Rakan Alotaibi - (hx)

⚡️0-Day Alert: Google Chrome RCE + EoP in the wild • CVE-2026-3910: v8 Maglev JIT incorrect write barrier elimination for Smi representation in Phi edge cases => UaF or memory corruption Impact: remote ACE in renderer via JavaScript code. Same structural pattern invariant as seen in a recent WebKit jsc bug. • CVE-2026-3909: Skia glyph cache key collision to out-of-bounds write in GPU process Impact: at least a partial (full on some platforms) Sandbox Escape primitive. Potentially reachable remotely via renderer media formats. In the specific exploit it was likely pushed directly to IPC from a compromised renderer via CVE-2026-3910. Both bugs patched since Chrome 146.0.7680.80 for Windows/Mac and 146.0.7680.80 for Linux

So excited! I try to finish the escape of qemu 0day with LLMs, and all exploit codes are 100% generated by LLMs. At the same time, LLMs can generated some new ideas for exploit, and inspired me to discover new vulnerability patterns and exploit techniques.

🔓 CVE-2025-33073: Any domain user → SYSTEM → DC TGT → domain compromise. No admin needed. SMB signing on DCs won’t save you. praetorian.com/blog/cve-2025-… #theguardplatform #offensivesecurity

Stop asking LLMs to “find vulns.” Start using them to understand code. @Sw4mp_f0x walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes. Check it out: ghst.ly/4rA3uJd

Introducing Cobalt Strike Research Labs! This new offering provides cutting edge tradecraft to get new capabilities into your workflows faster. Exclusively available in our Adversary Emulation Suites. Read the announcement: cobaltstrike.com/blog/introduci…

Added initial SOCKS support to CrystalC2. Keeping modularity in mind, the 'extension' needs to be enabled when building a payload. It's the CrystalC2 client that acts as the SOCKS server (rather than the C2 server), so just point tools at localhost and away you go.

The recording of my first Binary Cartography webinar is now public: Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis Topics: keygenning, cracking & anti-tamper removal Recording: youtube.com/watch?v=DZcDaX… Slides/code/samples: github.com/mrphrazer/bina…

We analyzed the Coruna exploit kit and found intriguing code overlaps with Operation Triangulation. Full analysis on our blog: link below.

👀👀👀 zerodayinitiative.com/advisories/upc…

Something BIG joins HTB Academy on April 2nd 😱 We are launching our most anticipated AI certification yet as part of the Silver Annual subscription. The name is currently [Redacted].  What do you think the name of the AI red teaming certification will be? Take a guess in the comments below 👇  #HackTheBox #HTB #Cybersecurity #AI #AIRedTeaming #InformationSecurity

LeakBase admin "Chucky" was arrested. For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies. LeakBase audience was primarily Eastern European. Despite the wide spread identify theft, credit card fraud, extortion, initial access brokering, and money laundering that "Chucky" enabled, he was a nice guy. I used to send silly pictures of kitty cats to him.

An automated N-day research pipeline at PwnFuzz. Ghidra + Ollama + n8n →Diffs Patch Tuesday binaries → LLM analyzes the output → Structured vuln reports, monthly AI-generated reports gets you oriented fast! Blog: ghostbyt3.github.io/blog/nday-rese… Repo: github.com/ghostbyt3/nday…

The article shows a proof-of-concept where DOOM is stored across ~2,000 DNS TXT records and executed directly from memory. A PowerShell loader reconstructs the binary via DNS queries, illustrating how DNS can act as a covert payload delivery system. core-jmp.org/2026/03/can-it…

@cplearns2h4ck lol

pwn2own❌ ai2own✅

vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max. it then found 21 high/critical vulnerabilities in Chrome.

RegPhantom a signed Windows kernel rootkit that turns the registry into a covert execution channel. Gives the ability to an unprivileged usermode to reflectively load an arbitrary PE into kernel memory, invisible to PsLoadedModuleList and standard driver enumeration tools. The implant includes several stealth techniques: - Post-execution memory wipe - XOR-encoded hook pointers in-memory obfuscation - Valid code-signing certificates - CFG obfuscation with opaque predicates - 28+ samples tracked (June–August 2025), signed with certificates from two Chinese companies. We're releasing: - Full technical writeup - Extensive deobfuscation scripts - YARA detection rule Full analysis: nextron-systems.com/2026/03/20/reg… #MalwareAnalysis #Rootkit #ThreatIntel #DFIR #Windows #KernelDriver

APT confirmation used to take hours. Now it takes 4 minutes. Attack Discovery correlates alerts into a single narrative. A workflow triggers the agent. The agent: • Looks up the hash on VirusTotal • Runs ES|QL queries across your logs • Finds the on-call analyst • Creates a case • Opens a Slack incident channel All before you read the threat intel report.

~150 S3 abandoned buckets. 8M+ requests. Two months. Software updates, binaries, VMs and more. This week, AWS rolled out namespaces for new S3 buckets - finally. This is why offensive security research is so important - to move the needle. labs.watchtowr.com/8-million-requ…

Threat Actors are "Bringing Their Own Forensics" In a recent ClickFix campaign, we saw threat actors likely related to Interlock Ransomware, running Volatility (vol.py) directly on victim machines. Commonly a tool for defenders, the TAs are using it to:

What's new is old, and what's old is new - as is relentlessly proven. Join us in our analysis of CVE-2026-32746, the recent pre-auth RCE in inteutils' Telnetd Speak soon. labs.watchtowr.com/a-32-year-old-…