Sick.Codes

Playing Doom on a John Deere tractor display (jailbroken/rooted) at @defcon

Claude helped me with this bug too but in a different way... Tried to gaslight me saying it wasn’t ~exploitable in practice~ and I got obsessed with proving it wrong 😩

THE MAYOR WAS A CHINESE SPY

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

I was hoping to compete in Pwn2Own with a Firefox full-chain entry, but unfortunately it was rejected. I’ve reported the vulnerability to the Mozilla team.

Apple accidentally left Claude.md files in today's Apple Support app update (v5.13)

yeah you wrote it dumbass

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max. it then found 21 high/critical vulnerabilities in Chrome.

🚨BREAKING: SUPER MICRO CO-FOUNDER ARRESTED FOR SMUGGLING $2.5B IN NVIDIA GPUs TO CHINA >SMCI co-founder Yih-Shyan "Wally" Liaw arrested today >personally holds $464 MILLION in SMCI stock >charged with smuggling BILLIONS in Nvidia servers to china >used a southeast asian shell company to funnel $2.5B in servers to chinese buyers >$510 million worth shipped in just THREE WEEKS in spring 2025 >built thousands of fake dummy servers to fool U.S compliance auditors >caught on surveillance camera using a HAIR DRYER to swap serial number stickers >coordinated the whole thing over encrypted group chats >SMCI down 12% after hours >faces up to 30 years in federal prison ITS SO OVER…

oh my god

Last year, a human trafficking victim trapped in a crypto scam compound in the Golden Triangle region of Laos contacted me. He proceeded to leak a huge trove of the compound's internal materials. Then he had to get out alive. This is his story. 🧵👇 wired.com/story/he-leake…

May I present to you; a full copy of doom, running inside of a Rollercoaster Tycoon 1 save game exploit ✨ Thanks for everyone that came to check out our @DistrictCon Junkyard talk! We had a lot of fun putting it together. (check the thread for slides / exploit)

So Sony just sold the majority of its TV business to TCL. Truly the end of an era. I don’t think younger generations today (can) understand what it meant to walk into someone’s house and see a Sony TV.

I just found this in my son’s room is he doing drugs?

@octal Where I live, outside is hot, but I also try to keep CO2 <1000-1500ppm at night. Gotta sacrifice the perfect temperature for good air flow sometimes. Or at least get CO2 down to 500 by opening everything up before you’re ready to sleep.

My current struggle: hotel room feels stuffy and co2 >1000 with just me in it. Running fan or heating/cooling hvac at any temperature doesn’t help. Opening the 200yo massive windows helps a lot, but outdoor temp is 0 degrees C, a bit nippy. This man is mocking me.

AI-powered pre-workout powder…

Biggest web scraping company in the world is suing a web scraping company for web scraping its content obtained through web scraping.

i have never failed a phishing test because i always raise a ticket directly with the cyber team pointing out that an email signed + passing DMARC & SPF from our domain AND bot addy with 0 mailtrace results means that the attacker already pwnd our exchange server n its too late

@mrkspflr I saw it, just updated to 26.1 😆

found the redhat exec