0x00410041

Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.

Part 3 of the Wintermute hardware hacking framework series: exploit.ninja/2026/05/08/win… #AI #cybersec #hacking #hardwarehacking

Reproducing a Double Free RCE in Apache CVE-2026-23918 on the most used software on the internet with one prompt that costs like $0.001 via DeepSeek is scary as hell. Now, anyone with zero knowledge can hack the internet. (Not default installs though. You need mod_http2 enabled.)

Published Part 2 of the winermute hardware hacking framework exploit.ninja/2026/05/07/win… #hacking #pentesting #infosec

Part 1 of the blog series explaining how to use the Wintermute Hardware Attack framework to red team and pentest hardware, including the use of AI and AI agentic programming. #hacking #AI #LLMs #pentest exploit.ninja/2026/05/05/win…

The RF world is insane. Researchers recovered AES-128 keys from a Bluetooth chip by listening to its own antenna from 10 meters away. Crypto-engine switching noise couples into the RF chain, rides the 2.4 GHz carrier, and leaks out as radio.

Zero-day vulnerabilities require our attention! AFL++ remains one of the most powerful fuzzing tools for discovering bugs before the bad guys do. This guide walks through practical exploit development methodology from the ground up: hackers-arise.com/exploit-develo… @three_cube

Car Hacking with GearGoat GearGoat is a car simulator that allows you to work with the CAN bus, which is the internal communication network used by most modern vehicles In the real world, this is equal to connecting a CAN adapter such as CANable or Macchina M2 into the OBD-II port, which is typically located under the dashboard. This port is essentially a gateway into the vehicle’s internal network See it in action on our article: hackers-arise.com/automobile-hac… @three_cube @_aircorridor #cybersecurity

Sega Naomi on DC 000920 has been rescued, and released. cc @CombyLaurent1 @IanMicheal10 @VincentNL_ @arcade_projects archive.org/details/naomi_…

Defines DSP perfectly .. I would tag him but he blocked me when i called him out for asking for 2,000USD to reveal his cat.

We recently achieved guest-to-host escape by exploiting a QEMU 0day. We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive. Writeup coming next week.

Introduction to Windows Kernel Exploitation for Beginners Part 1: mdanilor.github.io/posts/hevd-0/ Part 2: mdanilor.github.io/posts/hevd-1/ Part 3: mdanilor.github.io/posts/hevd-2/ Part 4: mdanilor.github.io/posts/hevd-3/ Part 5: mdanilor.github.io/posts/hevd-4/ #windows #infosec #kernal

For some reason RAGs are not shared much, this is another pet project: github.com/nahualito/RAGs You can load in wintermute or by yourself to help specialize your agents! #hack #hacking #CyberSecurity

I just released some free exploit development CTFs based on real world CVEs. They include hints, walkthroughs and working exploits if you get stuck. zeropath.com/blog/zeropath-…

@_Grrn_4c3_ @kmcnam1 OH ohhh poor soul ... you about to enter some weird realms of an absolute beast of programming while being just .. out there ... LOL

@kmcnam1 I am lost. What is TempleOS and why is that drape arranged into the letter M on that cross???

@Tokenfedup This way, if you are doing a hardware bit you can priotize based on firmware, if you are doing a full red team you can priotize based on your objective. I let the user set priority to allow for full flexibility. :D (2/2)

@Tokenfedup I have the Chat and ChatToolsets to allow enrichment and processing, since is mostly a library setup I'm allowing priotization to be executed by the agent. So you could set priority based on a RAG or your own setup (1/2)

Just released Wintermute, a hardware offensive framework with red team ops tracking, AI integration, Hardware attacks, ticketing, reporting, etc. and a full MCP server. If you try let me know what you think: github.com/nahualito/wint… #hack #hacking #CyberSecurity #CyberSec

Oh this brings back memories ... I remember the DCCs .. the leaks .. oh yeah .. wow .. long time long time ... I wonder how scut is doing nowadays.

🤣