A big part of what I do for PentesterLab is reading CVEs. I spend a lot of time going through them: ...
βοΈ evilsocket / audit β’ π€ Autonomous fuzzing process under LLM supervision β’ π° StubZero: $148,337 RCE in Google Cloud Production
π The React2Shell Story and What Happened Next.js β’ ποΈ Mythos finds a curl vulnerability β’ π€ Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection
π€ AI threats in the wild: The current state of prompt injections on the web β’ πͺ Persistence Atlas: 19 Techniques Nobody Talks About β’ π³ Securing GitHub: Wiz Research uncovers RCE in GitHub.com
π The zero-days are numbered β’ π High-Quality Chaos β’ πͺ‘ Needle in the haystack: LLMs for vulnerability research
Back when I worked in appsec, I wrote the same tool twice for two different companies. Both times it was a ...
π€ Lessons Learned From RITSEC CTF β’ πΌ Fail Open, Game Over: Turning a One-Line Tomcat Fix into Unauthenticated RCE β’ π€ I Let Claude Opus Write a Chrome Exploit
πΎ GDDRHammer and GeForge: GPU Rowhammer Now Achieves Full System Compromise β’ π€ Assessing Claude Mythos Previewβs cybersecurity capabilities
β¨ ImageMagick: From Arbitrary File Read to File Write In Every Policy β’ π§π»βπ» Leveling Up Secure Code Reviews with Claude Code β’ π€ Vulnerability Research Is Cooked
Everyone is panicking about AI-generated zero days. They should be paying attention to the other side of the equation. Anthropic recently ...
βοΈ Remote Command Execution in Google Cloud with Single Directory Deletion
π€ Testing AI for Vulnerability Research: 4 Approaches & Where I Failed β’ π οΈ Hyoketsu β Solving the Vendor Dependency Problem in RE β’ π§ Sashiko
As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...