The current version of RAGFlow (0.24) contains an unpatched vulnerability that allows low-privilege authenticated attackers to execute arbitrary code. Blog: zeropath.com/blog/ragflow-r… POC: github.com/ZeroPathAI/rag… Video Walkthrough: youtube.com/watch?v=1F-27C…

Unpatched post-auth RCE in the latest version of RAGFlow. Blog: zeropath.com/blog/ragflow-r… POC: github.com/ZeroPathAI/rag… Video walkthrough: youtu.be/1F-27CIlpgE

MAD Bugs: Codex Hacked a Samsung TV We gave Codex a foothold. It popped a root shell. open.substack.com/pub/calif/p/co…

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew. github.com/Nightmare-Ecli…

Has anyone else noticed Claude Code is refusing a lot more security research prompts over the past week or so? I'm wondering if they tightened the guardrails because of all the mythos hype. It seems like it's especially hesitant to assist with exploit development.

Rather than just relying on qualitative AI review of PRs, Meta has LLMs produce just in time unit tests via a structured approach they outline in this paper. Exciting stuff! QA that keeps up with the pace of LLM powered development. engineering.fb.com/2026/02/11/dev…

transformer-circuits.pub/2026/emotions/… LLMs seem to have internal analogs of human emotional states. Input that would produce anger in a human activates one pattern in the model, while input that would produce excitement activates another and so on. Furthermore, these internal states seem to

I just published two 10.0 severity Spinnaker vulns that allow code execution and pivoting into source control and production environments! zeropath.com/blog/spinnaker… (CVE-2026-32604 and CVE-2026-32613) These issues demonstrate the importance of zero trust architectures and

🚨Alert🚨 CVE-2026-32604(CVSS 10.0) &CVE-2026-32613(CVSS 10.0): The RCE Flaws Threatening Spinnaker Pipelines. 🧐Detail :zeropath.com/blog/spinnaker… 📊 2.2K Services are found on the hunter.how yearly. 🔗Hunter Link:hunter.how/list?searchVal… 👇Query HUNTER :

Walkthrough: exploiting ZeroPath's new critical severity Spinnaker vulns for code execution and production environment access. (CVE-2026-32604 and CVE-2026-32613) youtu.be/ma-00ggxSp4

youtu.be/ma-00ggxSp4 Hands on video walkthrough: Exploiting the new critical Spinnaker vulns for RCE and credential theft. (CVE-2026-32604 and CVE-2026-32613) Includes POCs and script to stand up your own lab environment

Here's a cool trick for y'all looking to create new Nuclei templates for exploitable CVEs! Using CVEmap you can get a list of CVEs with public proofs of concept, that have been marked as exploitable by CISA, are remotely exploitable AND don't have a Nuclei template (yet)!

We achieved Remote Code Execution on GitHub - and got access to millions of repositories belonging to other users and organizations 🤯 All it took was a single `git push` Here's how we did it (CVE-2026-3854) 🧵⬇️

CVE-2026-42167, a high severity vuln in ProFTPD I discovered, was just published today! Attackers can use it to bypass auth and even execute arbitrary code in some cases. Check out my write up for full technical details, including a working POC! zeropath.com/blog/proftpd-c…

Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵

Where the goblins in the GPT system prompt came from... "Starting with GPT‑5.1, our models began developing a strange habit: they increasingly mentioned goblins, gremlins, and other creatures in their metaphors." 😂 openai.com/index/where-th…

This has been my experience ai vuln finding as well. The quality of the harness makes all the difference. I even benchmarked vanilla Opus 4.6 -- results were not impressive. (zeropath.com/blog/benchmark…) They need us human researchers for a little longer at least :-/.

Long term , I think the current AI-powered vulnerability glut eventually turns into an AI-powered vulnerability drought. Historical stuff gets mined out and better code analysis tools reduce new easily-detectable bugs, even as code volume continues to increase. If you can