Great to see Trend ZDI researchers Jonathan Andersson  and Thanos Kaliyanakis present their findings on EV Charger security. We heard things got a bit flammable. #Blackhat

The continued lack of basic security considerations for AI workflow tools, mcp servers, and orchestrators is disgusting... CVE-2025-59528 - RCE in Flowise - CVSS 10.

Relics of the Kaiserzeit 👑 a book on the uniforms of the Imperial German Army 🇩🇪

Wait until Department of War 🇺🇸 hear’s about the MAPP program leak and CVE-2025-53770.

CVE-2025-23298: Trend ZDI's Petrus Germanicus covers an RCE in the #NVIDIA Merlin Transformers4Rec library. He details the root cause and the patch to fix it. Finally, he highlights highlights several important lessons for the AI/ML security community. zerodayinitiative.com/blog/2025/9/23…

I uncovered a critical vuln in NVIDIA’s Transformers4Rec, allowing RCE via unsafe pickle deserialization. Read about the exploit, patch analysis, and why ML/AI deserialization vulnerabilities are still a thing in 2025! 🔐💻

Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year github.com/b1n4r1b01/n-da…

CVE-2025-59828: Be sure to update your claude-code installs! Bypass of the directory trust dialog. Anthropic github.com/anthropics/cla…

Real G's use ArchLinux Arch Linux Memes

I created a PoC for CVE-2025-10725 - Red Hat Openshift AI Service - Patch this ASAP! bugzilla.redhat.com/show_bug.cgi?i…

Das Schöne Ostpreußen 🌲🦌 neighborhood of Immanuel Kant and many descendants of expelled Germans 🇩🇪

[ZDI-25-930|CVE-2025-11202] win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus (Petrus Germanicus) of Trend Research) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-932|CVE-2025-11200] MLflow Weak Password Requirements Authentication Bypass Vulnerability (CVSS 8.1; Credit: Peter Girnus (Petrus Germanicus) of Trend Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

Finished writing the blog post. I'll link it below. I left out the bug that ZDI rejected from the post, as it's still an unpatched 0-day (I did add some details about it though😉). It never got reported to Oracle at the time due to the rejection. Link below in the reply tweet!

Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution. zerodayinitiative.com/blog/2025/10/6…

🔥 Curious how we exploited CVE-2025-49844 (RediShell)? From a 2-bit reset to 0-click RCE. Come see me at Hexacon 2025 - Paris, where I’ll share in-depth technical details on the exploitation. See you on Friday 👋 #Redis #Security #RediShell Hexacon

Exactly, you assigned a CVE to a vulnerability. Downplaying a CVE and calling it merely and issue is at best disingenuous and worst outright manipulative.