Ivan Fratric shares some tips and tricks for grammar fuzzing

projectzero.google/2026/03/muta...

MuddyWater Exposed: Inside an Iranian APT operation MuddyWater espionage campaign exposed

The Ctrl-Alt-Intel team has dumped the content of misconfigured command and control servers linked to the MuddyWater Iranian APT, aka Static Kitten, Mango Sandstorm, Earth Vetala, Seedworm, and TA450

ctrlaltintel.com/threat%20res...

phrack.org/issues/68/2#...
Another legend has crossed over. Thank you @fxv2.bsky.social for being your kind, brilliant self, whose contributions are too many to name, not just in hacking, but in being a superconnector who I now know is responsible for so many friendships & marriages. You are missed.

proof-of-concept/cve-2025-36632 at main · atredispartners/proof-of-concept Proof of concepts and other snippets. Contribute to atredispartners/proof-of-concept development by creating an account on GitHub.

On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here github.com/atredispartn...

In the final part of his blog series, @tiraniddo.dev tells the story of how a bug was introduced into a Windows API.

Code re-writes can improve security, but it’s important not to forget the security properties the code needs to enforce in the process.

projectzero.google/2026/02/gphf...

WOOT '26 Call for Papers The 20th USENIX WOOT Conference on Offensive Technologies (WOOT '26) will take place at the Baltimore Marriott Waterfront in Baltimore, MD, USA, on August 10–11, 2026. The USENIX WOOT Conference aims ...

The Cycle 2 deadline for the USENIX WOOT Conference is in just one week (March 3, 2026).

Full details are available in the Call for Papers:
www.usenix.org/conference/w...

[RSS] Discovery & Analysis of CVE-2025-29969


www.safebreach.com ->

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)


Original->

Guess what's out :)

We have disclosed CVE-2026-2329, a critical unauth stack-based buffer overflow vuln affecting the Grandstream GXP1600 series of VoIP phones. Read our disclosure on the @rapid7.com blog, including technical details for unauth RCE, and accompanying @metasploit-r7.bsky.social modules: r-7.co/4tIzope

UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | Google Cloud Blog UNC6201 utilizes a newly discovered zero-day in Dell RecoverPoint for Virtual Machines to deliver BRICKSTORM and subsequently backdoors.

A suspected Chinese APT, UNC6201, is exploiting a zero-day in Dell RecoverPoint for Virtual Machines

cloud.google.com/blog/topics/...

Three-part series Binarly on Supermicro BMC firmware authentication bypasses

Part 1: www.binarly.io/blog/ghost-i...
Part 2: www.binarly.io/blog/broken-...
Part 3: www.binarly.io/blog/have-yo...

#infosec

[RSS] IDA Pro 9.3 released


docs.hex-rays.com ->


Original->

Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far A PoC for CVE-2026-1731 hit GitHub on Feb 10. Within 24 hours, GreyNoise observed reconnaissance probing for vulnerable BeyondTrust instances.

It took less than a day. A PoC for BeyondTrust CVE-2026-1731 hit GitHub, and GreyNoise immediately started seeing reconnaissance from multi-exploit actors hiding behind VPNs + custom tooling. See what our data reveals about who’s mapping targets + how.

The February 2026 security updates are available:

CVE-2026-1731 | AttackerKB On February 6, 2026, BeyondTrust published an advisory for a new critical command injection vulnerability, CVE-2026-1731, affecting their products Remote Suppo…

We just published our @rapid7.com analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: attackerkb.com/topics/jNMBc...

Atredis identified a vulnerability in the way Rapid7's Nexpose was generating passwords to protect its Java KeyStore which is used to encrypt saved credentials. This vulnerability was reported to Rapid7 and a patch is being rolled out today! Check out the details here: github.com/atredispartn...

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work This is what it actually took. From the person who architected and drove Chrome’s Flash deprecation from proposal to the final removal in…

The remarkable true story of how Flash was deprecated

medium.com/@aglaforge/w...

AMD updates installed without signature checking (from an HTTP link, no less)? /via @drwhax


mrbruh.com ->

Recent report about a nation-state implant that would be useful to exploit this:


blog.talosintelligence.com ->


Original->

Zero Day Initiative — CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arist...

CVE-2025-6978: Arbitrary Code Execution in the #Arista NG Firewall - our researchers took a deep dive into this recently patched RCE to provide root cause and detection guidance. Read all the details at www.zerodayinitiative.com/blog/2026/2/...

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom.

Some IOCs for the Notepad++ backdoors from Rapid7, they're good. www.rapid7.com/blog/post/tr...

I will drop more later.

Registration is open to all RECon classes!

As usual, I’ll be teaching Windows Internals. This is the only time this year that the class is offered in North America 😊

And if windows isn’t your thing, there are lots of other great classes!

recon.cx/2026/en/trai...

Our intrepid 20%-er Dillon Franke exploited a vulnerability in CoreAudio. See his process for gaining privilege escalation on a Mac:

projectzero.google/2026/01/soun...

@steven.srcincite.io did some cool stuff, check it out!

srcincite.io/blog/2026/01...

Hadn't realised that the third party review of Twitter's chat protocol had been published and wow github.com/trailofbits/...

General Graboids: Worms and Remote Code Execution in Command & Conquer — Atredis Partners [this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We…

Command & Conquer'd: worming RCEs through a classic multiplayer game. Check out the full writeup from our @districtcon.bsky.social Junkyard submission here:
www.atredis.com/blog/2026/1/...
By @droner.bsky.social and @jordan9001.bsky.social

#Security #modding #rce

New blog post is live! Xusheng tears apart a tiny Linux binary that really does not want to be reversed. Malformed ELF headers, segment tricks, layered XOR and RC4, plus a bunch of Binary Ninja tricks along the way. Read it here: binary.ninja/2026/01/23/r...

[RSS] Districton 1 Slides - Control the Variables and You Control the Code: Language-Level Vulnerabilities in Adobe ColdFusion


www.hoyahaxa.com ->


Original->

Demystifying CVE-2025-47987 [Heap-based buffer overflow in Windows Cred SSProvider Protocol LPE]


kryptoenix.github.io ->


Original->

CODE WHITE | Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides...

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01...

New Cisco zero-day, CVE-2026-20045

sec.cloudapps.cisco.com/security/cen...