A big part of what I do for PentesterLab is reading CVEs. I spend a lot of time going through them: ...
βοΈ evilsocket / audit β’ π€ Autonomous fuzzing process under LLM supervision β’ π° StubZero: $148,337 RCE in Google Cloud Production
π The React2Shell Story and What Happened Next.js β’ ποΈ Mythos finds a curl vulnerability β’ π€ Claude Code RCE: Exploiting Deeplink Handlers via Settings Injection
π€ AI threats in the wild: The current state of prompt injections on the web β’ πͺ Persistence Atlas: 19 Techniques Nobody Talks About β’ π³ Securing GitHub: Wiz Research uncovers RCE in GitHub.com
π The zero-days are numbered β’ π High-Quality Chaos β’ πͺ‘ Needle in the haystack: LLMs for vulnerability research
π€ Lessons Learned From RITSEC CTF β’ πΌ Fail Open, Game Over: Turning a One-Line Tomcat Fix into Unauthenticated RCE β’ π€ I Let Claude Opus Write a Chrome Exploit
πΎ GDDRHammer and GeForge: GPU Rowhammer Now Achieves Full System Compromise β’ π€ Assessing Claude Mythos Previewβs cybersecurity capabilities
β¨ ImageMagick: From Arbitrary File Read to File Write In Every Policy β’ π§π»βπ» Leveling Up Secure Code Reviews with Claude Code β’ π€ Vulnerability Research Is Cooked
βοΈ Remote Command Execution in Google Cloud with Single Directory Deletion
π€ Testing AI for Vulnerability Research: 4 Approaches & Where I Failed β’ π οΈ Hyoketsu β Solving the Vendor Dependency Problem in RE β’ π§ Sashiko
π IronCurtain: A Personal AI Assistant Built Secure from the Ground Up β’ π₯ mitmproxy for fun and profit: Interception and Analysis of Application Traffic β’ βοΈβπ₯ Authentication Bypass in pac4j
π» Browser-Based Port Scanning in the Age of LNA β’ πͺ 100+ Kernel Bugs in 30 Days β’ βοΈ vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement
𦫠CTFtime.org / justCTF [*] 2020 / Go-fs / Writeup β’ βοΈ Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services β’ π± Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat