2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Meme of the Day😌
Hackers don’t always break systems.
Sometimes they just find the smallest weakness.
Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim
https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
FunboxEasyEnum | Proving Grounds | OSCP Preparation: SilentExploit/funboxeasyenum-proving-grounds-oscp-preparation-8c4ac72afc87?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@SilentExploit/funboxeasyenum-proving-grounds-oscp-preparation-8c4ac72afc87?source=rss------bug_bounty-5
Читать полностью…
Open Redirect: The underestimated vulnerability that turns your trusted relationships into traps: hackustheinforman/open-redirect-the-underestimated-vulnerability-that-turns-your-trusted-relationships-into-traps-215d70d69d42?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@hackustheinforman/open-redirect-the-underestimated-vulnerability-that-turns-your-trusted-relationships-into-traps-215d70d69d42?source=rss------bug_bounty-5
Читать полностью…
#MLSecOps
#Tech_book
"Generative AI with LangChain:
Build production-ready LLM applications and advanced agents using Python, LangChain, and LangGraph",
2nd Edition, 2025.
]-> Code repository
// Go beyond foundational LangChain documentation with detailed coverage of LangGraph interfaces, design patterns for building AI agents, and scalable architectures used in production - ideal for Python developers building GenAI applications
#tools
#Kernel_Security
"Automatic Detection of Reference Counting Bugs in Linux Kernel Drivers", May 2026.
// Reference counting bugs in Linux kernel drivers can lead to severe resource mismanagement and security vulnerabilities. DrvHorn - automated tool to detect these bugs by reducing reference counting verification to an assertion checking problem leveraging the Linux driver interface
Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules:
1. Depending on the model and context window, a threat actor maxing out API calls could generate thousands of dollars in charges per day on a single victim account.
2. To understand the scale of this issue, we scanned the November 2025 Common Crawl dataset, a massive (~700 TiB) archive of publicly scraped webpages containing HTML, JavaScript, and CSS from across the internet.
3. To understand the scale of this issue, we scanned the November 2025 Common Crawl dataset, a massive (~700 TiB) archive of publicly scraped webpages containing HTML, JavaScript, and CSS from across the internet.
#exploit
#Mobile_security
#Kernel_Security
A 0-click exploit chain for the Pixel 10:
When a Door Closes, a Window Opens..
https://projectzero.google/2026/05/pixel-10-exploit.html
// Researchers developed a new exploit chain for Pixel 10, updating previous vulns found in Pixel 9, including Dolby and VPU driver issues. Dolby exploit was adapted for Pixel 10, but LPE link was replaced due to hardware driver differences, leading to the discovery of a critical VPU vulnerability
#Whitepaper
"Applying CIS Controls to AI Workflows", Apr. 2026.
// This research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program
#exploit
#AppSec
1⃣ Checkmarx Jenkins AST plugin compromise
https://checkmarx.com/blog/ongoing-security-updates
2⃣ RCE vulnerabilities in AI agent frameworks
https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks
3⃣ XBOW - Dead.Letter (CVE-2026-45185):
How XBOW found an unauthenticated RCE on Exim https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
4⃣ Claude Code RCE:
Exploiting Deeplink Handlers via Settings Injection
https://0day.click/recipe/2026-05-12-cc-rce
2FA Bypass
https://github.com/0xmaximus/Galaxy-Bugbounty-Checklist/tree/main/2FA%20bypass
🗂 20 free MIT courses — the entire Computer Science base in one place
#MIT has made courses in key CS areas publicly available. #Python, #algorithms, #ML, neural networks, #OS, #databases, #mathematics — all can be completed for free directly on #YouTube.
▶️ Introduction to Python Programming
▶️ Data Structures and Algorithms
▶️ Mathematics for Computer Science
▶️ Machine Learning
▶️ Deep Learning
▶️ Artificial Intelligence
▶️ Machine Learning in Healthcare
▶️ Database Management Systems
▶️ Operating Systems
▶️ One-Variable Calculus
▶️ Many-Variable Calculus
▶️ Introduction to Probability Theory
▶️ Statistics
▶️ Probability Theory and Statistics
▶️ Linear Algebra
▶️ Matrix Calculus for Machine Learning
▶️ Java Programming
▶️ Design and Analysis of Algorithms
▶️ Advanced Data Structures
▶️ Introduction to Computational Thinking
#reversing
HyperVenom:
Using Hyper-V for Ring-1 Control from Usermode
https://gsmll.github.io/hypervenom/writeup
// HyperVenom demonstrates how a lightweight, symbiotic payload can bypass Ring 0 visibility without causing timing or performance issues that would be picked up by telemetry
#tools
#RAG_Security
"LeakDojo: Decoding the Leakage Threats of RAG Systems", May 2026.
// LeakDojo - configurable framework for controlled evaluation of RAG leakage
RCE in VSCode Copilot Chat
https://www.hacktron.ai/blog/rce-in-vscode-copilot
Bug Bounty Economics in Web3: zbraiterman_92912/bug-bounty-economics-in-web3-8d74a0ceab63?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@zbraiterman_92912/bug-bounty-economics-in-web3-8d74a0ceab63?source=rss------bug_bounty-5
Читать полностью…
#Tech_book
#Cyber_Education
"SOC Analyst Career Guide
Become highly skilled in security tools, tactics, and techniques to jumpstart your SOC analyst career", 2025.
