home.social

#vulnerabilityresearch — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vulnerabilityresearch, aggregated by home.social.

  1. FreeBSD 15.1-RC1 is out — and one detail stands out: the release notes mention AI-discovered security issues being patched.

    AI-assisted fuzzing and vulnerability discovery is quietly becoming part of the release pipeline. Worth watching how this shifts the baseline for what gets caught before shipping.

    #FreeBSD #infosec #VulnerabilityResearch
    phoronix.com/news/FreeBSD-15.1

  2. Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin

    In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a…

    osintsights.com/security-resea

    #ZeroDay #Pwn2ownBerlin #VulnerabilityResearch #ExploitDevelopment #Trendai

  3. Security Flaws Exposed in Popular Database Projects' MCP Servers

    Critical security flaws have been uncovered in MCP servers used by popular analytics databases, leaving them vulnerable to risks like SQL injection and full database takeover due to faulty validation and authentication processes. These defects, discovered by Akamai security analyst Tomer Peled, highlight a…

    osintsights.com/security-flaws

    #VulnerabilityResearch #McpServers #DatabaseSecurity #AiApplications #ModelContextProtocol

  4. Day 5 — CSRF Token Bypass using GET Request
    This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearch

    smartpicks4u.medium.com/day-5-

  5. Day 5 — CSRF Token Bypass using GET Request
    This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearch

    smartpicks4u.medium.com/day-5-

  6. "It's just dev mode."

    PTT-2025-028 / CVE-2026-30461 disagrees. Any authenticated user on a FuelCMS dev instance can drop a PHP shell via git submodule and call it from the browser. One HTTP request. Full RCE. CVSS 8.8 High.

    No patch coming. Project's been dormant for almost 4 years.
    Found by Raul Bledea and Matei "Mal" Bădănoiu.

    Full PoC: pentest-tools.com/research

    #offensivesecurity #vulnerabilityresearch

  7. 🏴‍☠️ Least privilege? FuelCMS didn't get the memo.

    Any authenticated user (regardless of role) can call the Blocks module endpoint. Pair that with PTT-2025-026 and a low privilege (one could even say zero-permission) account becomes full RCE. CVSSv3 goes from 5.4 to 8.8 faster than you can say "access denied."

    No patch. ~4 years of unmaintained software. You know the drill.

    Matei "Mal" Bădănoiu and Raul Bledea found the gap. Full PoC can be found in our Offensive Security Research Hub: pentest-tools.com/research

    #offensivesecurity #vulnerabilityresearch #infosec #RCE

  8. "In a post-attention-scarcity world, successful exploit developers won’t carefully pick where to aim. They’ll just aim at everything. Operating systems. Databases. Routers. Printers. These kinds of targets run everywhere, including in every regional bank and hospital chain in North America. To patch them, someone has to get in a car, drive somewhere inconvenient, and push a physical button.

    These weak points were priced into everyone’s cost of doing business. If a criminal exploits one, they win a ransomware heist. But lucrative as ransomware is, it’s not the jackpot earned from a reliable Chrome drive-by. So elite talent doesn’t bother. That load-bearing bit of risk analysis is built into every IT shop in North America. It no longer holds.

    Now consider the poor open source developers who, for the last 18 months, have complained about a torrent of slop vulnerability reports. I’d had mixed sympathies, but the complaints were at least empirically correct. That could change real fast. The new models find real stuff. Forget the slop; will projects be able to keep up with a steady feed of verified, reproducible, reliably-exploitable sev:hi vulnerabilities? That’s what’s coming down the pipe.

    Everything is up in the air. The industry is sold on memory-safe software, but the shift is slow going. We’ve bought time with sandboxing and attack surface restriction. How well will these countermeasures hold up? A 4 layer system of sandboxes, kernels, hypervisors, and IPC schemes are, to an agent, an iterated version of the same problem. Agents will generate full-chain exploits, and they will do so soon.

    Meanwhile, no defense looks flimsier now than closed source code. Reversing was already mostly a speed-bump even for entry-level teams, who lift binaries into IR or decompile them all the way back to source."

    sockpuppet.org/blog/2026/03/30

    #CyberSecurity #VulnerabilityResearch #AI #LLMs #VibeCoding #Programming #SoftwareDevelopment

  9. #AIcodingagents will soon drastically change the landscape of #vulnerabilityresearch, making it easier to find high-impact vulnerabilities. This shift, driven by the capabilities of frontier models, will lead to a surge in #exploitablevulnerabilities, impacting everything from operating systems to IoT devices. sockpuppet.org/blog/2026/03/30 #tech #media #news

  10. #AIcodingagents will soon drastically change the landscape of #vulnerabilityresearch, making it easier to find high-impact vulnerabilities. This shift, driven by the capabilities of frontier models, will lead to a surge in #exploitablevulnerabilities, impacting everything from operating systems to IoT devices. sockpuppet.org/blog/2026/03/30 #tech #media #news

  11. #AIcodingagents will soon drastically change the landscape of #vulnerabilityresearch, making it easier to find high-impact vulnerabilities. This shift, driven by the capabilities of frontier models, will lead to a surge in #exploitablevulnerabilities, impacting everything from operating systems to IoT devices. sockpuppet.org/blog/2026/03/30 #tech #media #news

  12. One does not simply exfiltrate a reset token using an email array.

    And yet, Frodo (Matei "Mal" Bădănoiu) and Samwise (Raul Bledea) from Pentest-Tools.com did exactly that in FuelCMS.

    Know someone's email? That's enough. Slip your address alongside theirs in a “forgot password” request and the token lands in your inbox. Their account is yours. You shall not (safely) parse!🧙

    Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍

    Full PoC here: pentest-tools.com/research

    #offensivesecurity #vulnerabilityresearch #infosec #accounttakeover

  13. ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.

    Project page: wordpress.org/plugins/content- Project footprint: 2,000+ active installations on WordPress.org.

    The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.

    ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.

    Full report: blog.zast.ai/vulnerability%20r

    @wordfence @[email protected] @[email protected]

    #ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity

  14. ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.

    Project page: wordpress.org/plugins/content- Project footprint: 2,000+ active installations on WordPress.org.

    The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.

    ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.

    Full report: blog.zast.ai/vulnerability%20r

    @wordfence @[email protected] @[email protected]

    #ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity

  15. ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.

    Project page: wordpress.org/plugins/content- Project footprint: 2,000+ active installations on WordPress.org.

    The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.

    ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.

    Full report: blog.zast.ai/vulnerability%20r

    @wordfence @[email protected] @[email protected]

    #ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity

  16. ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.

    Project page: wordpress.org/plugins/content- Project footprint: 2,000+ active installations on WordPress.org.

    The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.

    ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.

    Full report: blog.zast.ai/vulnerability%20r

    @wordfence @[email protected] @[email protected]

    #ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity

  17. ZAST engine has identified and verified CVE-2026-1829 in Content Visibility for Divi Builder 4.01, along with one additional verified vulnerability in the same plugin.

    Project page: wordpress.org/plugins/content- Project footprint: 2,000+ active installations on WordPress.org.

    The critical issue is a code-execution path where user-controlled visibility expressions reach eval() through multiple application features. This is a representative example of why security teams need autonomous verification: dangerous APIs alone do not define risk. Reachability, privilege boundaries, and runtime behavior do.

    ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps enterprise teams prioritize remediation on verified issues.

    Full report: blog.zast.ai/vulnerability%20r

    @wordfence @[email protected] @[email protected]

    #ApplicationSecurity #WordPressSecurity #AppSec #VulnerabilityResearch #AIForSecurity

  18. 🏴‍☠️ One backslash. Full RCE. That's PTT-2025-026 in a nutshell. Discovered by our Pentest-Tools.com team

    FuelCMS uses Dwoo to keep PHP code out of templates. Turns out, it forgot about “\”.

    Escape the string. Inject the code. Own the server.

    CVSSv3 8.8 High or 9.8 Critical if you chain it with our previous FuelCMS finding (PTT-2025-025 - unauthenticated account takeover). No patch coming either. The project's been on fumes for almost 4 years.

    Our colleagues Matei "Mal" Bădănoiu and Raul Bledea did the digging. Full PoC and exploit is added here: pentest-tools.com/research

    #offensivesecurity #vulnerabilityresearch #infosec

  19. Forgot your password? No worries, we attackers can reset even the admin's. 🔑

    PTT-2025-030: Matei "Mal" Bădănoiu and Raul Bledea from our team found SQL injection hiding inside the password reset flow of FuelCMS v1.5.2.

    The parameters meant to verify your reset token and email? Both injectable.

    So a valid reset token becomes a master key to:
    🗄️ Dump the entire database
    🔑 Reset any account's password, not just yours
    ✍️ Modify or delete content across the site as the admin

    CVSS: 7.7 High. No fix is coming, the FuelCMS master branch hasn't seen a commit in ~4 years. We emailed the vendor. They're as quiet as an unmonitored server at 3am.

    See the full technical breakdown in the comments. 👇

    #offensivesecurity #vulnerabilityresearch #infosec

  20. Most research write-ups stop at the "what." We’re documenting the "how".

    The new Research Hub at Pentest-Tools.com (led by Matei Badanoiu) shares the full discovery path, from initial anomalous behavior to functional exploit chains.

    We’re prioritizing technical logic and field constraints over sanitized summaries to help the hacker community sharpen their methodology.

    Full path to discovery: pentest-tools.com/research

    #infosec #vulnerabilityresearch

  21. Seven bugs. One unauthenticated RCE chain. Zero clicks.

    This original research by our offensive security team into FuelCMS (v1.5.2) uncovered seven new vulnerabilities. By chaining some of them, we achieved Remote Code Execution (RCE).

    The root causes? A *12-year-old Dwoo templating engine* and *outdated CodeIgniter3 code* still lurking in production systems.

    The exploit chain combines:

    🔓 Account takeover (PTT-2025-025): reset password tokens leaked by sending them to the attacker's inbox

    💉 SQL injection (PTT-2025-030): usernames extracted during password reset (optional step)

    ⚡ PHP code execution (PTT-2025-026): unsanitized backslashes in the Dwoo parser resulting in RAW PHP CODE EXECUTION

    Result: full web app compromise.

    We published the full exploit chain on our blogpost so practitioners can reproduce and validate the findings. Read the detailed research here: pentest-tools.com/blog/throwin

    Many thanks to Matei Badanoiu, Raul Bledea and Eusebiu Boghici for their contributions.

    #offensivesecurity #vulnerabilityresearch #pentesting #infosec

    Out of curiosity: how often do you still run into 10+ year-old libraries during engagements?

  22. We just launched the Offensive Security Research Hub on Pentest-Tools.com!
    This isn’t a CVE recap page.

    Our #offensivesecurity team - led by Matei Badanoiu (CVE Jesus) - publishes original research: newly discovered vulnerabilities, deep technical write-ups, and full exploit chains built from real-world investigation.

    You’ll see:

    🛠️ Working PoCs and reproducible exploit paths

    🧠 The exact reasoning that turned strange behavior into confirmed impact

    ⚖️ Field-tested analysis of edge cases, constraints, and trade-offs

    No summaries. No recycled advisories.

    This is practitioner-grade research from people who _actively_ hunt and validate vulnerabilities.

    If you want to understand how experienced attackers approach complex targets, start here.

    Bookmark this link, we're going to update it frequently with new learnings: pentest-tools.com/research

    #vulnerabilityresearch #ethicalhacking #infosec

  23. Just shipped updates for rhabdomancer, haruspex, and augur. Now compatible with @HexRaysSA IDA 9.3 and @xorpse's idalib-rs 8.0.

