Janggggg

There it is! Orange Tsai (@orange_8361) of DEVCORE Research Team was able to exploit Microsoft Exchange! If confirmed, they win a whooping $200,000 and 20 Master of Pwn points. Off to the disclosure room to explain how they did it and seal the deal. #Pwn2Own #P2OBerlin

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-internet-i…

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail…

@pyn3rd Oh gosh… icic, wtf

@testanull “What I’m looking for is a poisoned one — the prefix is ORG, not COM. Just a slight difference :-D

If anyone has downloaded this JAR, please let me know. I’d really appreciate it. mvnrepository.com/artifact/org.f…

@pyn3rd Oh i am still able to download it rn, try this: repo1.maven.org/maven2/com/fas…

@testanull 404😄

We promised we'd be back! Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE. This research fuels the watchTowr Platform, our Preemptive Exposure Management technology. labs.watchtowr.com/buy-a-help-des…

Ever wondered what happens when you pickle a mailbox? 🥒📬 (No, it’s not a recipe, it’s a vulnerability.) Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details starlabs.sg/blog/2026/01-p… Written by @CurseRed & @bestswngs

Oracle E-Business Suite Authentication Bypass & RCE (CVE-2025-61882) vred.mbbank.com.vn/p/oracle-e-bus…

From Zero to SYSTEM: Building PrintSpoofer from Scratch - @bl4ckarch bl4ckarch.github.io/posts/PrintSpo…

testbnull.medium.com/and-then-and-t… My note while trying to reproduce the famous react2shell bug, no WAF bypass and bugbountytips inside, I promise ;) Happy reading!

Oracle Cloud was breached in Jan 2025 through vulns in Oracle Access Manager. @SLCyberSec's Research team found a new pre-auth RCE vulnerability in Oracle Identity Manager (CVE-2025-61757). This is a critical vulnerability and is trivial to exploit. slcyber.io/research-cente…

@bienpnn Getting being sold prove it’s really critical, no trash talk, no fantastic scenario 👍

hot take: maybe instead of reporting vuln and getting cves, security nerds should just sell exploits that way devs won't need to bother with too much reports, only critical one that got exploited would need to be fixed. neat!

We have published our AttackerKB @rapid7 Analysis for the recent GoAnywhere MFT vuln, CVE-2025-10035. It's an access control bypass + unsafe deserialization + an as-yet unknown issue in how an attacker can know a specific private key! attackerkb.com/topics/LbA9ANj…

NEED YOUR HELP! My Friend/Teacher Soroush (@irsdl) Is looking for a new company to join, you know him as the .NET-God, the guy who has popped exchange, sharepoint, has maintained ysoserial_.net for years, contributed to the exploitation scene numerous times, taught all of you about what .net ghost webshells are, taught you about what viewstate exploitation is, how .net remoting exploitation issues can be solved, iis cookieless, web_config exploitation, countless of blogs, talks, techniques,... but companies keep saying: "we aren't hiring right now!" if i was in position of hiring, woudln't wanna miss out on having one of THE BEST in my team you're retweet is Extremely appreciated ❤️‍🔥 soroush, if you see this, don't hate me, had to do it without telling you

@hugow_vincent @steventseeley @mufinnnnnnn Perfect!

@testanull @steventseeley @mufinnnnnnn --build-mode=none can now build a DB without compilation 👌

I made a quick write up discussing techniques to get code execution against Apache Spark SQL: muffsec.com/blog/getting-c…. I'm looking for advice on how to enumerate all the static methods that take a string argument for each JAR on the classpath.

We've added a new demo to NewRemotingTricks that makes deploying a MarshalByRefObject (e.g., WebClient) even easier: System.Lazy<T> creates an instance of T on serialization, which is probably more likely to be allowed than a XAML gadget getting through. github.com/codewhitesec/N…

@steventseeley @mufinnnnnnn github.com/waderwu/extrac… you might wanna try this, it can help building the codeql db for java closed-source lib :)

@mufinnnnnnn Other than that, you can try codeql, not sure if semgrep can do the number of argument filtering. Great blog post mate.