CryptoCat

Want to become an ethical hacker? 🥷 Here's a list of my favourite [mostly practical] resources 📚 They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete ⏳

Today @rapid7 and Cisco are disclosing CVE-2026-20182, a critical (CVSS 10.0) auth bypass affecting Cisco Catalyst SD-WAN Controller, found by @_CryptoCat and I when we were researching CVE-2026-20127 last Feb. An unauth attacker can become the vmanage-admin and issue arbitrary NETCONF commands. Cisco has also disclosed that the new CVE is already EITW as of this month. Read our blog here with full technical details: rapid7.com/blog/post/ve-c…

@thezdi No stream?

We're ready to kick off #Pwn2Own Berlin 2026. There are some big targets starting things off. Stay tuned for results. See the full schedule at zerodayinitiative.com/blog/2026/5/13…

An SQLi I found in ProfileGrid was disclosed this week. Here's the full writeup and patch review! cryptocat.me/blog/research/…

NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at depthfirst.com/nginx-rift

For the past 2 months, XBOW has been testing Mythos Preview under embargo as part of a select early-access group. Today, we can finally share what we found. The headline: Mythos Preview is a major advance. It is substantially better than prior models at finding vulnerability candidates, especially when source code is available. But it’s not perfect. We surfaced issues with exploit validation, judgment, and efficiency. Our full write-up covers where Mythos Preview shines, where it still needs support, and what we think this means for the future of offensive security: bit.ly/42zQl98

How many entries survived Patch Tuesday to compete in #Pwn2Own Berlin? Find out tomorrow when we do the drawing for order? Join us live to find out. youtube.com/live/5V6vp5RyT…

@ZackKorman @notbrvnd0n AI generated marketing

@notbrvnd0n Yea I seriously have no idea what they’re doing. Like 3 days ago they were posting about scaling trusted access for cyber lol

New video: Why are the AI labs so obsessed with cybersecurity? Also, I talk about about OpenAI's Daybreak thing.

the most low-effort / high reward thing you can do for security is installing the Russian language pack (not even joking, it's ridiculous how often that prevents execution)

This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe.

@m411k_ @satoki00 Vendors win!

@satoki00 The funny thing that could happen is that the rejected players will (at least) report vulns which will get probably patched before p2o, thus invalidating valid players bugs, so no one wins.

Pwn2Own Berlin 2026まとめ ・AIによって大量の0-day RCEが発見される ・運営のキャパを超える応募が殺到 ・多くの参加者がリジェクト(賞金が貰えない) ・0-day RCEを持ったハッカーが野に放たれる ・リベンジ脆弱性公開を始める ←いまここ

Coming soon to a @metasploit near you 👀

Warning: Long Tweet! I've been thinking a lot about the forthcoming knowledge gap in hacking and vulnerability research, though it applies far beyond just that. One part that makes me a bit sad is that those coming into the field in the future will never know what it was like during the early days of going to DEF CON, sitting at tables or in hotel rooms with like-minded individuals to work through solving problems both together and individually, and being forced to use your brains and your knowledge... Never giving up! I'm sure that for many of us that the amount of time spent on manually reversing, debugging, coding, etc... could be quantified in literal years of our time spent on this planet. But it was always worth it... Or at least always a learning opportunity! At the same time it's incredibly exciting to be alive having that same knowledge in the AI-era! I don't know that I've been this "energized" about the industry in a long time. I needed to write a Python app today to work with Ollama, a model, and Streamlit that would have taken me days on my own. Instead, I created it far faster than I could have on my own, and after only a couple iterations I had something solid and working well using AI. My point however, is that I've been struggling with trying to answer a couple of questions: 1) How will those coming into the field gain the necessary knowledge in coding, reversing, debugging, etc... to be effective, to identify hallucinations, to understand the who, what, where, when, and why, and to identify new classes of vulnerabilities if AI is performing all of the work and everything is handed up on a silver platter? 2) How important is it for those coming into the field to need to understand those things? ...and if still important now, for how long? I have more questions of course but those are two of the big ones... A lot of the things that I'm able to automate now are of course due to AI first and foremost, but there's the big secondary piece. It's the fact that I've been doing vulnerability research for a very long time and I know a lot of the who, what, where, when, and why... I've decided that on the @offby1security channel I'm going to start a new set of pre-recorded videos, separate from the weekly streams, where I simply cover foundational things that you cannot easily learn without having the practical experience. I need to put more thought into it but will figure it out through experimentation. Even if it only helps a small number of up and comers it's worth it to me. I'm a firm believer that even with all of the AI and automation options that paying your dues in understanding how things work "under the hood" remains crucial. If ever there was a time to not be complacent... it's now! I think that with this gap, and the decline in junior positions and apprenticeships, that Universities are going to need to figure out new ways to help prepare students for this new era. Sorry if I'm coming across all "philosophical" but this has been nagging me for some time now. If you agree or disagree I'd love to hear your thoughts on the matter as I'm still trying to land on an answer.

Opus 4.6 tested on 435 real vulnerabilities from production CVEs. Result is 28.5% CVE recall with extensive prompting and a verification agent. The false positive problem is severe. 38–51% of patched, clean functions got flagged. github.com/ZeroPathAI/opu…

Mythos finds a *single* vulnerability in curl 👀 daniel.haxx.se/blog/2026/05/1…

@KF_Lawless Can't blame invidiual researchers for responsibly disclosing their bugs. With the rise of AI-assisted research, it's really up to competition organizers and vendors to work out a more effective, fairer process.

@_CryptoCat All the researchers that didn't make it are making submissions to collide with P2O entrants out of spite😌

So a lot of hackers didn't get accepted for Pwn2Own as ZDI got too many submissions 😬 I wonder how many of those chains are gonna get reported and fixed before the event? 👀

I know the alternative to this is an explosion in Pwn2Own participants, so there would be many collisions and less payouts. At least those collisions happen on the day though! The approach taken this year is just gonna burn bugs before the event and lead to a wave of patches 🥲

Imagine a LHE in bug bounty where everyone hacks a program for months and then only some of the hackers are invited to the event. Those who aren't invited report their bugs (for no bounty), meaning those who *are* invited get dupes on the same bugs. The only winner is the vendor.

Diving into Dirty Frag, the second Linux page-cache local privesc in two weeks. CVE-2026-43284 + CVE-2026-43500 provide full distro coverage. I walk through both variants, the broken disclosure, and demo both versions on the HTB Snapped machine. youtube.com/watch?v=B5eUI_…

Our first official Burp Suite extension is live! 🤠 Intigriti Quick Scope (IQS) fetches all your public & private programs directly from the Researcher API and auto-configures your Burp scope, and mandatory request headers with a single click! 😎 Get it now in the BApp Store! 👇 go.intigriti.com/get-iqs-bapp