    These headless #IDA plugins are built for #VulnerabilityResearch workflows where you want IDA's power without the GUI. This release brings a bunch of small improvements and bug fixes.

    hnsecurity.it/blog/streamlinin

  24. If Claude Can Find serious cybersecurity Bug, Who Collects the Bounty?

    Bug bounty programs vs. $20/month reasoning — when the brutal question becomes: why pay five-figure bounties if a Claude Code subscription already finds entire classes of bugs? #BugBounty #VulnerabilityResearch #OffSec #AppSec #Infosec #AI #LLM #SecurityResearch #CyberSecurity red.anthropic.com/2026/zero-da

  25. CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

    The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

    This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

    Source: thehackernews.com/2026/02/cisa

    Community insight welcome.
    Follow TechNadu for ongoing vulnerability and threat intelligence updates.

    #Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

  26. CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

    The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

    This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

    Source: thehackernews.com/2026/02/cisa

    Community insight welcome.
    Follow TechNadu for ongoing vulnerability and threat intelligence updates.

    #Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

  27. CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

    The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

    This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

    Source: thehackernews.com/2026/02/cisa

    Community insight welcome.
    Follow TechNadu for ongoing vulnerability and threat intelligence updates.

    #Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

  28. CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

    The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

    This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

    Source: thehackernews.com/2026/02/cisa

    Community insight welcome.
    Follow TechNadu for ongoing vulnerability and threat intelligence updates.

    #Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

  29. It was interesting to read up on the AI assisted code review at lesswrong.com/posts/7aJwgbMEiK

    For context: I'm personally responsible for at least 29 curl CVEs. Out of the recent 6 CVEs mentioned in the blog post I found two. This gives me some perspective, I think.

    I do not utilise AI tools in my vulnerability research. I am also fiercely critical of harmful proliferation of AI. This is due to the unsustainable way it is currently pushed, and use of as marketing ploy and gimmick rather than producing measurable benefit to users. This leads to negative impacts on economy, education & learning, not to mention impacts to nature due to wasteful use of energy.

    This doesn't mean I am against AI. I have written by own AI tooling (fully local RAG with support for arbitrary number of models running on local nodes, implemented in python). I found the usefulness of such tool to be limited at best. It is somewhat useful in mass analysis of large document bases, but the level of analysis is superficial at best. These AI models are after all just language models, and do not have any true understanding or intelligence.

    And here is the gist of it: The current tools are not intelligent. Understanding this limitation is the key of successful deployment and utilisation of AI tools. The tools can be useful in certain tasks, but they do not replace true intelligence.

    The AI tooling AISLE are developing certainly is one of the better uses of AI, and definitely surpasses all my personal dabbling around it. It is clear that the tool does find vulnerabilities. The key question is how much hallucinations and false positives it produces: If the tool generates thousands of FPs and the true findings are hidden among them this limits the value and usefulness of the tool (of course it doesn't entirely negate it, many tools produce false positives). In short: The quality of the findings is key, and poor signal-to-noise ratio is highly undesirable.

    Either way, I think there is a future for AI tools and they definitely will be helpful in vulnerability research.

    I personally will keep exercising my wetware for this work, however.

    #cybersecurity #infosec #vulnerabilityresearch #thoughtoftheday

  30. Critical vulnerabilities were disclosed in InputPlumber affecting Linux systems, including SteamOS.

    Impact highlights:
    • Insufficient D-Bus authorization
    • Potential keystroke injection via virtual devices
    • Local denial-of-service and information exposure

    The fixes emphasize secure Polkit usage, systemd hardening, and proper privilege boundaries.

    Share insights and follow @technadu for vendor-neutral security reporting.

    #InfoSec #LinuxHardening #VulnerabilityResearch #Polkit #D-Bus #OpenSourceSecurity

  31. Critical vulnerabilities were disclosed in InputPlumber affecting Linux systems, including SteamOS.

    Impact highlights:
    • Insufficient D-Bus authorization
    • Potential keystroke injection via virtual devices
    • Local denial-of-service and information exposure

    The fixes emphasize secure Polkit usage, systemd hardening, and proper privilege boundaries.

