Nad (@nadsec.online) — bluesky.baby

A ridiculously deep dive into the Coruna Exploits - Risky Business Media Join James Wilson in this solo podcast as he takes a (ridiculously) deep dive into the Coruna exploit kit. James was a software engineer a [Read More]

Yall are gonna wanna listen to this one:

risky.biz/RBFEATURES5/

12.03.2026 01:25 👍 1 🔁 1 💬 0 📌 0

curl - use after free in SMB connection reuse - CVE-2026-3805

Found this bug on the weekend :)
curl.se/docs/CVE-202...

Curl is cool. For the love of the game..

11.03.2026 08:10 👍 2 🔁 0 💬 0 📌 0

Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit | NadSec Deep-dive into Coruna - a nation-state iOS exploit kit reverse-engineered from obfuscated JavaScript. WebKit RCE, PAC bypass, JIT cage escape.

Kernel Analysis now available for Coruna malware
Blog post and full technical analysis of the whole chain also updated significantly.
-Corrections made
www.nadsec.online/blog/coruna
www.nadsec.online/blog/coruna-...
github.com/Rat5ak/CORUN...
www.nadsec.online/blog/coruna-...

09.03.2026 11:55 👍 0 🔁 0 💬 0 📌 0

TIACS - The Home of Blue Collar Counselling TIACS is the home of blue-collar counselling, providing free and confidential mental health support for tradies, truckies, farmers, apprentices and their loved ones, Australia wide.

Normalise giving a percentage of your bug bounties to charity.

tiacs.org comes to mind. Shout out to blue color workers. Farmers n truck drivers n stuff.

09.03.2026 03:13 👍 2 🔁 1 💬 0 📌 0

The vuln disclosures lately… straight sagacious.

09.03.2026 00:57 👍 0 🔁 0 💬 0 📌 0

Sounds correct. Hacked the company, stole the coins (prolly thinking “this bs thing Claude wrote won’t work”). Contacted company who then hired someone else to help move the funds back but let the hacker keep 320k or w/e it was.

08.03.2026 09:48 👍 0 🔁 0 💬 0 📌 0

Also I imagine if anyone wants to know what’s going on in any active war zones. There would hundreds of thousands of different angles/views you could watch from. No need to be on twitter posting bs when you can just and look.

07.03.2026 01:41 👍 1 🔁 0 💬 0 📌 0

These days you can just hack the 4K camera in the corner of the room. See all the screens from that.

07.03.2026 01:40 👍 1 🔁 0 💬 1 📌 0

The problem is likely so much worse than you may actually realise at a glance.

06.03.2026 22:22 👍 0 🔁 0 💬 0 📌 0

Yup 😭😭 I tried to tell them. Microsoft don’t care.

06.03.2026 22:22 👍 0 🔁 0 💬 1 📌 0

Also other blog posts omit a lot of detail.. the technical analysis covers everything Google does not.
Mandiant are noobs.

06.03.2026 22:01 👍 0 🔁 0 💬 0 📌 0

Nadsec don’t fuck around 🫡

06.03.2026 21:59 👍 1 🔁 0 💬 0 📌 0

GitHub - Rat5ak/CORUNA_TECHNICAL_ANALYSIS: A Complete Technical Teardown of a State-Grade iOS/macOS Watering-Hole Exploit Chain A Complete Technical Teardown of a State-Grade iOS/macOS Watering-Hole Exploit Chain - Rat5ak/CORUNA_TECHNICAL_ANALYSIS

github.com/Rat5ak/CORUN...

-originally dumped yesterday by - github.com/matteyeux/co...

06.03.2026 08:32 👍 1 🔁 0 💬 0 📌 0

Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit | NadSec Deep-dive into Coruna - a nation-state iOS exploit kit reverse-engineered from obfuscated JavaScript. WebKit RCE, PAC bypass, JIT cage escape.

Reverse-engineered Coruna - a nation-state iOS exploit kit - from raw JavaScript. 28 modules + MUCH MORE!
www.nadsec.online/blog/coruna
www.nadsec.online/blog/coruna-...
(technical analysis more interesting, read coruna blog post first, technical analysis looks better on github, link on-site)

06.03.2026 08:20 👍 4 🔁 3 💬 1 📌 3

Finna drop this whole exploit chain for iOS and Mac.

05.03.2026 22:15 👍 0 🔁 0 💬 0 📌 0

7 years in prison. That’s all you get apparently..

05.03.2026 12:46 👍 0 🔁 0 💬 0 📌 0

مصرف سوريا المركزي on X: "SYRIAN GOV HACKED https://t.co/mDP91CGMNi" / X SYRIAN GOV HACKED https://t.co/mDP91CGMNi

x.com/sycbgov/stat...

02.03.2026 11:01 👍 0 🔁 0 💬 0 📌 0

Syrian Gov Hacked:
Live RN

x.com/sycbgov/stat...

02.03.2026 11:01 👍 0 🔁 0 💬 1 📌 0

dev on X: "THIS GUY LITERALLY RECREATED A GOD’S-EYE 4D REPLAY OF OPERATION EPIC FURY. > AI swarm captured live OSINT to build a 4D reconstruction of the Iran strikes. > minute-by-minute 3D replay of the strikes > airspace cleared and strike coordinates locked over Tehran > GPS https://t.co/E65ux7DbfX" / X THIS GUY LITERALLY RECREATED A GOD’S-EYE 4D REPLAY OF OPERATION EPIC FURY. > AI swarm captured live OSINT to build a 4D reconstruction of the Iran strikes. > minute-by-minute 3D replay of the strikes > airspace cleared and strike coordinates locked over Tehran > GPS https://t.co/E65ux7DbfX

Damn, Claude got kill-cam.

2026 is messed tf up. We got claude-cam before GTA6.
Not a hoverboard in sight.

x.com/i/status/202...

02.03.2026 09:17 👍 0 🔁 0 💬 0 📌 0

onaroll

28.02.2026 10:01 👍 0 🔁 0 💬 0 📌 0

Just remember it is illegal to setup an automated hacking bot using ai agents and unleash it upon the internet with the ability to scrape more api keys for fuel as it goes.
That’s totally not cool to do. No one try it.

27.02.2026 10:53 👍 1 🔁 0 💬 0 📌 0

I shouldn’t have made assumptions

26.02.2026 07:22 👍 0 🔁 0 💬 0 📌 0

Sorry! I thought they was joking. This is my bad. Also how the fuck is it still here.

26.02.2026 07:21 👍 1 🔁 0 💬 0 📌 0

The kids now days have it easy.
Back in my day, we had to manually prompt an LLM and generate code in small blocks and then work out how those blocks may or may not go together through raw determination and hard prompting, we didn’t have no damn agents doin all the work for us!

26.02.2026 07:19 👍 0 🔁 0 💬 0 📌 0

I just ordered a frame!

24.02.2026 05:56 👍 0 🔁 0 💬 0 📌 0

Claude, ready my discombobulator!

We’re going in..

24.02.2026 05:41 👍 0 🔁 0 💬 0 📌 0

I have the featured turn on. Can confirm it just rewrites my text messages but worse for notifications

22.02.2026 21:27 👍 0 🔁 0 💬 0 📌 0

I dno what this is but feel free to leave it in space.

21.02.2026 11:22 👍 0 🔁 0 💬 0 📌 0

Wow that looks shit.

21.02.2026 11:19 👍 3 🔁 0 💬 0 📌 0

I don’t NEED a cigarette. I WANT one.

20.02.2026 23:52 👍 0 🔁 0 💬 0 📌 0

Nad

Latest posts by Nad @nadsec.online