TL cleanse

good idea! you should definetly handle user input with this too! so convenient

👀👀👀

What the pentest readout looks like when the consultants and the blue team are arguing about the severity of the TLS weak cipher suites finding (meanwhile the out of scope Apache tomcat server has default creds)

“My wife complains that open office will never print on Tuesdays” A bizarre sentence; which kicked off one of the most interesting bug hunts in Ubuntu’s history. It all starts with some goofy pattern matching.

Open-source Android app turning your device into an SMS gateway for sending SMSvia API or dashboard

TIL pwndbg has an AI command pwndbg.readthedocs.io/en/latest/comm…

I’ve been a vocal critic of AI developments – in 2023 I still dismissed a lot of the hype. Last year, I stayed mostly silent. Not because I agreed, but because I started seeing signs that impressed me. This year, after what we’ve built and tested internally across several areas,

:(

I was trying to make a goat (purposely vulnerable) web app in cursor - and it was actually difficult to get it to introduce vulns. It’s easy to jokingly shit on LLM coding and say it’s insecure; but by default it’s quite impressive how it considers secure defaults and fights

ok ok fine, for old time's sake haxx.in/files/limit-yo…

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

I wanted to end last year with a vm escape, took me a bit longer but I want to present you my latest public research: A VM escape in Oracle VirtualBox using only one integer overflow bug! This was fixed in April 15 and assigned CVE-2025-30712. github.com/google/securit…

🚨 New unauthenticated #RCE module for vBulletin 5.1.0-6.0.3 landed in Metasploit! No CVE assigned, but credit to Egidio Romano (EgiX) for the original write-up: karmainsecurity.com/dont-call-that… 🔗 PR: github.com/rapid7/metaspl…

instructions uncleared just rooted my friends

Don't use structured output mode for reasoning tasks. We’re open sourcing Osmosis-Structure-0.6B: an extremely small model that can turn any unstructured data into any format (e.g. JSON schema). Use it with any model - download and blog below!

My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc FearsOff Cybersecurity

🚀 Huge thanks to Charles Fol for the threading PR. Lightyear is now faster than ever! We truly appreciate continued contributions. If you haven’t yet, give lightyear a try and see the difference yourself! #opensource #lightyear #performance #php #pentest #infosec #cybersecurity