    Share insights and follow @technadu for vendor-neutral security reporting.

    #InfoSec #LinuxHardening #VulnerabilityResearch #Polkit #D-Bus #OpenSourceSecurity

  32. Critical vulnerabilities were disclosed in InputPlumber affecting Linux systems, including SteamOS.

    Impact highlights:
    • Insufficient D-Bus authorization
    • Potential keystroke injection via virtual devices
    • Local denial-of-service and information exposure

    The fixes emphasize secure Polkit usage, systemd hardening, and proper privilege boundaries.

    Share insights and follow @technadu for vendor-neutral security reporting.

    #InfoSec #LinuxHardening #VulnerabilityResearch #Polkit #D-Bus #OpenSourceSecurity

  33. Critical vulnerabilities were disclosed in InputPlumber affecting Linux systems, including SteamOS.

    Impact highlights:
    • Insufficient D-Bus authorization
    • Potential keystroke injection via virtual devices
    • Local denial-of-service and information exposure

    The fixes emphasize secure Polkit usage, systemd hardening, and proper privilege boundaries.

    Share insights and follow @technadu for vendor-neutral security reporting.

    #InfoSec #LinuxHardening #VulnerabilityResearch #Polkit #D-Bus #OpenSourceSecurity

  34. #curl 8.18.0 has been released. This release fixes 2 medium and 4 low level vulnerabilities:
    - CVE-2025-13034: No QUIC certificate pinning with GnuTLS curl.se/docs/CVE-2025-13034.ht
    - CVE-2025-14017: broken TLS options for threaded LDAPS curl.se/docs/CVE-2025-14017.ht
    - CVE-2025-14524: bearer token leak on cross-protocol redirect curl.se/docs/CVE-2025-14524.ht
    - CVE-2025-14819: OpenSSL partial chain store policy bypass curl.se/docs/CVE-2025-14819.ht
    - CVE-2025-15079: libssh global knownhost override curl.se/docs/CVE-2025-15079.ht
    - CVE-2025-15224: libssh key passphrase bypass without agent set curl.se/docs/CVE-2025-15224.ht

    I discovered the last 2 vulnerabilities.

    Download curl 8.18.0 from curl.se/download.html

    #vulnerabilityresearch #vulnerability #cybersecurity #infosec

  35. I for sure am old and grumpy here, but this "technical breakdown" is not helping. If you can't give actual technical breakdown (there are reasons for this of course) maybe just mention that. Just don't make up some "execute_payload()" that is misleading.

    #vulnerabilityresearch #CVE_2025_48593

  36. 56 zero-days exploited for $790K on Pwn2Own Day 2. Hackers used mind-blowing techniques to expose vulnerabilities in trusted software—proof that our digital defenses are under constant siege. Curious about the tactics that shook the cybersecurity world?

    thedefendopsdiaries.com/pwn2ow

    #pwn2own
    #zeroday
    #ethicalhacking
    #cybersecurity
    #vulnerabilityresearch

  37. 🎤 NightmareFactory drops at #DefCamp 2025 😱
    Live from Bucharest, on Nov 13–14.

    After digging into Odoo, Gitea, and FileCloud in 2024, Matei Badanoiu and Catalin Iovita from our team at Pentest-Tools.com leveled up their 0-day hunting game.

    🚨 In 2025 alone:
    🧩 they reported ~15 new 0-days
    ⚙️ Built fresh vulnerability chains
    💥 And got one-click RCE from seemingly “low” bugs

    Their talk breaks down:
    🔍 How the team evolved their approach
    🧠 Why chaining bugs changes the impact game
    🚀 What they learned about turning niche findings into real-world exploitation paths

    If you’re into #offensivesecurity, vuln research, or just love a good “wait… that worked?!” moment →

    📍 Don’t miss NightmareFactory at DefCamp! --> def.camp/

    #vulnerabilityresearch #cybersecurity #infosec