Credits: Ryan M is the author (make sure to follow) Write up: icode4.coffee/?p=954

1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…

The post is finally live! Join me for an in-depth analysis of CVE-2023-22098, which was discovered by the outstanding Andy Nguyen . We'll break down the vuln, explore some virtio-net internals, set up a debugging environment, and develop a reliable PoC to escape VirtualBox. Enjoy!

What a terrible way to hide a backdoor. There are only two lines of code changed and one is the backdoor. Are they even trying??

#UniCTFMemeThis Hack The Box

And we've got a winner 🏆 Congratulations to ooɹǝǝʌɐɔ for the winning meme! The team will be in touch soon to award you your VIP+ Annual subscription. 👀 Stay tuned for the next #UniversityCTF24 challenge this Friday.

How the NSA (Equation Group) allegedly hacked into China's Polytechnical University 👀 I analysed intelligence reports from Chinese cyber firms (360, Pangu, CVERC) to aggregate TTPs attributed to Equation Group. 🔗inversecos.com/2025/02/an-ins…

This is a guide on how to communicate securely, practicing good OPSEC and COMSEC. It is written for PGP but the same core principles apply for Signal. Or any communication that needs to be secure. gist.github.com/grugq/03167bed…

🧵 1/3 I usually need facial verification for OSINT investigations, and almost every free service forces you to create an account. So, I started exploring open source tech and discovered DeepFace - but it had no UI. Problem solved: github.com/GONZOsint/deep…

Me complace anunciar el lanzamiento de Cybersecurity AI (CAI), un framework open source de agentes autónomos diseñado para abordar escenarios y ejercicios de ciberseguridad. Junto a este framework, publicamos el paper: 📄:“CAI, a bug bounty-ready Cybersecurity AI”, 🧬:

Daniel 🐪 Cloudflare Didn't know Spain had Internet siesta!

Cisne A huge percentage of the Internet sits behind us, including small businesses and emergency resources in Spain. We've always been happy and willing to work with rights holders in conjunction with judicial bodies to protect their content. We have a clear process that works around

This is the 3rd instance now of an AI product actually be Indians

"XBOW reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS." 😲😲😲

We became an admin in the Fédération Internationale de l'Automobile's driver categorisation system, which allowed us to access the PII and password hashes of any rated driver, including Max Verstappen. 🏎️ ian.sh/fia

the watchers: how openai, the US government, and persona have been secretly running an identity surveillance system since nov 2023. vmfunc.re/blog/persona researched by celeste, MDL, Dziurwa

𝒙𝒊𝒂 🪼 Anthropic Because the patches appear to be written by humans

Perhaps the sharpest article I've read in a while on the current (and future) state of cybersecurity. "We've been shielded from exploits not only by soundly engineered countermeasures but also by a scarcity of elite attention" ~ Thomas H. Ptacek Brace for impact. sockpuppet.org/blog/2026/03/3…