Sushobhit Goyal

A good Recon leads you to places you never thought existed. Recently got my hands-on with Session Fixation vulnerability. Wrote something around it ~ do check it out sushobhit.hashnode.dev/session-fixati…

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

@Shreyasian96 karma farming ( if this was reddit )

11.20 pm - Hardik Pandya unfollowed Suryakumar Yadav 11.25 pm - Hardik Pandya unfollowed Tilak Varma 11.30 pm - Hardik Pandya unfollowed Mumbai Indians 12.29 am - Hardik Pandya followed Mumbai and again What's going on guys?

wprise.ai is finally out in the market today!!! 6+ months of building, collective effort @GuptaAnubhav12 @RobRizk2020 visionaries, and here we're finally launching. do consider an upvote: producthunt.com/products/wpris…

okay but why 😭

@nikos1 @composio spent over 2 hours manually testing this, first time with a next.js app zsteg and use your mind freaking CTF lol

Built an IMPOSSIBLE to solve CTF for summer interns. First one to solve this gets skipped to final round of interviews for @composio and gets a special gift. Good luck, your first clue is in the comments.

@nikos1 @composio hi rahul 🐐

@cadmium06 nuke

Picking a pen after 6 years for my first liking and last career option lmao

Linux is absolutely chalked full of bugs like this The open source nature of Linux has not contributed to it being any more secure Any Linux cultist that argues otherwise should be ignored

@achintyyaaaa @Owasp_tiet @Goyal2608 yea 😭 I brute forced every character lol

@sushobhitxd @Owasp_tiet @Goyal2608 Aeyoo fun event man, the harry potter twist was a pain tho

been a while i posted finished this cruxhunt CTF this weekend at 4th. We're maintaing the 3rd position till last round but that prompt injection and image forensics question had us bad. onto the next one ~ @Owasp_tiet

" We can find vulns in almost every OS and browser but this is a controlled release" such a joke

@yadavji_codes @Gamingtronium Okay sir

@Gamingtronium Bcz the websites itself has made the vpn

Interviewer: You use a VPN Why do some websites still detect your real country ?

@Rishi2220 @iclr_conf great bhaiii, keep moving big 💪

full read here 👇 @jayantjoshi0001/the-bug-that-killed-retention-and-never-made-it-to-jira-ae20a22998d6" target="_blank" rel="nofollow noopener">medium.com/@jayantjoshi00… if you've ever shipped something that "worked fine in QA" and quietly killed retention — this one's for you.

@cadmium06 I guess I know who is gonna be that dead horse 😂😭

What's that quote about beating the dead horse Cause I'm gonna beat an alive bitch into a dead horse 🏇🏇

CTF in 2026

where are these so-called Management Heads while planning and conducting ? Oh sorry you're too busy in LEADING FROM FRONT

this year's pwn2own isn't just interesting because there will be lots of entries with AI+human. it is also interesting because a) anthropic burned a ton of tokens on firefox, basically running claude in a loop until it found something for a month, probably exhausting whatever claude can one shot. b) if someone submits full chain without much use of ai, it tells you one shotting plateaus and these models are bit like fuzzers than seasoned security reseachers. c) even if they used an llm to find the bug, this tells us scaffolding/harnesss design, prompting, and the operator matters a lot.