Ryan Dewhurst

3.7K posts

Ryan Dewhurst banner
Ryan Dewhurst

Ryan Dewhurst

@ethicalhack3r

• Vulnerability & Threat Intelligence at https://t.co/hpcaDY39hO • Founder of @_WPScan_ (acquired by Automattic) • Founder of DVWA • Ethical Hacking Graduate

Katılım Haziran 2009
819 Takip Edilen21.2K Takipçiler
cje
cje@caseyjohnellis·
you know what's fairly difficult to hack? statically generated websites on decent hosting. also, this has been true and known for like, a while now...
English
7
2
51
3.5K
Sakir
Sakir@sakirjorrum·
@WifiRumHam @ethicalhack3r There's no poc. It just reveals the version; it's not that significant of a vulnerability.
English
1
0
0
33
Ryan Dewhurst
Ryan Dewhurst@ethicalhack3r·
Reproducing wp2shell is trivial with AI. Buckle up!
English
2
1
52
10.7K
Ryan Dewhurst
Ryan Dewhurst@ethicalhack3r·
Hoping WordPress' official version install stats just haven't updated yet.
Ryan Dewhurst tweet media
English
3
0
6
969
Ryan Dewhurst
Ryan Dewhurst@ethicalhack3r·
@TheHackersNews Takes a little more than a single request. But yea, this is bad. Luckily WordPress has had auto-updates enabled by default for a while. But there will still be many with auto-updates disabled.
English
1
0
2
1.3K
The Hacker News
The Hacker News@TheHackersNews·
🛑 URGENT - A single anonymous HTTP request can run code on an unpatched #WordPress 6.9 or 7.0 site, even on a default install with zero plugins. The new wp2shell flaw sits in core and still has no CVE for scanners to match. Affected releases and mitigations 🠖 thehackernews.com/2026/07/new-wp…
The Hacker News tweet media
English
23
207
690
391.8K
Ryan Dewhurst retweetledi
WordPress
WordPress@WordPress·
WordPress 7.0.2 is now available. This security release addresses 1 critical and 1 high severity issue, including a REST API vulnerability that could lead to remote code execution. Update your sites now. wp.me/pZhYe-5vp
English
10
128
287
102.4K
Ryan Dewhurst retweetledi
KEVIntel
KEVIntel@kev_intel·
CVE-2026-46442 is hitting KEVIntel’s Flowise sensor. First seen July 13, with attempts increasing: 20 from 7 attacker IPs. The odd part? It’s an authenticated RCE, but attackers are running the exploit unauthenticated. Now in our KEV Feed: kevintel.com/CVE-2026-46442
KEVIntel tweet media
English
0
3
7
772
Ryan Dewhurst retweetledi
Rick de Jager
Rick de Jager@rdjgr·
Here’s the Age of Empires RCE from yesterday’s Patch Tuesday: CVE-2026-50663. Join an attacker’s lobby, (auto-)accept UCG, and you get remote code execution.
English
44
250
2.4K
227.6K
Ryan Dewhurst
Ryan Dewhurst@ethicalhack3r·
Anyone want to help this guy escape from Belarus? 😬 Captured by KEVIntel sensors.
Ryan Dewhurst tweet media
English
26
50
2.1K
263.5K
Ryan Dewhurst retweetledi
KEVIntel
KEVIntel@kev_intel·
🚨 Critical SonicWall SMA1000 flaw exploited in the wild. CVE-2026-15409 is a pre-auth SSRF rated CVSS 10.0. The CVE record is not yet public. Running SMA1000? Patch now: • 12.4.3-03453+ • 12.5.0-02835+ KEVIntel sensors have not observed exploitation so far.
English
1
1
3
1.3K
Ryan Dewhurst retweetledi
KEVIntel
KEVIntel@kev_intel·
Microsoft has patched two vulnerabilities exploited in the wild in July’s Patch Tuesday release: • CVE-2026-56164 • CVE-2026-56155 Both are now tracked in the KEVIntel feed.
English
1
2
3
1.4K
Ryan Dewhurst
Ryan Dewhurst@ethicalhack3r·
@ex_raritas They included an email address. YOLO'ed and sent an email. Let's see if they respond. Interested in true motivation.
English
5
0
170
18.4K