF emissions. Resistant to electromagnetic interference. That belief is now broken. The cable delivering your internet can also deliver your conversations to someone else entirely. Nobody installed a bug in your home. The infrastructure already was one.