Hacking Space 📡

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw Vulnerability detection script available here: github.com/rxerium/rxeriu… Patches are available as per Citrix's advisory: support.citrix.com/support-home/k…

CVE-2026-32746 An unpatched flaw in telnetd allows attackers to gain full system access with zero credentials. A single connection to port 23 is enough Triggering memory corruption and executing code as root. No patch available yet. #Telnet #Vulnerability #Linux

vibecoder threat actors, threat actors who end up hacking themselves, and many more undiscovered stealers along with their logs… I’ve started writing my blog post..

New OSINT tool dropped. DeadDrop lets you search 175M+ Telegram posts across 2M+ channels with data indexed up to 2026-03-09 (free tier available). A powerful resource for researchers, journalists, and investigators. deaddrop.theosintconsultants.com

Just discovered GitNexus. a zero-server code intelligence engine that turns any GitHub repo into an interactive knowledge graph with AI chat, all running locally in your browser. github.com/abhigyanpatwar… #ai #github #opensource

❗️ Great OSINT investigation by @KeyserSoze1337 into ransomware group operator Rey, aka Saif Khader. Who is known to be associated with Hellcat and ShinyHunters. His first breach? Age 11. Running two phishing GoDaddy cPanel servers? Age 14. justpaste.it/reyboom

Turkey 🇹🇷 - Baydöner has allegedly suffered a massive data breach exposing 3.7 million records, including customer names, contact info, 622K plaintext passwords, and 42K national IDs. dailydarkweb.net/baydoner-data-…

@co11ateral @three_cube @_aircorridor a great way to collect WhatsApp numbers. :)

For those of you interested in OSINT, here is another tool for WhatsApp hackers-arise.com/open-source-in… @three_cube @_aircorridor #osint #privacy

Live crude prices. Real-time satellite fire detection. Every military base mapped. The oil chokepoint that controls the global economy. iran-hormuz-oil.vercel.app #OSINT #Iran

1.8M exposed Google API keys on GitHub /AIza[0-9A-Za-z_-]{35}/. • Firebase: 43% • Google Maps: 38% • Translate: 19% • YouTube: 14% • Gemini AI: 7% (fastest growing) Biggest leaks: google-services.json, Flutter projects, and 57K exposed .env files. #InfoSec #leaks

Amazing OSINT dashboard tracking the US–Iran conflict in real time/multi-source signals. #Iran #Israel #US #Osint

The Pentagon has classified the company as a national security supply chain risk, giving federal agencies six months to remove its technology. Anthropic argues the decision is legally flawed and applies only to Defense Department contracts. #Anthropic #Security

Claude Code RCE Vulnerability PoC github.com/atiilla/CVE-20… #poc #vulnerability #Claude

A news set to shape the cybersecurity industry #Security #CodeReview #Vulnerability

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies thehackernews.com/2026/02/resear… #ArtificialIntelligence #Malware

Update Chrome now: Zero-day bug allows code execution via malicious webpages malwarebytes.com/blog/news/2026… #infosec #vulnerability

CVE-2026-2006 PostgreSQL missing validation of multibyte character length executes arbitrary code Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. The PostgreSQL project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. cvefeed.io/vuln/detail/CV…

State sponsored suppy chain attack. notepad-plus-plus.org/news/hijacked-…

Did you know vulnerable Bluetooth devices can expose your location or even what you hear? Check if your device is at risk: 👉 whisperpair.eu/vulnerable-dev… Seytonic's detailed explanation: youtube.com/watch?v=Ux07J-… #bluetooth #hijack #vulnerability

Ollama now supports Anthropic API compatibility. This means tools like Claude Code can run on open-source models. No Claude subscription needed. If your hardware is strong enough, Ollama gives you these features for free. 🔥 #Ollama #OpenSource #LLM #Claude