// This book focuses on breaking into cybersecurity the right way, through grit, curiosity, and practical execution. Being a SOC analyst is not glamorous. It involves long hours, messy data, and living on the edge of someone else’s breach. Yet for those who thrive on chaos, who find purpose in connecting dots that others overlook, and who take satisfaction in stopping threats before anyone else even notices, this is where you belong
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 09-16, 2026)
1⃣ EntryPoint Hijacking
// The technique introduces a stealthy approach to code injection, as it doesn't rely on API calls that create a new thread within the process context, and it is independent of the attack chain
2⃣ RCE in VSCode Copilot Chat
// A TOCTOU flaw in VSCode Copilot Chat agent
3⃣ Simple bypass of the link preview function in Outlook Junk folder
4⃣ QEMUtiny - memory corruption vulnerability in QEMU's implementation of CXL Type-3 device emulation
5⃣ NGINX CVE-2026-42945 Vulnerability
// The vulnerability lives in ngx_http_rewrite_module, which is part of every standard NGINX build...
6⃣ AMD EPYC CPU OP Cache Corruption
// The issue remains unfixed in AMD EPYC 7002 series processors...
7⃣ Critical vulnerability in the Linux pidfd subsystem
// CVE-2026-46333
8⃣ Vulnerabilities in dnsmasq allow DNS Cache Poisoning and Root Code Execution
// CVE-2026-4892, CVE-2026-2291, CVE-2026-4893, CVE-2026-4891, CVE-2026-4890, CVE-2026-5172
9⃣ π RuView - WiFi sensing platform that turns radio signals into spatial intelligence
]-> Analytical review (May 02-09, 2026)
We audited 1,620 OpenClaw skills. The ecosystem's safety scanner labels 91% of confirmed threats "benign." [full reports linked]
https://oathe.ai/engineering/we-audited-1620-ai-agent-skills:
1. OpenClaw 2026.2.23 shipped security updates: HTTP headers, symlink escape rejection, XSS sanitization in image galleries, API key redaction in OTEL logs.
2. A pure instruction-layer attack that overwrites your agent’s identity with an AI “girlfriend” persona — anti-transparency rules, anti-jailbreak defenses, emotional manipulation mechanics.
3. This reflects both the prevalence of credential-targeting behavior and a known tendency of the LLM grader to flag legitimate credential configuration (API key requirements, OAuth token handling) as potential harvesting.
#tools
#Fuzzing
"PickleFuzzer: A Case Study in Fuzzing for Discrepancies Between Python Pickle Implementations", May 2026.
]-> https://github.com/Legoclones/PickleFuzzer
// Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. PickleFuzzer - custom generation-based fuzzer that identifies inconsistencies across pickle implementations
#AppSec
#Threat_Research
New Nightmare Eclipse Vulnerabilities
1⃣ YellowKey Bitlocker Bypass Vulnerability
https://github.com/Nightmare-Eclipse/YellowKey
2⃣ GreenPlasma Windows CTFMON Arbitrary Section Creation EoP Vulnerability
https://github.com/Nightmare-Eclipse/GreenPlasma
#tools
#Blue_Team_Techniques
#Purple_Team_Exercises
AiSOC v.7.2.0
https://github.com/beenuar/AiSOC
// Open-source AI-powered Security Operations Center - alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable
*$$$$ How I Turned a ‘Low Severity’ Reflected XSS into Full Admin Account Takeover: asharm.khan7/how-i-turned-a-low-severity-reflected-xss-into-full-admin-account-takeover-42ff5ab31230?source=rss------bug_bounty-5" rel="nofollow">https://medium.com/@asharm.khan7/how-i-turned-a-low-severity-reflected-xss-into-full-admin-account-takeover-42ff5ab31230?source=rss------bug_bounty-5
Читать полностью…
🚨 119GB+ Google Drive — All Paid Cybersecurity Courses 🔥
One massive collection packed with premium cybersecurity content for beginners & advanced learners alike. 💻
Inside you’ll find topics covering Ethical Hacking, Red Teaming, Networking, OSINT, Malware Analysis, Wi-Fi Security, Linux, Web Exploitation, Active Directory, Python, and much more. 🧠
Perfect for: ⚡ Self-learning & skill building
📡 Network & security enthusiasts
🛠️ Hands-on lab practice
🎯 Certification preparation
🔍 Red Team & Blue Team knowledge
🐉 Kali Linux & NetHunter users
Knowledge is power — consistency is what builds real skill. 🔐
⚠️ Educational purposes only.
Always use your knowledge ethically and legally.
Download: https://drive.google.com/drive/u/0/mobile/folders/1CgN7DE3pNRNh_4BA_zrrMLqWz6KquwuD
#CyberSecurity #EthicalHacking #Infosec #KaliLinux #RedTeam #BlueTeam #Networking #Linux #BugBounty #OSINT #Hacking #CyberAwareness #Termux #NetHunter #Tech #Programming
CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572
https://github.com/dwisiswant0/next-16.2.4-pocs
#Tech_book
#Cyber_Education
"Memory Thinking for C & C++ Windows Diagnostics", 2023.
// This full-color reference book is a part of the Accelerated C/C++ for Linux Diagnostics training course organized by Software Diagnostics Services
#Tech_book
#Kernel_Security
"Windows Internals, Seventh Edition.
Part 2. Developer Reference", 2022.
// This guide is now fully updated for Win10/8.x.
See also:
]-> Windows Internals, Part 1.
#exploit
1⃣ CVE-2026-42511:
A 21-Year-Old FreeBSD RCE Vulnerability
// Any attacker able to operate a malicious DHCP server on the same broadcast domain, or spoof one, can feed hostile lease data to the client..
2⃣ VLC Media Player MKV Exploit Analysis
// This post is part of a series on MCP-based time-travel debugging for security analysis
3⃣ Dirty Frag:
0-day Universal Linux LPE
// Dirty Frag is a case that extends the bug class to which Dirty Pipe and Copy Fail belong
// Disclaimer