Just completed a CTF challenge in #TheUltimateCloudSecurityChampionship by @Wiz_io 🥊 Put your cloud security skills to the test in this monthly series and join the competition cloudsecuritychampionship.com/certificate/cl…

The end of an era! Firefox is removing the support for executing javascript: URIs via ctrl+click, middle-click, etc. hg.mozilla.org/mozilla-centra…

I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe

🤔

REGEXSS: How .* Turned Into over $6k in Bounties Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself! sec.stealthcopter.com/regexss #BugBounty #BugBountyTips #XSS #AppSec

The Naroditsky family shares the sad news of Daniel’s unexpected passing. Daniel was a talented chess player, educator, and beloved member of the chess community. We ask for privacy as the family grieves.

Imagine a security testing agent not fully autonomous, but agentic guided by the intuition and expertise of a human tester. A fusion of automation and human judgment. The future of penetration testing isn’t replacing humans, but it's amplifying them.

okay, this is getting chaotic

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…

Morning!

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

Pi being irrational.

An incredibly awful security vulnerability just got revealed in MongoDB. So much that it got named after HeartBleed. MongoBleed is a vulnerability affecting all MongoDB versions from 2017 to... today. The exploit is simple. It's a buffer over read bug due to compression.

Scanning for CVE-2025-14847 (MongoBleed🩸) using Nuclei by ProjectDiscovery If you're running MongoDB, scan your servers now. Nuclei Template - cloud.projectdiscovery.io/library/CVE-20… Vulnerability Summary - jira.mongodb.org/browse/SERVER-… #cybersecurity #mongobleed

[446722008][reward: $100000] heap-use-after-free in content::indexed_db::Database::connections_ when force_closing_ is true crbug.com/446722008

I'm excited to finally share Chronomaly, a kernel exploit for Android and Linux kernels 5.10.x using CVE-2025-38352. As a reminder, please patch your Android devices if you haven't already! I recommend getting some 🍿 before reading this post 👀 All links in the thread below:

The dark side of auto-updates: notepad-plus-plus.org/news/hijacked-… Don't get me wrong, they are *essential* for some software, but the pendulum might have swung too far, adding risk where little risk existed before.

That’s exactly what I was referring to here. hackerone.com/blog/agentic-p… The way forward is a hybrid approach: agentic execution for scale, paired with expert validation for accountability. HackerOne