abdelazim (PikaChu)

CVE-2026-4631: Cockpit: Unauthenticated Remote Code Execution via SSH Command-Line Argument Injection exploit and technical analysis github.com/cyberheartmi9/…

101 cybersecurity skills for security agents github.com/yaklang/hack-s…

instead of watching 2 hours of Netflix tonight, watch this 40-minute masterclass from the founder of a $20B China AI company it's the clearest explanation I've seen of how Agent Swarms and AI systems actually work at scale useful whether you've never built an agent in your life or have been using Claude every day for the past year I took the key ideas and turned them into a practical guide on how to actually build with Kimi find it below

1/ From all the recent writeups, I pick a few to read carefully and enjoy while drinking 🧉 and eating chipa, the way I did before with every (yes) Bugtraq post. This week: Qualys ptrace LPE, CVE-2026-46333 — no AI Linux PDF RCE, CVE-2026-46529 — human+AI Both are worth reading:

Do you watch Netflix in your free time? Try hackflix for security conference talks h4ckfl1x.com #cybersecurity #bugbounty

HPLIP: Potential Escalation of Privilege and Arbitrary Code Execution openwall.com/lists/oss-secu… HP Linux Imaging and Printing Software may allow escalation of privileges and/or arbitrary code execution via CVE-2026-8632 command injection or CVE-2026-8631 CVSS 9.3 buffer overflow

Discovery & Validation in the Linux Kernel Three-part article by @sam4k1 about analyzing two vulnerabilities (in CAN sockets and FUSE) and attempting to use local LLMs to rediscover the bugs. Final part: bynar.io/blog/discovery…

Nice write-up! $148,337 RCE in Google Cloud Production. brutecat.com/articles/googl…

CVE-2026-28910: Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps Using Archive Utility: mysk.blog/2026/05/19/cve… #cybersecurity #macOS #vulnerability #cve #exploitation

Black-box detection framework for data-flow transient execution vulnerabilities on real CPUs (S&P '26) d-we.me/papers/trevex_… #infosec

We are entering a new era of on-device automation. ✨ Watch Gemma 4 E4B navigate and drive an iOS simulator directly using Argent. Local models can handle complex interactions and software navigation autonomously.

Claude Code vs Developer 🤣🤣🤣

Rust reverse engineering is about to get a lot easier. 🦀 I'm thrilled to announce that Oxidizer, the first Rust decompiler, has been officially merged into angr! Try it out: github.com/angr/angr You can also find the paper here: github.com/sefcom/oxidize…

Analyzes thousands of Windows kernel drivers using AI agents github.com/416rehman/Deep…

Qwen 3.7-max beats Opus 4.7 and GPT-5.5 We tested three frontier models on a real agentic task: write a Tetris bot that plays the game and trains itself. Each model could read its own code, run benchmarks, and rewrite itself across 10 iterations. Then we compared the final bots head to head. Qwen 3.7-Max: training cost $1.32, bot improvement +56% Claude Opus 4.7: training cost $12.15, bot improvement +28% GPT-5.5: training cost $2.85, bot improvement +7% Qwen won on every dimension - biggest jump, 9× cheaper than Claude, 2× cheaper than GPT. Long agentic loops is where Qwen Max actually delivers.

RCE on the Philips Hue Bridge via a heap overflow in ZCL frame processing, exploited over Zigbee (CVE-2026-3555) (Pwn2Own) synacktiv.com/en/publication… Credits Mehdi Talbi, Matthieu Breuil (@Synacktiv) #infosec

📣Meet Qwen3.7-Max — our latest flagship, made for the Agent Era. A versatile foundation for agents that actually get things done: 🧑‍💻 Coding agent, end to end. Frontend prototypes, multi-file refactors, real debugging — nails it. 🗂️ A reliable office and productivity assistant. Get your work done through MCP integrations and multi-agent orchestration. ⏱️ Long-horizon autonomy. 35 hours straight on a kernel optimization task — 1,000+ tool calls, zero hand-holding. 🔌 Scaffold-agnostic. Claude Code, OpenClaw, Qwen Code, or your own stack. Consistent reliability everywhere. API's up on Alibaba Model Studio. You can also take it for a spin on Qwen Studio. Go build something wild!🏃🏃‍♂️ 📖 Blog: qwen.ai/blog?id=qwen3.7 ✅ Qwen Studio: chat.qwen.ai/?models=qwen3.… ⚡️ API：modelstudio.console.alibabacloud.com/ap-southeast-1…

Offensive security toolkit for Claude Code covering red team, exploit dev, AD attacks, EDR bypass, mobile pentest github.com/hypnguyen1209/…

[webapps] Cockpit 359 - RCE dlvr.it/TSfV16

A Claude Code skill bundle for bug hunting and external red-team work - 51 skills, 15 slash commands, 574+ disclosed-report patterns curated across 24 vulnerability classes, plus enterprise identity + infrastructure attack matrices. github.com/elementalsouls…