Rio on 🔥!

CVE-2025-49144: An elevation of privilege "vulnerability" Requirement: You need to execute installer as admin 🤣🤣🤣

Happy Friday! Lee Chagolla-Christensen and I are happy to announce that we have cut the release for Nemesis 2.0.0 - check out the CHANGELOG for a (brief) summary of changes, and dive into our new docs for more detail! We're extremely proud and excited for this release github.com/SpecterOps/Nem…

Session keys and passwords aplenty, here’s our deep-dive for CVE-2025-5777, aka CitrixBleed 2. Apart from the normal root-cause analysis, we’ve doubled down on actionable steps to investigate Indicators of Compromise. horizon3.ai/attack-researc…

Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) msrc.microsoft.com/update-guide/v… EoP in Microsoft PC Manager msrc.microsoft.com/update-guide/v… PoC for CVE-2025-48799: github.com/Wh04m1001/CVE-…

Fortinet released a critical patch for FortiWeb (CVE-2025-25257, CVSS 9.6). This unauthenticated SQL injection flaw allows remote code execution; update immediately! #FortiWeb #SQLInjection #Cybersecurity #WAF #Vulnerability securityonline.info/fortinet-fixes…

Come join us and learn how to attack AI platforms, model registries, training infrastructure, and backdoor models (and how to defend against these new attacks). It’s been a really hot topic with various military commands I’ve met with recently!

Another Falls! Fortinet PSIRT really needs to go out and touch grass ☠️

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

Tool release form my SteelCon talk. Nothing ground breaking but free tools are free tools github.com/two06/LinkedIn…

🌆 Good evening! We’ve officially completed the talk evaluation process and have started emailing selected speakers! 🎤 If you haven’t received an acceptance email yet, don’t worry! We’re still working through the notifications, and everyone will hear back very soon. 🙌 #BSides

This one was a fun exploit. Turning a security product against itself to gain C2 like control over all its agents. Updates have been available for a while but only now it has been disclosed. Get patching folks

🎬 The video of my talk from /ˈziːf-kɒn/ 2025 is finally out! The talk covers modern anti-phishing evasion techniques that I've come across in recent years. 🎣 I've divided the evasions into three layers, explaining how they work and how to implement them. 🛠️ Thank you & enjoy!💗

Here is the article explaining the different steps to create the Evilginx phishlet ! riskinsight-wavestone.com/en/2025/07/phi…

If you enjoyed our NachoVPN talk, this is going to be even better, I promise! Come join us in vegas for some ZTNA carnage!

That is actually the real exploit. I went through all the decoding and stuff. It finally is the payload that creates spinstall0.aspx which then gets you the machine keys that allow you to craft your own Viewstates.

🚨In the upcoming September edition of "Advanced NET Exploitation" at Cyber Saiyan | RomHack Conference, Training, Camp 2025, we'll review the SharePoint p2o Deserialization exploit that was found by the Legend Khoa Dinh himself 🔥 P.S: for the love of god, register NOW! 😅

I’m honored to be joining some amazing women in cybersecurity at the #BHUSA panel “Hacking the Status Quo”. We’ll be sharing the journey of our careers: how we got started and what’s shaped us. Bring your questions and leave with fresh perspective 😊 blackhat.com/us-25/briefing…

I'm releasing a backend for multi-agent AI systems that need to model complex non-linear problems. Kafka handles async agent communication, with ingestion plugins that route data to Neo4j, Qdrant, and MinIO. Check it out on the IBM X-Force GitHub! github.com/xforcered/Agen…

We’re excited to announce that Blerim Jahiu will be hosting a workshop at #BSidesTirana2025! Use of AI in Offensive Cybersecurity Free limited seats up to 15 attendees for each workshop, registration link: eventbrite.com/e/bsides-tiran… #BSidesTirana #securitybsides #workshop